But in reality, such extreme methods probably won't be necessary. If thieves, FBI agents, or border guards have physical access to a computer that's turned on, they have other options. In 2004, Maximillian Dornseif showed how to extract the contents of a computer's memory merely by plugging in an iPod to the Firewire port. A subsequent presentation by "Metlstorm" in 2006 expanded the Firewire attack to Windows-based systems.
Translation: If you use an encrypted file-system and want privacy and security when you're not using your computer, you need to shut down your computer and wait a few minutes for the RAM contents to vanish. Another option for sensitive files is to use an encrypted volume like a PGP disk and unmount it as soon as you're done.
That assumes PGP erases the encryption keys from memory once the volume is unmounted, which the company swears it does. "We go well beyond that," said John Dasher, PGP Corporation's director of product management, adding that PGP products take "very elaborate measures to make sure that things are properly and completely disposed of".
He downplayed the potential threat to users of PGP, which provides both whole disk encryption and volume encryption and the researchers speculate will be vulnerable as well. "We never say buy whole disk and you're done," Dasher said. "You want to protect the device. You want to protect the data itself. And of course you're not going to get rid of your network protection. Security's not about buying whole disk encryption (and calling it a day)."
In response to the overall claim about the vulnerability of encrypted file-systems, Dasher said, "Even if it's true, I don't know if it changes my behavior."
It's been known for a long time--at least since Gutmann's 1996 paper--that encryption keys are vulnerable when stored in memory. And additional research (PDF) by Adi Shamir and Nicko van Someren two years later talks about identifying encryption keys by scanning hard drives.
By demonstrating the limits of off-the-shelf encryption products, what the research published on Thursday may do is shift the debate from academic arguments to how to protect users in real-world situations. It also advances previous research by calculating how long dynamic RAM chips hold their contents at different temperatures (little decay until a few seconds elapse) and offering algorithms to reconstruct encryption keys even when the contents of memory have begun to decay.
The reconstruction technique works by taking into account what's known as a "key schedule" for algorithms such as DES and AES, the U.S. government's Advanced Encryption Standard. A key schedule is used in certain kinds of ciphers that do multiple rounds of encryption. The computer scientists said that it takes them "a few seconds" to reconstruct AES keys with 10 percent of the bits decayed; the more decay, the longer it takes.
So what are the countermeasures? As I noted above, shutting down the system, zeroing memory on boot, and unmounting encrypted volumes are some options. The paper suggests others, including limiting booting from network or removable drives, better methods of putting a computer to sleep (perhaps involving encrypting the portions of memory with the keys to the file system), recomputing keys when they're needed to avoid keeping copies in memory, and hardware changes such as tamperproof or encrypting RAM.
There is one irony here. One Princeton Ph.D. student, Joseph Calandrino, is listed as having "performed this research while under appointment to the Department of Homeland Security." Because this research lets them bypass file-system encryption in some cases, police agencies are the most obvious and immediate beneficiaries of this research.
As early as 1984, the FBI Laboratory began developing computer forensics hardware. And we know from the Scarfo, Forrester-Alba, and Boucher cases how intent federal police agencies are in trying to find ways to circumvent the privacy that encryption provides. If the feds didn't know about these techniques already--remember, they were years ahead of everyone else in inventing public key cryptography--today will be a very good day for Homeland Security.
This article was first published as a blog on CNET News.com.
Play video
There are currently no comments for this post.