Battleangel

Being a fan of disk encryption, the report coming out of Princeton University is somewhat disconcerting. Granted the attacker must be relatively knowledgeable, have access to special software that afaik isn’t widely available yet and realize early on that the system is in fact encrypted (before letting the RAM circuits be wiped or overwritten). Imagine for instance the police confiscating your computer, pulling the plug and lugging it off to their secret computer lair or whatever. In that case, the memory is going to be wiped within a minute or so. But for around-the-clock protection even when you’re not around to pull the plug, the will be something to think about. Especially for those that always leave the computer casually in STR(S3) (suspend to RAM) or Laptop users.

The conclusion from their report:

Contrary to popular belief, DRAMs hold their values for surprisingly long intervals without power or refresh. Our experiments show that this fact enables a variety of security attacks that can extract sensitive information such as cryptographic keys from memory, despite the operating system’s best efforts to protect memory contents. The attacks we describe are practical—for example, we have used them to defeat several popular disk encryption systems.

Other types of software may be similarly vulnerable. DRM systems often rely on symmetric keys stored in memory, which may be recoverable using the techniques outlined in our paper. As we have shown, SSL-enabled web servers are vulnerable, since they often keep in memory private keys needed to establish SSL sessions. Furthermore, methods similar to our key-?nder would likely be effective for locating passwords, account numbers, or other sensitive data in memory.

There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed. Ultimately, it might become necessary to treat DRAM as untrusted, and to avoid storing sensitive con?dential data there, but this will not be feasible until architectures are changed to give software a safe place to keep its keys.