Researchers exploit persistent memory in DRAM to recover crypto keys
- By William Jackson
- Feb 27, 2008
Chilling your computer's dynamic random access memory chips keeps their memory fresher longer ' and also might expose sensitive information even after the computer has been powered down.
The memory in DRAM chips is not quite as dynamic as often thought, and a team of researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems, with support from the Homeland Security Department, have developed exploits to recover data from chips.
'Most experts assume that a computer's memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialized equipment,' the researchers write in their report, titled 'Lest We Remember: Cold Boot Attacks on Encryption Keys.' 'We show that these assumptions are incorrect. Ordinary DRAMs typically lose their contents gradually over a period of seconds, even at standard operating temperatures and even if the chips are removed from the motherboard, and data will persist for minutes or even hours if the chips are kept at low temperatures.'
The paper is available online here
By chilling chips to prolong memory and using algorithms to recognize and recover cryptographic keys, researchers were able to defeat several disk encryption systems, including BitLocker, TrueCrypt and FileVault.
This does not mean that encryption is no longer a good security tool, researchers at the National Institute of Standards and Technology say.
'You can't say this is an impractical attack; it can be done,' said Bill Burr, manager of the security technology group in NIST's IT Lab. 'On the other hand, it is not anything to panic about.'
Although the attack does not require special hardware, it does require access to a powered-up computer and some specialized knowledge. Against the casual computer thief, 'what we have now will probably protect you pretty well,' Burr said. 'But if a knowledgeable adversary is targeting you, it's harder to protect yourself than we thought.'
The researchers built on the known fact that system memory persists for a matter of seconds after power is removed from the DRAM. 'In most cases, we observed that almost all bits decayed at predictable times and to predictable 'ground states' rather than to random values,' they wrote. 'We also confirmed that decay rates vary dramatically with temperature.'
Discharging a 'canned air' duster directly onto the chip lowered the temperature to -50 degrees Celsuis. 'At these temperatures, we typically found that fewer than one percent of bits decayed even after 10 minutes without power. To test the limits of this effect, we submerged DRAM modules in liquid nitrogen (ca. -196 C) and saw decay of only 0.17 percent after 60 minutes out of the computer.'
Using algorithms, researchers were able to reconstruct 128-bit Advanced Encryption Standard keys on which 10 percent of the bits had decayed in a matter of seconds. They also developed reconstruction techniques for Data Encryption Standard and RSA keys.
The trick is not new, said NIST researcher Murugiah Souppaya.
'In the forensics community, the techniques have been used for a while,' he said.
The Trusted Computing Group developed the Trusted Platform Module, a chip that protects encryption keys at rest and is used with applications such as BitLocker. The group points out that the attack does not target TPM; it targets system memory after keys have been passed to the operating system.
TCG and NIST point out that although DRAM memory does not disappear immediately when powered down, it does decay quickly under normal conditions. These new attacks can be prevented by turning a computer off or putting it in hibernation mode before leaving it unattended, and staying with it for a few seconds.
William Jackson is a Maryland-based freelance writer.