A stick of RAM, a can of air, and wow

Researcher explains the 'cold boot' hack attack

Ever more computers are carrying ever more confidential data -- trade secrets, personal information of clients and constituents, and national security information. Encrypted hard disks requiring hardware keys or passwords are supposedly the way to keep that information safe.

But in the US, Princeton University computer security researcher Edward Felten released a study recently demonstrating that those keys are only as secure as the RAM that carries them, and that RAM is vulnerable in surprising ways. The upshot? Even turning a computer off may not be enough.

What has your study found? The implication of the paper has to do specifically with disk encryption. These are systems that try to encrypt the contents of file on hard drives of PCs so that if the computer is lost or stolen, the person who gets the computer won't be able to read all the files.

We found a method that is able to defeat all of the disk encryption systems that we've tried it on, which I think is now up to six systems roughly. And the basic reason is that all of these systems need to keep the secret encryption key somewhere, and the only place they can put it is in the RAM.

What we found, basically, is a way to get access to RAM, even if it's screen-locked.

The way we get access to RAM is by exploiting a pretty surprising property of RAM. RAM is supposed to be volatile -- when you turn off the power, it forgets the information. What we found is that information in RAM sticks around a lot longer. It sort of fades out over much longer than anybody thought.

How much longer? It actually stays around for seconds, and sometimes even minutes. We tried this on a typical desktop computer that's six or eight years old; we found that even after about 45 seconds, most of the contents of memory are still there. Newer DRAM [chips] held their information for a shorter period -- still plenty long for an attacker, but shorter.

What that means is that an attacker can just cut the power to a computer -- just unplug it, plug it back in and then reboot. After rebooting, the stuff that was in the memory before will still be there, so that the memory contents are still available to the attacker.

We discovered the trick of freezing the memory, which allows the RAM [chips] to retain their data. If we sprayed cooling spray [from an inverted can of common electronics-dusting spray], which gets to about minus 50 degrees Celsius, the retention time for ordinary DRAM would be 10 minutes or more. The cooling spray you can just spray on the chip right there in the computer -- sort of open up the machine so you see the chip, and just spray it on.

If you take the chips out and dunk them into liquid nitrogen, they last a long, long time. We don't even know how long, because we ran out of liquid nitrogen.

Is it possible to put encryption keys in some other memory location using a different technology, or in someplace dedicated to the disk subsystem? Maybe you could make a specialized chip that behaves differently. Probably what you would need is some kind of circuitry that actively erased information. I would not trust a design that sort of waited for the information to leak out. Given the effectiveness of cooling, it seems to me unlikely -- although I'm not a chip designer -- to make a chip that would have the information naturally decay fast enough while still having the chip [be] reliable enough.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Dan Rosenbaum

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?