Click here to receive your FREE subscription to Campus Technology
Opinion
Research Has Chilling Effect on Hard Drive Encryption
3/14/2008
Back in the 1970s when I was teaching digital logic courses, it was conventional wisdom that Dynamic Random Access Memory (DRAM) memory chips would immediately lose data when the power was turned off. But a group of researchers at Princeton have demonstrated that the data in DRAMs, which are used in most personal computers and which temporarily hold a PC's encryption keys, will persist and remain readable after power has been turned off for several seconds to minutes at room temperature and much longer if the chip is cooled.
What that means to us road warriors is that just encrypting data on our laptop's hard drive may not be enough to protect that data if the machine is lost or stolen. And remember Adam Dodge notes in his Educational Security Incidents 2007 report that there were 52 incidents affecting 295,300 records involving the loss or theft of physical media such as drives and laptops. Even office-based machines that are physically accessible are vulnerable. So much for the advice "encrypt your data" that folks like me have been giving users for years.
The Princeton Findings
First, the Princeton group measured how quickly DRAM memory faded when power was cut off at a variety of temperatures. (While solid-state researchers have known the DRAM remembrance problem for some time, the Princeton group was the first to conduct systematic experiments showing how the phenomenon could be exploited to compromise data.) They observed that at normal operating temperatures there was a low rate of bit corruption for several seconds, followed by a period of rapid decay. They also found, as expected, that the memory decay rate decreased rapidly as the temperature decreased. Using the simple cooling technique of spraying an inverted can of "canned air" on the chips resulted in less than 1 percent of the bits decaying after 10 minutes without power. When the DRAM chips were cooled to liquid nitrogen temperatures, the Princeton group observed decay rates of 0.17 percent after 60 minutes without power.
They then successfully demonstrated three attacks that exploited the DRAM remanence:
- Reboot the machine and launch a custom kernel that gives the attacker access to the retained memory;
- Briefly cut and restore power to the machine and then boot from a custom kernel, which keeps the operating system from scrubbing memory before shutdown; and
- Cutting power and transplanting the DRAM modules to a second PC prepared by the attacker.
Since if the power to the DRAM memory is cut for too long the data will be corrupted, the Princeton group then investigated three strategies for reducing corruption:
- Cooling the memory chips prior to cutting power;
- Applying algorithms for correcting errors in private and symmetric key; and
- Modeling the physical conditions under which the data on chips was recovered as well as the decay properties of the chips to improve the error correcting algorithms.
The error correction algorithms they developed were able to reconstruct cryptographic keys even with relatively high bit-error rates using other recovered data such as key schedules. Using these algorithms they were able to reconstruct 128-bit AES keys with 10 percent of the bits decayed.
Recommended Reading
- RIAA Outsources Fingering of Students Who Share Music Illegally
The RIAA is outsourcing the hunt for music thieves. Its largest target currently is those who operate from within colleges and universities, a move that has piqued the attention of Educause.
- Microsoft Expands Education Footprint in Asia Pacific Region
Microsoft Chairman Bill Gates announced new partnerships to extend accessibility and computer literacy in the Asia Pacific region during a speech in Jakarta at a government leader gathering earlier this week.
- IT Struggling Over Security, Compliance
IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, according to a survey released Monday by Shavlik Technologies.
- Toronto College Upgrades Network with Gigabit Ethernet Wireless Links
Toronto-based George Brown College has gone public about its deployment of six BridgeWave GE60 wireless links to upgrade its campus-wide network.
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
