Keep Your Encrypted Data Encrypted

New research shows how your laptop's sleep and hibernation modes can leave your encryption keys, and thus your encrypted data, exposed.

Renee Munshi

March 5, 2008

3 Min Read
ITPro Today logo

Watch out for those cans of compressed air. You might have thought they were an innocent way to clean the crumbs out of your keyboard, but in reality, they're a hacker tool that could help someone get the keys to your encrypted data!

This is one of those computer security stories that seems to have captured the general public's attention, and it's been covered by news organizations as diverse as The New York Times, Fox News, and Computerworld. To summarize: When the keys used to encrypt a computer's hard disk are stored in the memory of that computer, the keys can be retained in the memory when the computer goes into sleep or hibernate mode and even briefly (a few seconds or minutes) after you shut the computer off. Eight researches from Princeton University, the Electronic Frontier Foundation, and Wind River Systems found that they could keep the keys around longer—up to an hour, in some cases—when they froze the memory chip by spraying it with compressed air or by other means. This extra time gave the researches the minutes they needed to use other tools to capture the keys from the memory and then crack the disk encryption. The researchers were successful in hacking Windows Vista's BitLocker, Mac OS X's FileVault, Linux dm-crypt, and TrueCrypt. They reported their findings in the paper "Lest We Remember: Cold Boot Attacks on Encryption Keys" and kicked off a discussion in "Cold Boot Attacks: Vulnerable While Sleeping" (February 26) and "New Research Result: Cold Boot Attacks on Disk Encryption" (February 21) on the Freedom to Tinker blog. News organizations picked up the story from there.

In "Disk encryption: Balancing security, usability and risk assessment" on MSDN's Windows Vista Security blog, Russ Humphries responded to the researchers' findings by mentioning a few techniques administrators and users can employ to address the disk encryption vulnerability and pointing to more best practice guidance for using BitLocker in "Data Encryption Toolkit for Mobile PCs".

The simplest measure to take to protect the encrypted data on your laptop might be to turn the system off when you aren't using it—and make sure it's completely off. Don't expect sleep or hibernate mode to protect your encryption keys. Another lesson, which I'm sure most of us have already learned, is that someone will always poke holes in each new security technology. Security vendors, security administrators, and users not only need to be vigilant about using the latest technologies that they can afford and that make sense for their situation but also about using good common sense to keep data safe. And by good common sense, I mean keeping physical control over your laptop, and avoiding people who are waving cans of compressed air at your system!

For general information about BitLocker, go to:

Vista's BitLocker Drive Encryption

Access Denied: Comparing BitLocker with EFS

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like