A new study suggests that dynamic memory on computers stores encrypted, secure data longer than originally thought.
The research project — conducted by eight researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems — focused on retrieving encrypted data from dynamic random access memory (DRAM), which temporarily stores information and processes until it is rebooted, regardless of the operating system running the computer. That memory flaw exposes all of the encrypted data on a computer to potential hackers.
Many experts believe that the information is erased within seconds of the power supply being cut; however, the new study presents several methods for retrieving decrypted information from the DRAM. The researchers focused on three methods: cooling the computer chips’ temperature, accessing stored memory images and using error corrections to decipher encrypted keys.
“We present a suite of attacks that exploit DRAM remanence effects to recover cryptographic keys held in memory,” write the authors. “They pose a particular threat to laptop users who rely on disk encryption products, since an adversary who steals a laptop while an encrypted disk is mounted could employ our attacks to access the contents, even if the computer is screen-locked or suspended.”
The DRAM stores data on a leaky capacitor, which is stored as a zero or one, Doug Finke, director of product marketing at Santa Ana, Calif.-based STEC, a memory design and manufacturing company, told TechNewsWorld. The electronic charge, though, must be continually refreshed so the data isn’t lost during the leaking process.
While a variety of data can be stored on DRAM, the research focused on the dynamic memory because that’s where much of the encrypted and secure data is stored, primarily because it is erased when the power is removed from the system.
However, the findings suggest that the data doesn’t get erased as quickly as originally thought.
Finding the Weakness
Princeton Professor Ed Felton, one of the researchers on the project, has a long history working with encryption and security. He gained prominence testifying against Microsoft during its antitrust trial, demonstrating a tool that deactivated Internet Explorer without disrupting normal Windows functions; he and his students successfully defeated the music industry’s watermarking technologies during the Secure Digital Music Initiative (SDMI) test; and he successfully defeated the security technologies on the Diebold electronic voting machines.
The DRAM research findings illustrate how easily someone with access to a computer can retrieve almost any information, Felton told TechNewsWorld.
Here’s how one attack works: If someone has access to a computer, even if it’s in hibernation mode, the person can unplug the battery, slip in a USB drive, reinstall the power supply and launch the software. The attack software then identifies where the encryption keys are located in the DRAM and reconstructs the keys. Once that is completed, all the encrypted files are available for the hacker.
Another uses liquid nitrogen or the compressed air in a keyboard cleaner to freeze the chip, preserving the data stored there for a short time.
Despite the success of the hacks, most attacks don’t take place in the physical presence of a machine, so the practical applications for the research may be few.
“This security issue would require someone to have physical access to the computer and be able to take it apart,” said Finke. “I suppose someone could break into my office to gain access my computer. But if that happens, he could just as easily riffle through my paper files to look at confidential information.”
However, Felton said the research was less about practical applications and more about educating people about data security.
“We won’t get to a completely secure environment any time soon,” he noted. “What is more realistic is for people to understand how much protection they have, and act accordingly.”