Ben Cantrick (mackys) wrote,
Ben Cantrick

  • Music:

Cracking whole-disk crypto by recovering keys from DRAM - after the computer has been turned off!

The root of the problem lies in an unexpected property of today’s DRAM memories. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system. Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of "canned air" dusting spray on them, the chips will retain their contents for much longer. At these temperatures (around -50 °C) you can remove the chips from the computer and let them sit on the table for ten minutes or more, without appreciable loss of data. Then put the chips back into another machine and you can read out their contents.

This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM. This was thought to be safe because the operating system would keep any malicious programs from accessing the keys in memory, and there was no way to get rid of the operating system without cutting power to the machine, which "everybody knew" would cause the keys to be erased.

An interesting attack. Who knew DRAM could retain significant information after the computer was turned off?

I can think of a defense that will make this attack much harder. When the computer goes to shutdown, the encryption program commits everything to disk and then over-writes its own memory, including the encryption key(s), with random bits. Now you can dump the DRAM all day and it won't do you any good. You can still defeat this defense by taking a pair of snippers to the power cord, or in the case of a laptop by yanking the battery. The machine will go down without a proper shutdown procedure, and the contents of the DRAM will be (briefly) preserved.

I think it's generally accepted in the computer security community that if an attacker has direct physical access to the hardware, there's pretty much no software defense that will reliably keep them out. This looks like another example of that principle at work.
Tags: metafilter, security
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.