A stick of RAM, a can of air, and wow

Researcher explains the 'cold boot' hack attack

Ever more computers are carrying ever more confidential data -- trade secrets, personal information of clients and constituents, and national security information. Encrypted hard disks requiring hardware keys or passwords are supposedly the way to keep that information safe.

But in the US, Princeton University computer security researcher Edward Felten released a study recently demonstrating that those keys are only as secure as the RAM that carries them, and that RAM is vulnerable in surprising ways. The upshot? Even turning a computer off may not be enough.

What has your study found? The implication of the paper has to do specifically with disk encryption. These are systems that try to encrypt the contents of file on hard drives of PCs so that if the computer is lost or stolen, the person who gets the computer won't be able to read all the files.

We found a method that is able to defeat all of the disk encryption systems that we've tried it on, which I think is now up to six systems roughly. And the basic reason is that all of these systems need to keep the secret encryption key somewhere, and the only place they can put it is in the RAM.

What we found, basically, is a way to get access to RAM, even if it's screen-locked.

The way we get access to RAM is by exploiting a pretty surprising property of RAM. RAM is supposed to be volatile -- when you turn off the power, it forgets the information. What we found is that information in RAM sticks around a lot longer. It sort of fades out over much longer than anybody thought.

How much longer? It actually stays around for seconds, and sometimes even minutes. We tried this on a typical desktop computer that's six or eight years old; we found that even after about 45 seconds, most of the contents of memory are still there. Newer DRAM [chips] held their information for a shorter period -- still plenty long for an attacker, but shorter.

What that means is that an attacker can just cut the power to a computer -- just unplug it, plug it back in and then reboot. After rebooting, the stuff that was in the memory before will still be there, so that the memory contents are still available to the attacker.

We discovered the trick of freezing the memory, which allows the RAM [chips] to retain their data. If we sprayed cooling spray [from an inverted can of common electronics-dusting spray], which gets to about minus 50 degrees Celsius, the retention time for ordinary DRAM would be 10 minutes or more. The cooling spray you can just spray on the chip right there in the computer -- sort of open up the machine so you see the chip, and just spray it on.

If you take the chips out and dunk them into liquid nitrogen, they last a long, long time. We don't even know how long, because we ran out of liquid nitrogen.

Is it possible to put encryption keys in some other memory location using a different technology, or in someplace dedicated to the disk subsystem? Maybe you could make a specialized chip that behaves differently. Probably what you would need is some kind of circuitry that actively erased information. I would not trust a design that sort of waited for the information to leak out. Given the effectiveness of cooling, it seems to me unlikely -- although I'm not a chip designer -- to make a chip that would have the information naturally decay fast enough while still having the chip [be] reliable enough.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Dan Rosenbaum

Computerworld
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?