Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Software

Cryogenically frozen RAM bypasses all disk encryption methods

Summary: Computer encryption technologies have all relied on one key assumption that RAM (Random Access Memory) is volatile and that all content is lost when power is lost. That key assumption is now being fundamentally challenged with a $7 can of compressed air and it's enough to give every security professional heart burn.

George Ou

By George Ou for Zero Day |

Computer encryption technologies have all relied on one key assumption that RAM (Random Access Memory) is volatile and that all content is lost when power is lost. That key assumption is now being fundamentally challenged with a $7 can of compressed air and it's enough to give every security professional heart burn.

We all had some theoretical concerns, but surely it would be too difficult to transport hot memory from one computer to another to extract its contents right? That's what we all thought until a group of researchers from Princeton University showed that memory wasn't as volatile as we had all assumed (see Techmeme). As a matter of fact, memory would hold its contents for a duration of seconds or even minutes with the power cut off. If that wasn't long enough, a can of compressed air used upside down will cryogenically freeze memory and keep the data intact for several minutes to an hours. This means the ultrasensitive encryption keys used to protect data can be exposed in the clear.

Also see: Images: How to bypass FileVault, BitLocker security

Most of the time, the compressed air probably isn't even necessary but it can offer a sure way to get the job done since the RAM can be safely moved to a different computer. Once that computer boots up in to a special OS designed for RAM forensics, it is possible to dump the raw contents of memory on to storage. Even if parts of the key were lost due to power-loss decay, a simply exhaustive search should be able to recreate the key. But by freezing the memory, it's unlikely that much data would be lost in the first place.

This same attack works without the compressed air or RAM migration if the computer is configured for USB or LAN boot. You simply put in a USB dongle and boot off that dongle or you can boot off the network. Booting off the optical drive is probably just as easy and more likely to work. Then you can dump the RAW memory contents to the USB dongle or a network share. If the computer will only boot to the hard drive and the BIOS is locked from reconfiguration, then you might run in to some problems because you've already wasted a minute trying to find all this out but the freeze and memory migrate method gets around any of these boot-up limitations.

If an embedded TPM is involved, a simple swapping of the hard drive will get around all these problems. Once the raw contents are saved to disk, forensics software can retrieve the keys from disk encryption systems such as Vista BitLocker, Apple FileVault, TrueCrypt, dm-crypt, and potentially a bunch of other data encryption solutions as well. Once is key is exposed, the hard drive might as well not be encrypted at all.

The challenge we are facing here is fundamentally difficult because the problem stems from a combination of hardware, software, and usability. The software assumes the hardware (RAM) will lose its content as soon as power is lost and that simply isn't the case. RAM is designed to be low power, low latency, low cost, high density, and high throughput but nowhere on that list is "quick to forget when powered off". Even if the memory could be designed to rapidly expire in under a second, -150 Celsius liquid nitrogen can extend that time by orders of magnitude.

We might design encryption software to flush the key every few minutes when not in use but that gets in to usability issues. No one wants to be forced to pull out a USB dongle every few minutes or have to type in a password to extract the key from the TPM. Sort of a user-friendly transparent proximity solution where the user wears some sort of secure wireless token that can securely hand out the encryption key whenever needed by the push of a button do I see it practical to frequently flush the encryption key from the encryption software. There was little motivation to build such a system but with this latest breakthrough in offensive capability, we might have to consider it.

Topics: Software, CXO, Hardware, Processors

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

61 comments
Log in or register to join the discussion

  • fascinating

    thanks. You and Roland P. write about some really interesting topics, away from the same-old, same-old.
    killerbunny
    Reply Vote

  • You need physical access

    One thing I've found is if you have physical access to the machine you pretty own the machine. This just adds to the problem of losing that laptop but really it's already bad enough when a laptop with sensitive information gets stolen. Getting more keys to the front gates just adds to the problem. Best to not allow physical access at all if you can do that.
    voska1
    Reply Vote

    • Your correct.

      If you lock up your system and store in a safe when not in use then no one can get to it. As long you are using and in possession of the computer they can't do this. Also for those who are disparate few to get a hold of you data you may need to resort to deadly force to stop those, say a IED or similar.
      phatkat
      Reply Vote

    • The purpose of disk encryption is to protect you from stolen hardware

      The purpose of disk encryption is to protect you from stolen hardware where the attacker has FULL physical access to your computer. If you can't depend on disk encryption to protect you in this case, then disk encryption is broken.
      georgeou
      Reply Vote

      • It sure is

        Better not to lose said laptop in the first place I'd say or at the very least don't have any files of value on it. Easier said than done however in the real world.
        voska1
        Reply Vote

      • I'm glad someone's ...

        ... awake and can smell the coffee.

        You are absolutely, 100% correct, George.

        OK, admittedly, this has got to be the most outlandish and positively left-field attack vector that anyone could ever have conceived - BUT, it is an attack vector none the less.

        However, as real or apparent the threat is, it still (technically) is *not* the root of the problem. Quite frankly, as Messr Ou correctly suggests: it aint the hardware's fault it can be frozen and used at a later point in time to siphon-off *supposedly safe* and encrypted data - because any which way you wanna look at this, the real fault/problem here lies in the actual way that data encryption can be so easily circumvented using the reported method.

        I can just picture it ...

        Husband: "Honey, i'm home! What's for dinner?"

        Wife: "CIA! I thawed it out last night! I've just turned it
        over on the grill - it'll be done in a minute!"

        In a perfect world, we would be able to have all our data kept safely on PCs or in other storage facilities - in unlocked rooms, knowing fully well no manner of hack or other method of circumvention would be able to get at our encrypted data. There's just one slight problem ... there aint no world but this one we live in.


        Be afraid ... fraids are better!
        thx-1138_
        Reply Vote

      • Looks like, though...

        ...this exploit is only useful very shortly after the computer is powered off. I can see a "carjacking" scenario where an intruder enters the area where the computer is kept, powers it down, treats the chips, and removes them, but not much else.
        John L. Ries
        Reply Vote

    • RE: Cryogenically frozen RAM bypasses all disk encryption methods

      @voska1 Agreed. Physical access = root. This is the fundamental assumption from pretty much all security professionals. Attempting security anything beyond that is a fool's errand, likely to produce more difficulty than it's worth.
      sy69
      Reply Vote

  • Still very risky

    You would have to have open access to the physical machine to pull such a stunt. This is a activity that requires some planning to pull off. Not just something you can ad hoc.
    nucrash
    Reply Vote

    • If you're safe from physical access, there would be no need for disk encryp

      If you're safe from physical access, there would be no need for disk encryption in the first place. Disk encryption is designed to keep you safe in the event of full physical access. Now it has been severely broken and we have a big problem.

      It would be nice if hardware (read laptops) were never stolen or lost, but then again it would be nice if all the world's bad guys would just reform themselves and never do anything against the law again, we wouldn't need any security countermeasures at all.
      georgeou
      Reply Vote

      • Sounds Ideal

        But now with today's laptops, UMPCs, and now even our uber 31337 phones, we made a sneak attack on the network even more accessible.

        Like trying to hire a "Trustworthy" employee, plans never seem to work out.
        nucrash
        Reply Vote

  • Encyption Legislation

    This story is another reason state legislatures are <a href="http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html">unwise to madate</a> encryption as a data security procedure.

    http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html

    [url]http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html[/url]
    benjaminwright75205
    Reply Vote

    • No, this just means we need to fix the encryption technology

      No, this just means we need to fix the encryption technology. It does not mean we stop using encryption.
      georgeou
      Reply Vote

      • Simple Fix....

        Do not store the key in contiguous memory, store each byte of the key in different places in memory, even if you place a filler byte between each of the digits.

        Also unless they catch your computer on (or real shortly after it is turned off) this idea will not work.
        mrOSX
        Reply Vote

  • Lame, highly improbable, and vested interest involved.

    Just an attempt to renew the push for Palladium. Er...whatever its called this week.
    techboy_z
    Reply Vote

    • Nothing lame about it

      nt
      georgeou
      Reply Vote

  • You call it lame, but you took the time to read it...(nt)

    (nt)
    hjagla
    Reply Vote

  • This is stupid.

    You can't freeze the ram and then heat it up to remove it (desoldering it) without defrosting it. You would have to tap onto the pins without removing it. Not possible if they are underneath.

    If it hasn't been done in the lab, it's not actually possible.

    This article is FUD with a captial "F".
    Eriamjh
    Reply Vote

    • Soldered??

      Who uses soldered ram any more? Everything is clip in SIMMs or DIMMs or whatever. Freeze it, unclip it, stick it in another computer and you're good to go. Yes, you DO need a high level of physical access, but I'll bet the time to do this is a LOT less than most people would guess.

      Would you mind stepping out of your office for five minutes? Heh heh.
      aureolin
      Reply Vote

      • RAM for Macbook Air is soldered to the motherboard

        I just read that the RAM in the Macbook Air is soldered to the motherboard. Someone at Apple must have been thinking of this situation -- or luckily for this situation that there simply isn't enough room in the Macbook Air for a socketed RAM stick of chips. Yeah, instead of doing that compressed air freeze on a regular Macbook like that demo was doing, instead try that compressed air freeze demo on a Macbook Air and finding out you can't take the RAM out.
        GiveMeGizmos
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close