Low-Cost Mitigation Against Cold Boot Attacks for an Authentication Token

  • Ian Goldberg
  • Graeme JenkinsonEmail author
  • Frank Stajano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)


Hardware tokens for user authentication need a secure and usable mechanism to lock them when not in use. The Pico academic project proposes an authentication token unlocked by the proximity of simpler wearable devices that provide shares of the token’s master key. This method, however, is vulnerable to a cold boot attack: an adversary who captures a running Pico could extract the master key from its RAM and steal all of the user’s credentials. We present a cryptographic countermeasure—bivariate secret sharing—that protects all the credentials except the one in use at that time, even if the token is captured while it is on. Remarkably, our key storage costs for the wearables that supply the cryptographic shares are very modest (256 bits) and remain constant even if the token holds thousands of credentials. Although bivariate secret sharing has been used before in slightly different ways, our scheme is leaner and more efficient and achieves a new property—cold boot protection. We validated the efficacy of our design by implementing it on a commercial Bluetooth Low Energy development board and measuring its latency and energy consumption. For reasonable choices of latency and security parameters, a standard CR2032 button-cell battery can power our prototype for 5–7 months, and we demonstrate a simple enhancement that could make the same battery last for over 9 months.


Hardware authentication token Cold boot attack Memory remanence Bivariate secret sharing Bluetooth low energy 



We thank Rob Harle for his advice on selecting a Bluetooth Low Energy development platform. We thank David Llewellyn-Jones for insightful comments on the comparative security of our scheme with respect to related work. Jenkinson and Stajano thank the European Research Council for funding this research through grant StG 307224 (Pico). Goldberg thanks NSERC for grant RGPIN-341529.


  1. 1.
    FIDO Alliance: FIDO UAF complete specifications FINAL 1.0, December 2014Google Scholar
  2. 2.
    Stajano, F.: Pico: no more passwords!. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols XIX. LNCS, vol. 7114, pp. 49–81. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Desmedt, Y., Burmester, M., Safavi-Naini, R., Wang, H.: Threshold Things That Think (T4): Security requirements to cope with theft of handheld/handless internet devices. In: Proceedings of Symposium on Requirements Engineering for Information Security (2001)Google Scholar
  4. 4.
    Corner, M.D., Noble, B.D.: Zero-interaction authentication. In: Proceedings of ACM MobiCom 2002, pp. 1–11, 23–28 September 2002Google Scholar
  5. 5.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)CrossRefGoogle Scholar
  6. 6.
    Stafford-Fraser, Q., Stajano, F., Warrington, C., Jenkinson, G., Spencer, M., Payne, J.: To have and have not: Variations on secret sharing to model user presence. In: Proceedings of UPSIDE workshop of UBICOMP 2014, September 2014Google Scholar
  7. 7.
    Stajano, F., Christianson, B., Lomas, M., Jenkinson, G., Payne, J., Spencer, M., Stafford-Fraser, Q.: Pico without public keys. In: Christianson, B., Švenda, P., Matyáš, V., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 195–211. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26096-9_21 CrossRefGoogle Scholar
  8. 8.
    Stannard, O., Stajano, F.: Am I in good company? A privacy-protecting protocol for cooperating ubiquitous computing devices. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2012. LNCS, vol. 7622, pp. 223–230. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of IEEE SECURECOMM 2005, pp. 67–73. IEEE Computer Society, Washington, DC (2005)Google Scholar
  10. 10.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Krause, F.M.A.: Designing Secure & Usable Picosiblings: An exploration of potential pairing mechanisms. Master’s thesis, Wolfson College, University of Cambridge (2014)Google Scholar
  13. 13.
    Müller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: 20th USENIX Security Symposium, USENIX (2011)Google Scholar
  14. 14.
    Gomez, C., Oller, J., Paradells, J.: Overview and evaluation of bluetooth low energy: an emerging low-power wireless technology. Sensors 12(9), 11734–11753 (2012)CrossRefGoogle Scholar
  15. 15.
    MacKenzie, C.M., Laskey, K., McCabe, F., Brown, P.F., Metz, R., Hamilton, B.A.: Reference model for service oriented architecture 1.0. OASIS Standard (2006)Google Scholar
  16. 16.
    Ryan, M.: Bluetooth: with low energy comes low security. In: 7th USENIX Workshop on Offensive Technologies, Berkeley, CA, USENIX (2013)Google Scholar
  17. 17.
    Stajano, F., Jenkinson, G., Payne, J., Spencer, M., Stafford-Fraser, Q., Warrington, C.: Bootstrapping adoption of the pico password replacement system. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 172–186. Springer, Heidelberg (2014)Google Scholar
  18. 18.
    Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 553–567. IEEE Computer Society, Washington, DC (2012)Google Scholar
  19. 19.
    Kamath, S., Lindh, J.: Measuring Bluetooth Low Energy Power Consumption. Texas Instruments application note AN092, Dallas (2010)Google Scholar
  20. 20.
    Heydon, R.: Bluetooth Low Energy The Developer’s Handbook. Prentice Hall, Upper Saddle River (2013)Google Scholar
  21. 21.
    Sasse, M.A., Steves, M., Krol, K., Chisnell, D.: The great authentication fatigue – and how to overcome it. In: Rau, P.L.P. (ed.) CCD 2014. LNCS, vol. 8528, pp. 228–239. Springer, Heidelberg (2014)Google Scholar
  22. 22.
    Card, S.K., Moran, T.P., Newell, A.: The keystroke-level model for user performance time with interactive systems. Commun. ACM 23(7), 396–410 (1980)CrossRefGoogle Scholar
  23. 23.
    Laurie, B., Singer, A.: Choose the red pill and the blue pill: A position paper. In: Proceedings of the 2008 Workshop on New Security Paradigms, NSPW 2008, pp. 127–133. ACM, New York (2008)Google Scholar
  24. 24.
    Alliance, F.: FIDO U2F Spec Package, May 2015Google Scholar
  25. 25.
    Want, R., Hopper, A., Falcao, V., Gibbons, J.: The active badge location system. ACM Trans. Inf. Syst. 10(1), 91–102 (1992)CrossRefGoogle Scholar
  26. 26.
    Landwehr, C.E.: Protecting unattended computers without software. In: Proceedings of the 13th Annual Computer Security Applications Conference, pp. 274–283. IEEE Computer Society, Washington, DC (1997)Google Scholar
  27. 27.
    Landwehr, C.E., Latham, D.L.: Secure identification system US Patent 5,892,901, filed 1997–06-10, granted 1999–04-06 (1999)Google Scholar
  28. 28.
    Peeters, R.: Security architecture for things that think. Ph.D. thesis, KU Leuven (2012)Google Scholar
  29. 29.
    Simoens, K., Peeters, R., Preneel, B.: Increased resilience in threshold cryptography: sharing a secret with devices that cannot store shares. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 116–135. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous verifiable secret sharing and proactive cryptosystems. In: 9th ACM Conference on Computer and Communications Security, pp. 88–97 (2002)Google Scholar
  31. 31.
    Tassa, T., Dyn, N.: Multipartite Secret Sharing by Bivariate Interpolation. In: 33rd International Colloquium on Automata, Languages and Programming, pp. 288–299 (2006)Google Scholar
  32. 32.
    Schultz, D., Liskov, B., Liskov, M.: MPSS: Mobile proactive secret sharing. ACM Trans. Inf. Syst. Secur. 13(4), 34:1–34:32 (2010)CrossRefGoogle Scholar
  33. 33.
    Instruments, T.: CC2541 SimpleLink Bluetooth Smart and Proprietary Wireless MCU. Web pageGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.University of WaterlooWaterlooCanada
  2. 2.University of CambridgeCambridgeUK

Personalised recommendations