Share
A team of researchers from Princeton University have proved that with physical access, secure encryption on a computers hard drive could be a moot point. The team included the Electronic Frontier Foundation (EFF), Princeton University, and other independent researchers. Their findings show a security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.
A team of researchers from Princeton University have proved that with physical access, secure encryption on a computers hard drive could be a moot point. Their findings show a security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.
The flaw starts with a simple, relatively unknown truth. Once a computer is powered down, or left in a hibernated state, the DRAM does not automatically erase itself contrary to popular belief.
“Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system,” the researchers say. This means the Key, what is needed to decrypt the data, is stored in memory.
The researchers cracked several widely used disk encryption technologies, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt. These secure disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. The researchers proved that with physical access to the computer, the protection offered by disk encryption could be broken.
"People trust encryption to protect sensitive data when their computer is out of their immediate control," said EFF Staff Technologist Seth Schoen, a member of the research team. "But this new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker."
The research, posted Friday with a supporting video, shows clear thought and insight. It proves something that was always thought possible, and proves what many thought for years about data forensics, that physical access means complete ownership.
"These types of attacks were often thought to be in the realm of the NSA," said Jacob Appelbaum, an independent computer security researcher and member of the research team. "But we discovered that on most computers, even without power applied for several seconds, data stored in RAM seemed to remain when power was reapplied, We then wrote programs to collect the contents of memory after the computers were rebooted."
"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said J. Alex Halderman, a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."
Again, the issue is a serious one; it is also an issue that was suspected for some time; if an attacker can touch the computer, nothing on it is safe. The interesting spin on this story is the research. They wrote their own tools, and proved something that was often scoffed at and called a myth. If you are interested in this area of security, the research papers are a great read.
http://www.freedom-to-tinker.com/?p=1257
YouTube Video:http://www.youtube.com/watch?v=JDaicPIgn9U
Clear up FUD, and get some basic questions answered:http://citp.princeton.edu/memory/faq/
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story