New Method of Attacking Disk Encryption

So you've got that spiffy new Windows Vista system built, complete with BitLocker encryption, which you hope is going to keep your data out of the hands of folks with prying eyes. And you've also got your Mac OS X systems all locked down with FileVault, and your Linux systems are tightly secured with dm-crypt. Do you think your data is safe and secure? Maybe that's not such a good assumption, and here's why....

A team of eight researchers from Princeton University, Electronic Frontier Foundation, and Wind River Systems recently released a new white paper that explains in detail how they were able to defeat all of the disk encryption systems that I just mentioned. The technique to defeat such encryption centers around two important facts: Encryption keys are often stored in memory, and memory doesn't necessarily lose its contents immediately when a system is powered off. Because of those two facts a serious weakness exists that can be readily exploited to gain access to the encryption keys, and thus your data. 

Normally, unpowered DRAM memory chips lose their contents after a several seconds. But if those chips can be kept very cool, then they might retain their contents for up to an hour or more. That gives someone plenty of time to read the memory in the chips and recover encryption keys.

But wait, maybe you've got Trusted Platform Module (TPM) chips in your systems. The chips assist cryptographic software, which can use TPM to generate and control access to encryption keys. BitLocker can use TPM if it's present, and as it turns out your systems can be even more vulnerable due to TPM! According to the white paper, "TPM sometimes makes \[a system\] less secure, allowing an attacker to gain access to the data even if the machine is stolen while it is completely powered off."

What does all this mean for the security of your data? The obvious answer is that even with strong encryption in use, your data is safe only in direct proportion to the level of physical security that you can provide. And, if someone gets their hands on one of your systems while it's still powered up-–even if you're logged out, or have locked the desktop via screensaver or other similar methods-–then your data might be available to the thief.  Furthermore, even if you put the system into hibernation mode, or suspend the OS to disk, then your data might still be vulnerable. It's as simple (and devastating) as that.

One of the eight researchers, Ed Felton, explained the risk like this: "This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM. This was thought to be safe because the operating system would keep any malicious programs from accessing the keys in memory, and there was no way to get rid of the operating system without cutting power to the machine, which 'everybody knew' would cause the keys to be erased."

So much for wishful thinking, eh? This attack vector isn't just some new fuzzy theory. This is a clear real-world possibility, and the team backs up their research with five sets of code that demonstrate how to get your hands on encryption keys present in DRAM. You and anybody else can get a copy of that code and test recovery methods if you want to. The code is available along with the white paper, guides, and videos at the URL below.

http://citp.princeton.edu/memory

If you're serious about using the best disk encryption available, then consider using a disk drive or disk controller that can encrypt the data without ever moving encryption keys outside of the disk or controller's logic circuits. Seagate and Fujitsu are two vendors I am aware of who provide that type of hardware for desktops, servers, and laptops. Check into Seagate's Momentus drives for desktops and servers and their Cheetah drives for laptops. Also check into Fujitsu's MHZ2 CJ series of drives for laptops.