hn-classics/_stories/2008/11874014.md

---
created_at: '2016-06-10T03:05:12.000Z'
title: Cryogenically frozen RAM bypasses disk encryption methods (2008)
url: http://www.zdnet.com/article/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/
author: andreyvit
points: 49
story_text: 
comment_text: 
num_comments: 34
story_id: 
story_title: 
story_url: 
parent_id: 
created_at_i: 1465527912
_tags:
- story
- author_andreyvit
- story_11874014
objectID: '11874014'
year: 2008

---
[![](http://blogs.zdnet.com/Ou/images/memorex_airduster.jpg)](http://memorex.com/html/products_detail.php?section=2&CID=9&SID=23&PID=522&FID=110&opento=9)Computer
encryption technologies have all relied on one key assumption that RAM
(Random Access Memory) is volatile and that all content is lost when
power is lost. That key assumption is now being fundamentally challenged
with a $7 can of compressed air and it's enough to give every security
professional heart burn.

We all had some theoretical concerns, but surely it would be too
difficult to transport hot memory from one computer to another to
extract its contents right? That's what we all thought until a [group of
researchers from Princeton
University](http://citp.princeton.edu/memory/) showed that memory wasn't
as volatile as we had all assumed ([see
Techmeme](http://www.techmeme.com/080221/p95#a080221p95)). As a matter
of fact, memory would hold its contents for a duration of seconds or
even minutes with the power cut off. If that wasn't long enough, a can
of compressed air used upside down will cryogenically freeze memory and
keep the data intact for several minutes to an hours. This means the
ultrasensitive encryption keys used to protect data can be exposed
in**[![](https://zdnet4.cbsistatic.com/hub/i/r/2014/10/04/bedf805a-4b65-11e4-b6a0-d4ae52e95e57/resize/270xauto/638f24ddb077996caac7727a18c27cee/189069-525-349.jpg)](http://content.zdnet.com/2346-9595_22-189068.html?tag=gald)**
the clear.

**Also see: [Images: How to bypass FileVault, BitLocker
security](http://content.zdnet.com/2346-9595_22-189068.html?tag=gald)**

Most of the time, the compressed air probably isn't even necessary but
it can offer a sure way to get the job done since the RAM can be safely
moved to a different computer. Once that computer boots up in to a
special OS designed for RAM forensics, it is possible to dump the raw
contents of memory on to storage. Even if parts of the key were lost due
to power-loss decay, a simply exhaustive search should be able to
recreate the key. But by freezing the memory, it's unlikely that much
data would be lost in the first place.

Most of the time, the compressed air probably isn't even necessary but
it can offer a sure way to get the job done since the RAM can be safely
moved to a different computer. Once that computer boots up in to a
special OS designed for RAM forensics, it is possible to dump the raw
contents of memory on to storage. Even if parts of the key were lost due
to power-loss decay, a simply exhaustive search should be able to
recreate the key. But by freezing the memory, it's unlikely that much
data would be lost in the first place.

This same attack works without the compressed air or RAM migration if
the computer is configured for USB or LAN boot. You simply put in a USB
dongle and boot off that dongle or you can boot off the network. Booting
off the optical drive is probably just as easy and more likely to work.
Then you can dump the RAW memory contents to the USB dongle or a network
share. If the computer will only boot to the hard drive and the BIOS is
locked from reconfiguration, then you might run in to some problems
because you've already wasted a minute trying to find all this out but
the freeze and memory migrate method gets around any of these boot-up
limitations.

If an embedded TPM is involved, a simple swapping of the hard drive will
get around all these problems. Once the raw contents are saved to disk,
forensics software can retrieve the keys from disk encryption systems
such as Vista BitLocker, Apple FileVault, TrueCrypt, dm-crypt, and
potentially a bunch of other data encryption solutions as well. Once is
key is exposed, the hard drive might as well not be encrypted at all.

The challenge we are facing here is fundamentally difficult because the
problem stems from a combination of hardware, software, and usability.
The software assumes the hardware (RAM) will lose its content as soon as
power is lost and that simply isn't the case. RAM is designed to be low
power, low latency, low cost, high density, and high throughput but
nowhere on that list is "quick to forget when powered off". Even if the
memory could be designed to rapidly expire in under a second, -150
Celsius liquid nitrogen can extend that time by orders of magnitude.

We might design encryption software to flush the key every few minutes
when not in use but that gets in to usability issues. No one wants to be
forced to pull out a USB dongle every few minutes or have to type in a
password to extract the key from the TPM. Sort of a user-friendly
transparent proximity solution where the user wears some sort of secure
wireless token that can securely hand out the encryption key whenever
needed by the push of a button do I see it practical to frequently flush
the encryption key from the encryption software. There was little
motivation to build such a system but with this latest breakthrough in
offensive capability, we might have to consider it.
Tufte CSS, upgrade jekyll, add metadata, index 2018-02-23 18:58:03 +00:00			`---`
			`created_at: '2016-06-10T03:05:12.000Z'`
			`title: Cryogenically frozen RAM bypasses disk encryption methods (2008)`
			`url: http://www.zdnet.com/article/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/`
			`author: andreyvit`
			`points: 49`
			`story_text:`
			`comment_text:`
			`num_comments: 34`
			`story_id:`
			`story_title:`
			`story_url:`
			`parent_id:`
			`created_at_i: 1465527912`
			`_tags:`
			`- story`
			`- author_andreyvit`
			`- story_11874014`
			`objectID: '11874014'`
Adds year as metadata to all stories 2018-06-08 12:05:27 +00:00			`year: 2008`
Tufte CSS, upgrade jekyll, add metadata, index 2018-02-23 18:58:03 +00:00
			`---`
New parser with newspaper + pandoc 2018-03-03 09:35:28 +00:00			`[![](http://blogs.zdnet.com/Ou/images/memorex_airduster.jpg)](http://memorex.com/html/products_detail.php?section=2&CID=9&SID=23&PID=522&FID=110&opento=9)Computer`
			`encryption technologies have all relied on one key assumption that RAM`
			`(Random Access Memory) is volatile and that all content is lost when`
			`power is lost. That key assumption is now being fundamentally challenged`
			`with a $7 can of compressed air and it's enough to give every security`
			`professional heart burn.`

			`We all had some theoretical concerns, but surely it would be too`
			`difficult to transport hot memory from one computer to another to`
			`extract its contents right? That's what we all thought until a [group of`
			`researchers from Princeton`
			`University](http://citp.princeton.edu/memory/) showed that memory wasn't`
			`as volatile as we had all assumed ([see`
			`Techmeme](http://www.techmeme.com/080221/p95#a080221p95)). As a matter`
			`of fact, memory would hold its contents for a duration of seconds or`
			`even minutes with the power cut off. If that wasn't long enough, a can`
			`of compressed air used upside down will cryogenically freeze memory and`
			`keep the data intact for several minutes to an hours. This means the`
			`ultrasensitive encryption keys used to protect data can be exposed`
			`in[![](https://zdnet4.cbsistatic.com/hub/i/r/2014/10/04/bedf805a-4b65-11e4-b6a0-d4ae52e95e57/resize/270xauto/638f24ddb077996caac7727a18c27cee/189069-525-349.jpg)](http://content.zdnet.com/2346-9595_22-189068.html?tag=gald)`
			`the clear.`

			`**Also see: [Images: How to bypass FileVault, BitLocker`
			`security](http://content.zdnet.com/2346-9595_22-189068.html?tag=gald)**`

			`Most of the time, the compressed air probably isn't even necessary but`
			`it can offer a sure way to get the job done since the RAM can be safely`
			`moved to a different computer. Once that computer boots up in to a`
			`special OS designed for RAM forensics, it is possible to dump the raw`
			`contents of memory on to storage. Even if parts of the key were lost due`
			`to power-loss decay, a simply exhaustive search should be able to`
			`recreate the key. But by freezing the memory, it's unlikely that much`
			`data would be lost in the first place.`

			`Most of the time, the compressed air probably isn't even necessary but`
			`it can offer a sure way to get the job done since the RAM can be safely`
			`moved to a different computer. Once that computer boots up in to a`
			`special OS designed for RAM forensics, it is possible to dump the raw`
			`contents of memory on to storage. Even if parts of the key were lost due`
			`to power-loss decay, a simply exhaustive search should be able to`
			`recreate the key. But by freezing the memory, it's unlikely that much`
			`data would be lost in the first place.`

			`This same attack works without the compressed air or RAM migration if`
			`the computer is configured for USB or LAN boot. You simply put in a USB`
			`dongle and boot off that dongle or you can boot off the network. Booting`
			`off the optical drive is probably just as easy and more likely to work.`
			`Then you can dump the RAW memory contents to the USB dongle or a network`
			`share. If the computer will only boot to the hard drive and the BIOS is`
			`locked from reconfiguration, then you might run in to some problems`
			`because you've already wasted a minute trying to find all this out but`
			`the freeze and memory migrate method gets around any of these boot-up`
			`limitations.`

			`If an embedded TPM is involved, a simple swapping of the hard drive will`
			`get around all these problems. Once the raw contents are saved to disk,`
			`forensics software can retrieve the keys from disk encryption systems`
			`such as Vista BitLocker, Apple FileVault, TrueCrypt, dm-crypt, and`
			`potentially a bunch of other data encryption solutions as well. Once is`
			`key is exposed, the hard drive might as well not be encrypted at all.`

			`The challenge we are facing here is fundamentally difficult because the`
			`problem stems from a combination of hardware, software, and usability.`
			`The software assumes the hardware (RAM) will lose its content as soon as`
			`power is lost and that simply isn't the case. RAM is designed to be low`
			`power, low latency, low cost, high density, and high throughput but`
			`nowhere on that list is "quick to forget when powered off". Even if the`
			`memory could be designed to rapidly expire in under a second, -150`
			`Celsius liquid nitrogen can extend that time by orders of magnitude.`

			`We might design encryption software to flush the key every few minutes`
			`when not in use but that gets in to usability issues. No one wants to be`
			`forced to pull out a USB dongle every few minutes or have to type in a`
			`password to extract the key from the TPM. Sort of a user-friendly`
			`transparent proximity solution where the user wears some sort of secure`
			`wireless token that can securely hand out the encryption key whenever`
			`needed by the push of a button do I see it practical to frequently flush`
			`the encryption key from the encryption software. There was little`
			`motivation to build such a system but with this latest breakthrough in`
			`offensive capability, we might have to consider it.`