Friday, February 22, 2008

Cold Boot Attacks on Encryption Keys

Already generating some discussion in the forums and elsewhere on the web is the recently released paper "Lest We Remember: Cold Boot Attacks on Encryption Keys" from researchers at Princeton University. The researchers' main finding is that data remains in DRAM for longer than generally expected. Furthermore, this period can be extended significantly by cooling the memory chips in question (a somewhat unsophisticated but effective methodology of achieving this cooling effect being the use of an inverted "canned air" canister!)

In addition to the paper, there is also a YouTube video:

In terms of the underlying principles involved, there's nothing particularly new here. Data retention in memory has been known about and discussed for a number of years. The paper is interesting, perhaps even important, for a number of reasons though. Firstly, the extent to which data remains available and the ease with which the window of recovery can be extended will be surprising to many. Secondly, in addition to the main finding the paper also discusses techniques used to reconstruct data where some amount of decay has occurred - potentially crucial in the recovery of encryption keys. Thirdly, it addresses one of the key challenges facing forensic examiners as the use of BitLocker and products such as TrueCrypt continues to grow.

As many commentators have already mentioned on news sites or blogs (including the researchers' own blog) the threats to security or opportunities for forensic analysis are highly dependent on a variety of factors - the state of a machine, the particular implementation of BitLocker in use, the speed with which cooling can be applied etc. In the real world, this would seem to represent a fairly limited threat to anyone who has had their laptop stolen by an opportunist thief, although situations where a device has been specifically targeted for the data it may contain are a different matter. I think it's much more interesting to consider the forensic possibilities and implications. How long will it be before this type of consideration becomes an integral part of our thought processes when preparing to seize a suspect device? What effect will existing legislation have on your actions? Why didn't I invent this technique when I cleaned my keyboard after having that sandwich for lunch?

Food for thought indeed...


Anonymous said...

This is actually very interesting to watch. It bascily goes contrary to what my formal (college) education is teaching, that being RAM losses it's contents when the power is shut off. It also affirms what I've always been taught, that if the "hacker" has physical access to your box, they own it.

Benjamin Wright said...

Jamie: This cold boot attack is one reason I argue legislatures should not mandate encryption as a security measure. Encryption is not data security per se. It is a tool that can be used to enhance security. Sometimes you should use the tool; sometimes you should use other tools. A legislature is unwise to require a specific technology like "encryption." --Ben