Click here to receive your FREE subscription to Campus Technology
Opinion
Research Has Chilling Effect on Hard Drive Encryption
3/14/2008
Back in the 1970s when I was teaching digital logic courses, it was conventional wisdom that Dynamic Random Access Memory (DRAM) memory chips would immediately lose data when the power was turned off. But a group of researchers at Princeton have demonstrated that the data in DRAMs, which are used in most personal computers and which temporarily hold a PC's encryption keys, will persist and remain readable after power has been turned off for several seconds to minutes at room temperature and much longer if the chip is cooled.
What that means to us road warriors is that just encrypting data on our laptop's hard drive may not be enough to protect that data if the machine is lost or stolen. And remember Adam Dodge notes in his Educational Security Incidents 2007 report that there were 52 incidents affecting 295,300 records involving the loss or theft of physical media such as drives and laptops. Even office-based machines that are physically accessible are vulnerable. So much for the advice "encrypt your data" that folks like me have been giving users for years.
The Princeton Findings
First, the Princeton group measured how quickly DRAM memory faded when power was cut off at a variety of temperatures. (While solid-state researchers have known the DRAM remembrance problem for some time, the Princeton group was the first to conduct systematic experiments showing how the phenomenon could be exploited to compromise data.) They observed that at normal operating temperatures there was a low rate of bit corruption for several seconds, followed by a period of rapid decay. They also found, as expected, that the memory decay rate decreased rapidly as the temperature decreased. Using the simple cooling technique of spraying an inverted can of "canned air" on the chips resulted in less than 1 percent of the bits decaying after 10 minutes without power. When the DRAM chips were cooled to liquid nitrogen temperatures, the Princeton group observed decay rates of 0.17 percent after 60 minutes without power.
They then successfully demonstrated three attacks that exploited the DRAM remanence:
- Reboot the machine and launch a custom kernel that gives the attacker access to the retained memory;
- Briefly cut and restore power to the machine and then boot from a custom kernel, which keeps the operating system from scrubbing memory before shutdown; and
- Cutting power and transplanting the DRAM modules to a second PC prepared by the attacker.
Since if the power to the DRAM memory is cut for too long the data will be corrupted, the Princeton group then investigated three strategies for reducing corruption:
- Cooling the memory chips prior to cutting power;
- Applying algorithms for correcting errors in private and symmetric key; and
- Modeling the physical conditions under which the data on chips was recovered as well as the decay properties of the chips to improve the error correcting algorithms.
The error correction algorithms they developed were able to reconstruct cryptographic keys even with relatively high bit-error rates using other recovered data such as key schedules. Using these algorithms they were able to reconstruct 128-bit AES keys with 10 percent of the bits decayed.
Recommended Reading
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
- Data Breach Strikes U North Dakota Alumni Association
The alumni association for the University of North Dakota has gone public with a data breach that occurred when a laptop belonging to a software vendor was stolen from a vehicle. The computer contained the names of 84,000 university alumni, donors, and others, according to coverage by the Grand Forks Herald.
- Tips for Selecting a Campus CRM tool
As competition for students increases, colleges and universities are looking more and more to customer (or constituent) relationship management software for help in remaining competitive.
- Intercast Networks Goes into Beta with Kazam Video Service at Internet2 Universities
Intercast Networks has redesigned Kazam, its student Internet TV and video service based on the company's VideoXpress platform. Following a spring semester alpha trial at Columbia and Purdue University, the company redesigned Kazam's interface based on student feedback and added additional content that caters to a student audience.
- Michigan State Managing MRI Images from Africa with Acuo Tech DICOM Services Grid
Doctors at Michigan State University have begun using the Digital Imaging and Communications in Medicine (DICOM) Services Grid from Acuo Technologies to transport and manage magnetic resonance imaging (MRI) results from a hospital in Malawi, Africa in order to monitor the impact of malaria on children.
- IIT Delhi Delivers Services with Ingres Open Source
Administrators at the Indian Institute of Technology Delhi (IIT Delhi) have gone public with their installation of open source database management software from Ingres. IIT Delhi, one of seven leading institutes of technology in India, adopted Ingres Database to support administration functions such as grading, finance, human resources, procurement, and hospital administration.
