Disk encryption defeated?

GushpinBob

2[H]4U
Joined
Dec 11, 2007
Messages
2,721
May be an interesting, yet disturbing read:
http://citp.princeton.edu/memory/

To sum up the video, they show how easy it is to recover an encryption key from ram after doing a cold reboot and after they transfer the ram stick to another computer.

I'm running their proof of concept on my own laptop to see if memory still retains any information after a cold reboot. What does everyone else think?

UPDATE: Yep, did a cold reboot and searched for the test strings I placed in memory and sure enough they came up several times.
 
Yeah, it's like I tell everyone. No matter how random the key, no matter how strong and perfect the algorithm, encryption and security go up in smoke with nothing more than a little creativity.

Side-channel attacks for the win.

But yes, this particular attack is easy and effective, just one of the security problems with capacitive memory.
 
It's definitely a simple attack. It's surprising that it took this long for someone to experiment with it.

At least there's a viable work around: turn off your machine when you're not using it :)
 
this is one of those "now why didn't i think of that"...


this is a lot more complicated than my method i devised involving scripts that allow remotely logged-in users to reboot machines with WDE... but you don't even need the friggin scripts for this one... then again, if you can run a script you can just pull it out of memory then can't you? or just copy the data off right then.... my whole world is falling apart


scary indeed... and learn more about memory all the time.... like that you can spray a air can upsidown on electronics and it won't fry it... WHO KNEW!!!

i want to get my hands on thier attack program and take it to work... fun fun fun... too lazy to write my own... if i knew coding it probably wouldn't be that difficult... how hard is it to copy memory and parse it for keywords... which is easy enough to learn
 
Yeah, if I was some paranoid security dick, I would throw my computer's RAM in the chipper/shredder every time I power down my computer. Would definitely get expensive, though :D.
 
or set a script to zero the memory on shutdown.

better yet, hardware support to full zero the memory on power loss.
 
or set a script to zero the memory on shutdown.

better yet, hardware support to full zero the memory on power loss.

should be something fairly simple to implement in BIOS update too, right?

some people want thier computer to shut down RIGHT AWAY though...i guess a bios toggle would be needed too
 
should be something fairly simple to implement in BIOS update too, right?

No. You'd need something to hold the charge to zero the memory on power loss. There isn't enough in the system to do that without extra hardware.
 
I always knew that RAM could be a vulnerability. After all, a memory dump could leave your keys exposed.

I'm surprised that they could have recovered keys from RAM so easily even after shutdown. This shows that you can't completely rely on just one mechanism for security (not that I ever have; doing so is foolish).

We'll have to work harder to physically secure our computers so that it would at least take too long to remove the RAM. Or just shut our computers down when we're not using them.
 
you almost have to... i mean if somebody came into an office with intent to steal client data, the server stays on all night for updates from the cloud... somebody could concievably just break in and steal them with a USB hard disk... or even splice in a battery and carry the thing off while ON...

i'm suprised that the security apps don't zero out at least that portion of memory that has the keys in it on exit.... i guess that is all that is needed... but its more difficult to do that if you need the encryption keys in memory TO shut down in the case of WDE....

EDIT: DAMN, then all they'd have to do is improper shutdown

nooooooooooooo

i'm glad i'm not a security expert, i'd be wanting to fire myself daily


EDIT2: da sponge, lets design a device that goes in your memory slot between the memory and the board... and it plugs into the ATX power supply always on connection and auto scrambles the memory as soon as power is "cut" to the board.....
we'll be rich and sell it to ultra-paranoid security guys

EDIT3: foiled again! what if the baddie opens up the case and yanks the memory out while it's still on! i friggin quit
 

Actually, there is a much easier way to prevent this from happening. Turn your computer off. The memory only holds a charge in an unpowered system for a matter of seconds during normal operating conditions.

The only real method of preventing this attack from working is to use RAM that doesn't have caps as a storage method.

The responsible and reasonable method is that the encryption software shouldn't store the key in memory while in a powered down state (hibernate/sleep/lock/etc) and should require a re-entry of the passphrase. Of course, this leads to more problems, which leads to more side-channel attacks.

People shouldn't think of security in the normal sense of the word, but more as "I'm making this annoying enough that only the most determined and resourceful people will even bother."
 
People shouldn't think of security in the normal sense of the word, but more as "I'm making this annoying enough that only the most determined and resourceful people will even bother."

Exactly. Encryption should be treated like a deterrent. Heck, any security measure is a deterrent. Doesn't mean you shouldn't use them; you just have to use them wisely and within reason.

Besides, theres little point worrying about people pulling your RAM if there are much easier ways of breaking into your computer than this. Kinda like buying the most expensive and secure lock for your front door but leaving your back door unlocked...
 
Back
Top