"Hard" encryption keys, TPM thwart "cold boot" theft: Experts
In the wake of a Princeton research team's surprising announcement of a simple method for stealing encrypted data from DRAM chips on PCs – even after the unit's power has been shut off – security experts told SCMagazineUS.com on Friday that the tools to thwart these thefts already are available.
A team headed by Edward Felten, a professor in Princeton's Center for Information Technology, posted a paper on the center's website on Thursday which revealed that the team had succeeded in decrypting and reading all of the data stored on a DRAM chip that had been removed from a PC after its power was turned off.
DRAM (dynamic random access memory) chips, which temporarily hold a PC's data – including encryption key algorithms – were found by the Princeton team to retain their data for a brief period after power to the PC is cut off.
If the DRAM chip is removed from the PC and quickly chilled or frozen, all of this data will remain in place long enough for thieves to transfer the chip to another machine. Pattern-recognition software can then be used to locate and overcome encryption keys, enabling the attackers to read all of the data on the chip.
According to the Princeton research paper, a blast of chilled air from a can of dust remover can be sufficient to extend the time the stored data remains on the chip. Use of liquid nitrogen to freeze the chip will extend this vulnerability for hours, the team reported. The research team said it was able to compromise encrypted information stored in utilities in Windows, Macintosh and Linux operating systems using this method.
Despite the “chilling” announcement from Princeton – which overturned the conventional wisdom that all data held on DRAM chips disappears when a PC is turned off – encryption experts said that holding encryption keys in hardware rather than software and full deployment of Trusted Platform Module (TPM) authentication specification should erect a sufficient barrier to the new threat.
“Lots of secrets are held by operating systems in software, and software isn't a good place to hide secrets," Steven Sprague, chief executive officer of data security specialists Wave Systems, told SCMagazineUS.com on Friday. "What is needed is [an encryption] key held in hardware and the ability to use that key also processed in hardware."
According to Sprague, major hard drive makers, like Seagate and Intel, already have moved tools to encrypt data and encryption keys for those tools onto drive controllers in their new offerings – Seagate has installed it on laptop and desktop drives – and “encryption in hardware” drives now are being specified in new PCs being sold by major producers.
In addition to switching to PCs with encrypting hard drives, Sprague said it is essential that all authentication keys – including VPN keys, Wi-Fi keys, and Windows logon keys – be administered by the TPM that is installed on most PCs now in use, but often has not been activated.
“TPM [chips] are in 150 million PCs out there already,” he said. “Turn it on. TPM does an excellent job of hardware-based authentication. If you use the TPM for authentification, it never gives up its secret key, so this [type of attack] would not work.”
“Most enterprise PCs purchased in the past couple of years have a TPM chip in them," Sprague added. "Tomorrow morning, these chips could secure wireless and VPN with keys protected by hardware. People just have to learn how to use them."
However, in an email response to SCMagazineUS.com on Friday, Felten noted that the Princeton team was able to defeat Microsoft's BitLocker encryption despite its use of TPM. "TPMs don't seem to help, as we discussed in our paper," he said.
BitLocker has an optional feature which permits use of a hardware key or token that contains an additional encryption key string. However, Felten pointed out that "once the user inserts the token, the encryption key is put in memory and becomes vulnerable."
Richard Moulds, an encryption expert at nCipher, also injected a note of caution regarding a reliance on TPM authentication as a potential solution to the “cold boot” threat.
“It also is necessary to raise the bar on how management of authentication is being handled. If this management is weak, TPM will service a poorly authorized request,” he told SCMagazineUS.com, adding that properly activating TPM chips in PCs is not a simple process.
Felten told SCMagazineUS.com that it is not feasible for DRAM chip makers to create chips that instantly discharge data when power is cut off. "DRAMs need to be highly reliable in normal use. DRAMs that discharge too quickly will tend to be less reliable," he said.
Not only criminals may have interest in the "cold boot" technique for grabbing data from PCs -- it also may provide a convenient way for law enforcement to "search" a suspect's laptop in situations in which the suspect refuses to divulge a password to authorities for a confiscated computer.
"Law enforcement may use this method," Felten told SCMagazineUS.com. "There are some anecdotal reports that they may have been using it already in some cases."