103 lines
5.3 KiB
Markdown
103 lines
5.3 KiB
Markdown
---
|
|
created_at: '2016-06-10T03:05:12.000Z'
|
|
title: Cryogenically frozen RAM bypasses disk encryption methods (2008)
|
|
url: http://www.zdnet.com/article/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/
|
|
author: andreyvit
|
|
points: 49
|
|
story_text:
|
|
comment_text:
|
|
num_comments: 34
|
|
story_id:
|
|
story_title:
|
|
story_url:
|
|
parent_id:
|
|
created_at_i: 1465527912
|
|
_tags:
|
|
- story
|
|
- author_andreyvit
|
|
- story_11874014
|
|
objectID: '11874014'
|
|
year: 2008
|
|
|
|
---
|
|
[![](http://blogs.zdnet.com/Ou/images/memorex_airduster.jpg)](http://memorex.com/html/products_detail.php?section=2&CID=9&SID=23&PID=522&FID=110&opento=9)Computer
|
|
encryption technologies have all relied on one key assumption that RAM
|
|
(Random Access Memory) is volatile and that all content is lost when
|
|
power is lost. That key assumption is now being fundamentally challenged
|
|
with a $7 can of compressed air and it's enough to give every security
|
|
professional heart burn.
|
|
|
|
We all had some theoretical concerns, but surely it would be too
|
|
difficult to transport hot memory from one computer to another to
|
|
extract its contents right? That's what we all thought until a [group of
|
|
researchers from Princeton
|
|
University](http://citp.princeton.edu/memory/) showed that memory wasn't
|
|
as volatile as we had all assumed ([see
|
|
Techmeme](http://www.techmeme.com/080221/p95#a080221p95)). As a matter
|
|
of fact, memory would hold its contents for a duration of seconds or
|
|
even minutes with the power cut off. If that wasn't long enough, a can
|
|
of compressed air used upside down will cryogenically freeze memory and
|
|
keep the data intact for several minutes to an hours. This means the
|
|
ultrasensitive encryption keys used to protect data can be exposed
|
|
in**[![](https://zdnet4.cbsistatic.com/hub/i/r/2014/10/04/bedf805a-4b65-11e4-b6a0-d4ae52e95e57/resize/270xauto/638f24ddb077996caac7727a18c27cee/189069-525-349.jpg)](http://content.zdnet.com/2346-9595_22-189068.html?tag=gald)**
|
|
the clear.
|
|
|
|
**Also see: [Images: How to bypass FileVault, BitLocker
|
|
security](http://content.zdnet.com/2346-9595_22-189068.html?tag=gald)**
|
|
|
|
Most of the time, the compressed air probably isn't even necessary but
|
|
it can offer a sure way to get the job done since the RAM can be safely
|
|
moved to a different computer. Once that computer boots up in to a
|
|
special OS designed for RAM forensics, it is possible to dump the raw
|
|
contents of memory on to storage. Even if parts of the key were lost due
|
|
to power-loss decay, a simply exhaustive search should be able to
|
|
recreate the key. But by freezing the memory, it's unlikely that much
|
|
data would be lost in the first place.
|
|
|
|
Most of the time, the compressed air probably isn't even necessary but
|
|
it can offer a sure way to get the job done since the RAM can be safely
|
|
moved to a different computer. Once that computer boots up in to a
|
|
special OS designed for RAM forensics, it is possible to dump the raw
|
|
contents of memory on to storage. Even if parts of the key were lost due
|
|
to power-loss decay, a simply exhaustive search should be able to
|
|
recreate the key. But by freezing the memory, it's unlikely that much
|
|
data would be lost in the first place.
|
|
|
|
This same attack works without the compressed air or RAM migration if
|
|
the computer is configured for USB or LAN boot. You simply put in a USB
|
|
dongle and boot off that dongle or you can boot off the network. Booting
|
|
off the optical drive is probably just as easy and more likely to work.
|
|
Then you can dump the RAW memory contents to the USB dongle or a network
|
|
share. If the computer will only boot to the hard drive and the BIOS is
|
|
locked from reconfiguration, then you might run in to some problems
|
|
because you've already wasted a minute trying to find all this out but
|
|
the freeze and memory migrate method gets around any of these boot-up
|
|
limitations.
|
|
|
|
If an embedded TPM is involved, a simple swapping of the hard drive will
|
|
get around all these problems. Once the raw contents are saved to disk,
|
|
forensics software can retrieve the keys from disk encryption systems
|
|
such as Vista BitLocker, Apple FileVault, TrueCrypt, dm-crypt, and
|
|
potentially a bunch of other data encryption solutions as well. Once is
|
|
key is exposed, the hard drive might as well not be encrypted at all.
|
|
|
|
The challenge we are facing here is fundamentally difficult because the
|
|
problem stems from a combination of hardware, software, and usability.
|
|
The software assumes the hardware (RAM) will lose its content as soon as
|
|
power is lost and that simply isn't the case. RAM is designed to be low
|
|
power, low latency, low cost, high density, and high throughput but
|
|
nowhere on that list is "quick to forget when powered off". Even if the
|
|
memory could be designed to rapidly expire in under a second, -150
|
|
Celsius liquid nitrogen can extend that time by orders of magnitude.
|
|
|
|
We might design encryption software to flush the key every few minutes
|
|
when not in use but that gets in to usability issues. No one wants to be
|
|
forced to pull out a USB dongle every few minutes or have to type in a
|
|
password to extract the key from the TPM. Sort of a user-friendly
|
|
transparent proximity solution where the user wears some sort of secure
|
|
wireless token that can securely hand out the encryption key whenever
|
|
needed by the push of a button do I see it practical to frequently flush
|
|
the encryption key from the encryption software. There was little
|
|
motivation to build such a system but with this latest breakthrough in
|
|
offensive capability, we might have to consider it.
|