Disk encryption 'no silver bullet'
Published: 31 Jul 2008 09:25 BST
Disk encryption, which people rely on for protecting sensitive data on laptops, can fairly easily be foiled, security researchers said in presenting a paper on a 'cold-boot attack' at the Usenix security conference on Wednesday.
In a new type of attack that requires physical access to a target computer, an attacker can cut power to a machine that is in sleep mode, restore the power, and boot a malicious operating system from a USB drive or an iPod that can copy the RAM contents.
Although one might think the contents of the RAM would be lost when the power is turned off, this isn't the case, according to the team of mostly Princeton University researchers led by J Alex Halderman, a doctoral candidate.
The group found that, contrary to common knowledge, RAM data fades gradually over a period spanning from a few seconds to a few minutes after the power is cut. This could give an attacker time to read the RAM data, including encryption keys, after rebooting into a different operating system or removing the memory chips and placing them into a different computer.
An attacker can extend the data-decay time period by cooling the chip off while the machine is running with a spray of 'canned air', commonly used for cleaning keyboards of dust. With liquid nitrogen, an attacker could take days to retrieve the data if needed.
Popular disk-encryption schemes, such as Microsoft's Bitlocker in Vista, don't protect against this type of attack, and in fact make the laptops more susceptible, the researchers said.
"Overall, the significance is that disk encryption is not the silver bullet that we might have thought in its present state," Halderman, said in an interview after the presentation. "Individuals and businesses that rely on disk encryption need to pay much closer attention to the physical security of their devices."
In addition to Halderman, the research team included Princeton professor Ed Felten, as well as Nadia Heninger, William Clarkson, Joseph Calandrino, and Ariel Feldman of Princeton; Jacob Appelbaum; Seth Schoen of the Electronic Frontier Foundation; and William Paul of Wind River Systems.
This image shows how data on a RAM chip fades gradually over time. The far left shot shows an image in memory five seconds after the power was cut, followed on the right by 30 seconds, 60 seconds and five minutes
Credit: Disk encryption is no silver bullet, researchers say from CNET News
Did you find this article useful?
194 out of 194 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
