Click here to receive your FREE subscription to Education Channel Partner

Research Has Chilling Effect on Hard Drive Encryption

3/14/2008

Back in the 1970s when I was teaching digital logic courses, it was conventional wisdom that Dynamic Random Access Memory (DRAM) memory chips would immediately lose data when the power was turned off. But a group of researchers at Princeton have demonstrated that the data in DRAMs, which are used in most personal computers and which temporarily hold a PC's encryption keys, will persist and remain readable after power has been turned off for several seconds to minutes at room temperature and much longer if the chip is cooled.

What that means to us road warriors is that just encrypting data on our laptop's hard drive may not be enough to protect that data if the machine is lost or stolen. And remember Adam Dodge notes in his Educational Security Incidents 2007 report that there were 52 incidents affecting 295,300 records involving the loss or theft of physical media such as drives and laptops. Even office-based machines that are physically accessible are vulnerable. So much for the advice "encrypt your data" that folks like me have been giving users for years.

The Princeton Findings
First, the Princeton group measured how quickly DRAM memory faded when power was cut off at a variety of temperatures. (While solid-state researchers have known the DRAM remembrance problem for some time, the Princeton group was the first to conduct systematic experiments showing how the phenomenon could be exploited to compromise data.) They observed that at normal operating temperatures there was a low rate of bit corruption for several seconds, followed by a period of rapid decay. They also found, as expected, that the memory decay rate decreased rapidly as the temperature decreased. Using the simple cooling technique of spraying an inverted can of "canned air" on the chips resulted in less than 1 percent of the bits decaying after 10 minutes without power. When the DRAM chips were cooled to liquid nitrogen temperatures, the Princeton group observed decay rates of 0.17 percent after 60 minutes without power.

They then successfully demonstrated three attacks that exploited the DRAM remanence:

  • Reboot the machine and launch a custom kernel that gives the attacker access to the retained memory;
  • Briefly cut and restore power to the machine and then boot from a custom kernel, which keeps the operating system from scrubbing memory before shutdown; and
  • Cutting power and transplanting the DRAM modules to a second PC prepared by the attacker.

Since if the power to the DRAM memory is cut for too long the data will be corrupted, the Princeton group then investigated three strategies for reducing corruption:

  • Cooling the memory chips prior to cutting power;
  • Applying algorithms for correcting errors in private and symmetric key; and
  • Modeling the physical conditions under which the data on chips was recovered as well as the decay properties of the chips to improve the error correcting algorithms.

The error correction algorithms they developed were able to reconstruct cryptographic keys even with relatively high bit-error rates using other recovered data such as key schedules. Using these algorithms they were able to reconstruct 128-bit AES keys with 10 percent of the bits decayed.