Ok, I know, I know. I owe you guys a proper update after being “absent” from blogging for quite some time. So, here is my take on the recently released Princeton Memory Vulnerability that seems to be gathering so much attention with the press and creating a sort of panic in the encryption community.
—
I have been watching the Princeton Cold Boot Memory Attack issue for the past 2 weeks. Over at the FDE mailing list, people from the encryption community even called it “scary”.
For those who want to read the paper for themselves, you can find it here. For those who aren’t patient enough, here is a brief overview of the paper.
We all know, of course, that the DRAM loses its contents when the power is of. However, the question as of how long it would take for the DRAM to “forget” was never much paid attention to. This is probably because (and I quote) “[m]ost experts assume that a computer’s memory is erased almost immediately when it loses power, or that
whatever data remains is difficult to retrieve without specialized equipment.” And the Princeton paper released earlier this month showed that these assumption are incorrect.
Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay.
Moreover, the paper presented a “suite of attacks that exploit DRAM remanence effects to recover cryptographic keys held in memory.” They showed these vulnerability by defeating file encryptions systems like Microsoft’s BitLocker(Windows Vista), Apple’s FileVault (Mac OS X) and TrueCrypt (open-source disk encryption product for Windows, Mac OS, and Linux platforms).
…[C]onfirmed that decay rates vary dramatically with temperature… obtained surface temperatures of approximately -50 *C with a simple cooling technique: discharging inverted cans of “canned air” duster spray directly onto the chips. At these temperatures, …fewer than 1% of bits decayed even after 10 minutes without power. To test the limits of this effect, …DRAM modules [submerged] in liquid nitrogen (ca. -196 *C)…[has] only 0.17% [decay] after 60 minutes out of the computer.
It seems that the semicon physics community has long been aware of the remanence effect in DRAM, in a 1978 experiment it was even found that there can be no data loss for a full week without refresh when cooled with liquid nitrogen.
More recently, the same team demonstrated an attack native to OS X. They showed the ease of breaking Keychain and accessing the contents of a a Macintosh computer using only iPod and network booting. (more…)
