//
you're reading...
Apple/Mac, Linux & OpenSource, Microsoft / Windows, Quantum Cryptography, Security

Princeton Cold Boot Memory Attack

Ok, I know, I know. I owe you guys a proper update after being “absent” from blogging for quite some time. So, here is my take on the recently released Princeton Memory Vulnerability that seems to be gathering so much attention with the press and creating a sort of panic in the encryption community.

I have been watching the Princeton Cold Boot Memory Attack issue for the past 2 weeks. Over at the FDE mailing list, people from the encryption community even called it “scary”.

For those who want to read the paper for themselves, you can find it here. For those who aren’t patient enough, here is a brief overview of the paper.

We all know, of course, that the DRAM loses its contents when the power is of. However, the question as of how long it would take for the DRAM to “forget” was never much paid attention to. This is probably because (and I quote) “[m]ost experts assume that a computer’s memory is erased almost immediately when it loses power, or that
whatever data remains is difficult to retrieve without specialized equipment.” And the Princeton paper released earlier this month showed that these assumption are incorrect.

Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay.

Moreover, the paper presented a “suite of attacks that exploit DRAM remanence effects to recover cryptographic keys held in memory.” They showed these vulnerability by defeating file encryptions systems like Microsoft’s BitLocker(Windows Vista), Apple’s FileVault (Mac OS X) and TrueCrypt (open-source disk encryption product for Windows, Mac OS, and Linux platforms).

…[C]onfirmed that decay rates vary dramatically with temperature… obtained surface temperatures of approximately -50 *C with a simple cooling technique: discharging inverted cans of “canned air” duster spray directly onto the chips. At these temperatures, …fewer than 1% of bits decayed even after 10 minutes without power. To test the limits of this effect, …DRAM modules [submerged] in liquid nitrogen (ca. -196 *C)…[has] only 0.17% [decay] after 60 minutes out of the computer.

It seems that the semicon physics community has long been aware of the remanence effect in DRAM, in a 1978 experiment it was even found that there can be no data loss for a full week without refresh when cooled with liquid nitrogen.

More recently, the same team demonstrated an attack native to OS X. They showed the ease of breaking Keychain and accessing the contents of a a Macintosh computer using only iPod and network booting.

Over at the FDE mailing list, members of the encryption community have been voicing out their suggestion regarding this vulnerability:

Garrett Groff says:

The attack exploits hardware, so I suspect we’ll need a hardware solution for this problem.

and suggested ways to mitigate the attack:

* Use a drive like Momentus… and hope that the anti-tampering mechanisms within the Momentus drive make hardware-based attacks (like the RAM attack) infeasible and unreliable.

* Don’t use standby mode. Instead, use hibernate (though hibernation might still be vulnerable depending on the FDE solution) or shut off the computer.

* Physically make RAM difficult to remove from the machine (crude, but effective?).

* Set BIOS boot sequence such that the machine boots to the HDD first; password protect BIOS. (I know, I know. Not fool-proof, but the extra time it takes to reset the BIOS & boot to a CD or USB stick might make the contents of RAM unreliable. Having said that, this is only mitigating if attacker uses your own machine to stage the attack. Bets are off if he removes the RAM & puts them in his own machine. But hey, it’s a good thing to do regardless, right??)

Bryan Glancey on the other hand suggested:

* Split encryption Keys (or s-box tables) into separate pieces

* Dynamically relocate Keys regularly in memory – to make exact location difficult to determine

* Overwrite memory several times when unloading Key

* Encrypt key in memory with another key

Andreas Khun argued that:

…in the end all the possible fixes that have been listed are only software fixes for today’s inherently insecure, archaic and simply out dated PC architecture. Only a migration to a trusted PC architecture as proposed by the Trusted Computing Group and technologies like the forth coming Intel TXT and Danbury architectures will help solve today’s known problems with untrusted platforms.

Secure encryption solutions like Seagate’s native hard drive encryption, where the key is never exposed outside of the hard drive enclosure area, and turning on the TPM are the next step to propel us forward into the new century of trusted computing.

The software encryption hack is but one occurrence of all the hack possibilities as long as the world doesn’t fess up to the fact that only software in combination with appropriate new but already existing hardware is employed. To continue trying to do it all in software is just a foolish proposition.

Steve Sprague believes that:

FDE is just a simple one. Customers need to bulk encryption in the drive hardware it is a superior solution to any software and always will be. A single chip solution for Encryption Key management and access control is key.

Here are my take on the issue:

1. I believe that we need a more secure PC architecture. For the encryption community, this issue is a major draw back because as cryptographers and cryptographic engineers race to strengthen encryptions, we find that a flaw in physical security of the data can undo all these in a matter of minutes. When it comes to more “secure RAM” we may find that a faster decay may compromise reliability. Nevertheless, I agree with Garrett, for a hardware problem, we should look for a hardware solution.

2. Data scrambling, dynamic re-allocation and memory encryption can also help but may affect performance and requires error checking and decryption / unscrambling of the key that would increase the time complexity of encryption algorithms. And we must also put in mind that if we are to encrypt keys it would also need a key/password which in turn needs to be put somewhere. And that somewhere may very well be the memory itself, making it only harder but not impossible to crack.

3. Theoretically, Symmetric Key Encryptions are more secured that Public-Key Encryption IF (AND ONLY IF) the key is guaranteed secret and is never. Public-Key guarantees this in the form of the assumed computational hardness, however the attack discussed here compromises the key and shows the ease of recreating an AES and RSA private keys within minutes. The best solution to this problem would be one-time keys. However, we will be faced with the Key Distribution Problem. It seems to me that the best solution to this problem may well be the migration from Public-Key to Symmetric Key Encryption. So, I say that this is one more reason to switch to Quantum Cryptography.

4. Some hard drives supports encryption and authentication even when in sleep or hibernate mode. Mine does, anyway. This means that upon ressumption from sleep mode or from hibernate mode, it will immediately prompt for a hard drive password. This is a good place to start. (I haven’t checked whether or not it stores the Key in the DRAM longer than necessary, though.)

5. Also, you may want to password protect the bios to boot to the HDD first this buys you time for the OS and the Bios to overwrite the DRAM. (Of course, the attacker can simply take the DRAM out and insert it in another system.)

6. Don’t just screen lock, unless you trust your door. :P

What we should remember is that no matter how strong your lock is, if you leave the key lying around, you might as well leave the door wide open.

I still believe that QC is the best way to go. Once, implemented fully and properly as it is in theory, can guarantee an unbreakable security.

About these ads

About princess of antiquity

Abbi Cabanding is a member of the Security Bloggers Network and had been blogging on information security since 2006. She is also a member of the Association for Computing Machinery. She studied Computer Science and Fine Arts at the University of the Philippines - Diliman.

Discussion

6 thoughts on “Princeton Cold Boot Memory Attack

  1. My (admittedly, very limited) understanding of quantum cryptography is that it depends on properties of polarized light over a medium, such as fiber optic cable.

    How does that help you encrypt your hard drive?

    Posted by Ryan Russell | March 4, 6:47 am, 6:47 am
  2. abbi’s back with a vengeance!

    Michael

    Posted by Michael R. Farnum | May 3, 1:34 pm, 1:34 pm
  3. Somehow i missed the point. Probably lost in translation :) Anyway … nice blog to visit.

    cheers, Praise!!

    Posted by Praise | June 21, 8:11 pm, 8:11 pm
  4. I love your site!

    _____________________
    Experiencing a slow PC recently? Fix it now!

    Posted by Michael Tim | March 1, 1:02 am, 1:02 am
  5. My brother in law would appreciate this post. We were recently speaking about this. hehe

    Posted by Video Gamers | January 4, 5:50 am, 5:50 am
  6. You really make it seem so easy with your presentation but I find this topic to be really something which I think I would never understand. It seems too complex and extremely broad for me. I am looking forward for your next post, I’ll try to get the hang of it!

    Posted by jocuri miniclip | June 7, 1:13 am, 1:13 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Sin of Silence E-Book


SIN OF SILENCE:
THE STORIES OF OUR DAYS
download:
single-page view
two-page view

On Wordpress

  • 92,544 readers

Subscribe via FeedBurner

Enter your email address to receive notifications by email.

Princess of Antiquity on Twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

RSS Princess of Antiquity on Tumblr

  • An error has occurred; the feed is probably down. Try again later.

Creative Commons

Creative Commons License
Original content in this work is licensed under a Creative Commons License.
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: