Low-Cost Mitigation Against Cold Boot Attacks for an Authentication Token

Abstract

Hardware tokens for user authentication need a secure and usable mechanism to lock them when not in use. The Pico academic project proposes an authentication token unlocked by the proximity of simpler wearable devices that provide shares of the token's master key. This method, however, is vulnerable to a cold boot attack: an adver-sary who captures a running Pico could extract the master key from its RAM and steal all of the user's credentials. We present a cryptographic countermeasure—bivariate secret sharing—that protects all the creden-tials except the one in use at that time, even if the token is captured while it is on. Remarkably, our key storage costs for the wearables that sup-ply the cryptographic shares are very modest (256 bits) and remain con-stant even if the token holds thousands of credentials. Although bivariate secret sharing has been used before in slightly different ways, our scheme is leaner and more efficient and achieves a new property—cold boot pro-tection. We validated the efficacy of our design by implementing it on a commercial Bluetooth Low Energy development board and measuring its latency and energy consumption. For reasonable choices of latency and security parameters, a standard CR2032 button-cell battery can power our prototype for 5–7 months, and we demonstrate a simple enhancement that could make the same battery last for over 9 months.