Research Has Chilling Effect on Hard Drive Encryption
Back in the 1970s when I was teaching digital logic courses, it was conventional wisdom that Dynamic Random Access Memory (DRAM) memory chips would immediately lose data when the power was turned off. But a group of researchers at Princeton have demonstrated that the data in DRAMs, which are used in most personal computers and which temporarily hold a PC's encryption keys, will persist and remain readable after power has been turned off for several seconds to minutes at room temperature and much longer if the chip is cooled.
What that means to us road warriors is that just encrypting data on our laptop's hard drive may not be enough to protect that data if the machine is lost or stolen. And remember Adam Dodge notes in his Educational Security Incidents 2007 report that there were 52 incidents affecting 295,300 records involving the loss or theft of physical media such as drives and laptops. Even office-based machines that are physically accessible are vulnerable. So much for the advice "encrypt your data" that folks like me have been giving users for years.
The Princeton Findings
First, the Princeton group measured how quickly DRAM memory faded when power was cut off at a variety of temperatures. (While solid-state researchers have known the DRAM remembrance problem for some time, the Princeton group was the first to conduct systematic experiments showing how the phenomenon could be exploited to compromise data.) They observed that at normal operating temperatures there was a low rate of bit corruption for several seconds, followed by a period of rapid decay. They also found, as expected, that the memory decay rate decreased rapidly as the temperature decreased. Using the simple cooling technique of spraying an inverted can of "canned air" on the chips resulted in less than 1 percent of the bits decaying after 10 minutes without power. When the DRAM chips were cooled to liquid nitrogen temperatures, the Princeton group observed decay rates of 0.17 percent after 60 minutes without power.
They then successfully demonstrated three attacks that exploited the DRAM remanence:
- Reboot the machine and launch a custom kernel that gives the attacker access to the retained memory;
- Briefly cut and restore power to the machine and then boot from a custom kernel, which keeps the operating system from scrubbing memory before shutdown; and
- Cutting power and transplanting the DRAM modules to a second PC prepared by the attacker.
Since if the power to the DRAM memory is cut for too long the data will be corrupted, the Princeton group then investigated three strategies for reducing corruption:
- Cooling the memory chips prior to cutting power;
- Applying algorithms for correcting errors in private and symmetric key; and
- Modeling the physical conditions under which the data on chips was recovered as well as the decay properties of the chips to improve the error correcting algorithms.
The error correction algorithms they developed were able to reconstruct cryptographic keys even with relatively high bit-error rates using other recovered data such as key schedules. Using these algorithms they were able to reconstruct 128-bit AES keys with 10 percent of the bits decayed.
Finally, they put it all together and used these techniques to successfully attack encryption products such as BitLocker, TrueCrypt, and Apple's File Vault. If you're not use wading through research findings, this means our data encryption procedures aren't as good as we thought they were. It means back to the drawing board.
But Won't 'Trusted Compuing' Hardware Solve the Problem?
The response of some security experts was that the capabilities of Trusted Computing hardware would address the kind of vulnerabilities exploited by the Princeton researchers. (Although not extensively used, Trusted Computing Modules or TCMs are now found on many--roughly 150,000--personal computers. In response, the Princeton researchers point out that even though the TCM administers which software modules can use a key, once the key is stored in DRAM by the application, it is vulnerable to the kind of attack they reported.
They also noted that they were able to defeat Microsoft's BitLocker encryption despite its use of TPM and that the use of TCM actually increased the vulnerability because the system will automatically mount hardware protected disks when the machine is powered on.
So What Can Be Done?
Defending yourself against memory imaging attacks is difficult: The key has to be stored somewhere. The Princeton research group that documented this vulnerability recommends countermeasures that focus on discarding or obscuring encryption keys before an adversary might gain physical access, preventing memory-dumping software from being executed on the machine, physically protecting DRAM chips, and possibly making the contents of memory decay more readily.
Unfortunately many of these strategies involve changes to the application or operating system software and are not under the user's control. Examples include software that overwrites encryption keys when they are no longer needed, systems that clear memory at boot time, or systems that limit booting from the network or removable media.
Other countermeasures involve hardware changes that are similarly not available to the user. For example, physically protecting the DRAM chips by encasing them in epoxy or designing chips whose memory decays very quickly when power is lost.
Finally, the Princeton group found that locking your computer screen, which leaves the computer running but requires a password before allowing user interaction, does not protect what you have stored in memory. Similarly, putting your computer in "sleep," "suspend," or hibernate mode is not effective since an attacker could simply awaken the computer and extract the contents of memory as described earlier.
Two New Rules to Protect Data on Your Laptop
Fortunately there are practical steps you can take to protect sensitive data on your personal computer:
1. If you have sensitive data on your computer and must leave it unattended, do a complete shut down. Don't put it to sleep; don't put it in hibernation. Turn it off.
2. After you do a complete shut down, wait a minute or so before leaving your computer unattended.
