Posted on 02/22/2008 8:20:54 AM PST by ShadowAce
The disk encryption technology used to secure the data in your Windows, Apple and Linux laptops can be easily circumvented, according to new research out of Princeton University.
The flaw in this approach, the researchers say, is that data previously thought to disappear immediately from dynamic RAM (DRAM) actually takes its time to dissolve, leaving the data on the computer vulnerable to thievery regardless of whether the laptop is on or off. That's because the disk encryption key, unlocked via a password when you log on to your computer, then is held in DRAM. If a thief can get a hold of the key, he can then get into the disk.
"We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux," writes Ed Felten, a Princeton professor, on his blog, Freedom to Tinker.
The researchers, which also included participants from the Electronic Frontier Foundation and Wind River Systems, have created a captivating video demonstrating a process (one using a program dubbed "Bit-unLocker") that can be used to snatch the data. In the video, the narrator explains that it takes seconds for data to fade and that the process can be slowed by cooling the memory chips (they chill the memory chips to around -58 F with a liquid spray and remove them without affecting the contents). The chips can even be switched to a different computer to read them. Liquid nitrogen can be used to cool the chips for hours, the researchers say.
"This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM," Felten writes.
Felten adds that even using Trusted Computing hardware doesn't help.
(A presentation from a pair of security researchers scheduled for Black Hat USA last summer that promised to undermine chip-based desktop and laptop security was suddenly withdrawn without explanation. The briefing promised to show how computer security based on trusted platform module hardware could be circumvented.)
The Princeton findings prompted Steven Sprague, CEO of Wave Systems, which makes management software for hardware security devices, to point out that such attacks on laptops would be preventable via hardware-based encryption offerings.
"The advantage of hardware-based encryption is that all the encryption, key management and access control all happen inside the chip so there is no software risk to reverse engineer the encryption silicon," Sprague said. The encryption key never leaves the hardware-based encryption disk in this case, he said.
Members of the Dataloss@attrition.org mailing list, which daily documents data breaches, buzzed about the findings, with some suggesting the research shows the need for multifactor authentication or partial keys stored in separate places.
U.S. states have enacted a series of tough data disclosure laws over the past five years which force companies to notify residents whenever they lose sensitive information. Under these laws, a missing laptop can cost a company millions of dollars as well as public embarrassment as it is forced to track down and notify those whose data was lost.
However, many state laws, such as California's SB 1386 make an exception for encrypted PCs. So if a company or government agency loses an encrypted laptop containing sensitive data, they are not compelled to notify those affected.
The team's research may spur legislators to rethink that approach, according to Alex Halderman, a Princeton graduate student who worked on the paper. "Maybe that law is placing too much faith in disk encryption technologies," he said. "It may be that we're not hearing about thefts of encrypted machines where that data could still be at risk."
A local Mac guy also pointed out that he’s seen customers who have lost their files by using file vault. So I stopped using it. Good idea?
The only ones I've heard of who lost their files were those who forgot their password... if they can't remember the password, they are NOT getting their files back.
From here:
Laptops are particularly vulnerable to this attack, especially when they are turned on but locked, or in a "sleep" or "hibernation" mode entered when the laptop's cover is shut.Plenty of laptop users use hibernation.
That makes sense. Another mystery to me is the key chain. I have no idea what it is and how it works so I never use it and hope I never have to!
Felten’s good at finding vulnerabilities. Still, this is a pretty esoteric hack.
And thus a new occupation is born, the “Field Data Recovery Specialist.” Armed with his power screwdriver, cans of compressed air looped onto his belt, battery-powered “memory preserver” in his backpack, when the cops break down the doors the intrepid FDRS follows close behind.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.