How does Symantec Endpoint Encryption (SEE) 11.x and Symantec Encryption Desktop (SED) 10.x protect against the "Cold Boot" attack and how can end users better protect themselves?
Synopsis: The "Cold Boot" attack is a way to obtain data from stale memory by using the basic characteristics of DRAM/SRAM found in all PCs. The data obtained can include keys, passwords, etc. and can be used to breach the security of software-based Disk Encryption (DE) . A method to achieve this was first published by Princeton University researchers in February 2008. Enhancements to the initial attack were published in subsequent years including 2018 that combat some of the countermeasures deployed by hardware and security vendors.
Historical Reference: Specific Protection against the "Cold Boot" or Princeton class of attack was added to Symantec Endpoint Encryption (SEE) since SEE Full Disk v7.0. This protection was optional, but is enabled by default. This protection ensures that cryptographic key information cannot be retrieved from RAM after shutdown or hibernation.
Symantec Endpoint Encryption version 8.x AES symmetric keys are never loaded into memory until the user authentication step is completed. This is a required step when the machine is either coming out of hibernation or being booted from a shut down or cold state. Even if the Symantec Endpoint keys are accessed in memory, a unique AES initialization vector still needs to be created to encrypt or decrypt each sector of the disk. Because of this, the attacker would need to figure out the seeding algorithm and key expansion methodology to recover data from the disk – making compromise of the Symantec Endpoint 8.x product highly unlikely.
Current Encryption Products and Countermeasures: Symantec Endpoint Encryption 11 and Symantec Encryption Desktop 10 include the following countermeasures against the "Cold Boot" or Princeton class of attacks. These countermeasures are always enabled by default and do not need any additional policy changes:
The Disk Encryption keys are not loaded into memory until the user authentication step has been completed. This step is required when the machine is either coming out of hibernation or being booted from a shut down or cold state.
The in-memory instances of Disk Encryption keys and passwords are kept to a minimum and are securely wiped when they are no longer required.
Note that while the above countermeasures improve the overall security, they do not provide complete protection against physical cold boot attacks where the attacker opens the case and attacks the hardware.
As an extra precaution, Symantec recommends security administrators perform the following steps to limit the attack surface:
Disable the “standby” function on PCs so all machines are powered down when they are turned “off” (either via “shut down” or “hibernate” in Windows parlance).
Enable Secure Boot on UEFI machines to ensure that the machine boots up using trusted software.
Restrict the ability to boot from removable media by taking steps such as requiring an administrative password to change the boot sequence in BIOS to allow boot from sources other than primary drive.
Use machines with BIOS that tests and initializes the memory through “power on self test”.
Physically secure DRAM to the machine to make it difficult to remove quickly and without damage.
Do not leave machines unattended, accessible to others, etc.
Always deploy the latest version of the encryption software.
Never disable Pre-Boot Authentication permanently unless physical protection of the device is assured. Given the complexity of today's threat landscape, Symantec urges our customers to enable Pre-Boot Authentication to ensure maximum security.