Computer encryption technologies have all relied on one key assumption that RAM (Random Access Memory) is volatile and that all content is lost when power is lost. That key assumption is now being fundamentally challenged with a $7 can of compressed air and it’s enough to give every security professional heart burn.
We all had some theoretical concerns, but surely it would be too difficult to transport hot memory from one computer to another to extract its contents right? That’s what we all thought until a group of researchers from Princeton University showed that memory wasn’t as volatile as we had all assumed (see Techmeme). As a matter of fact, memory would hold its contents for a duration of seconds or even minutes with the power cut off. If that wasn’t long enough, a can of compressed air used upside down will cryogenically freeze memory and keep the data intact for several minutes to an hours. This means the ultrasensitive encryption keys used to protect data can be exposed in
the clear.
Also see: Images: How to bypass FileVault, BitLocker security
Most of the time, the compressed air probably isn’t even necessary but it can offer a sure way to get the job done since the RAM can be safely moved to a different computer. Once that computer boots up in to a special OS designed for RAM forensics, it is possible to dump the raw contents of memory on to storage. Even if parts of the key were lost due to power-loss decay, a simply exhaustive search should be able to recreate the key. But by freezing the memory, it’s unlikely that much data would be lost in the first place.
This same attack works without the compressed air or RAM migration if the computer is configured for USB or LAN boot. You simply put in a USB dongle and boot off that dongle or you can boot off the network. Booting off the optical drive is probably just as easy and more likely to work. Then you can dump the RAW memory contents to the USB dongle or a network share. If the computer will only boot to the hard drive and the BIOS is locked from reconfiguration, then you might run in to some problems because you’ve already wasted a minute trying to find all this out but the freeze and memory migrate method gets around any of these boot-up limitations.
If an embedded TPM is involved, a simple swapping of the hard drive will get around all these problems. Once the raw contents are saved to disk, forensics software can retrieve the keys from disk encryption systems such as Vista BitLocker, Apple FileVault, TrueCrypt, dm-crypt, and potentially a bunch of other data encryption solutions as well. Once is key is exposed, the hard drive might as well not be encrypted at all.
The challenge we are facing here is fundamentally difficult because the problem stems from a combination of hardware, software, and usability. The software assumes the hardware (RAM) will lose its content as soon as power is lost and that simply isn’t the case. RAM is designed to be low power, low latency, low cost, high density, and high throughput but nowhere on that list is “quick to forget when powered off”. Even if the memory could be designed to rapidly expire in under a second, -150 Celsius liquid nitrogen can extend that time by orders of magnitude.
We might design encryption software to flush the key every few minutes when not in use but that gets in to usability issues. No one wants to be forced to pull out a USB dongle every few minutes or have to type in a password to extract the key from the TPM. Sort of a user-friendly transparent proximity solution where the user wears some sort of secure wireless token that can securely hand out the encryption key whenever needed by the push of a button do I see it practical to frequently flush the encryption key from the encryption software. There was little motivation to build such a system but with this latest breakthrough in offensive capability, we might have to consider it.
