Technorati Tag: Encryption
Originally I was not going to write about this because it is not a breach (incident), but...
Yesterday, researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems released an eye-opening report labeled "Lest We Remember: Cold Boot Attacks on Encryption Keys" in which they "present a suite of attacks that exploit DRAM remanence [sic] effects to recover cryptographic keys held in memory".
OK. What does this mean to the non-geek? It means that there are now successful attacks against many encryption implementations, including those most commonly used on mobile devices (laptop, thumb drive, etc.). Here at The Breach Blog I have advocated the use of hard drive encryption in many posts and pointed out the fact that storing confidential information on unencrypted laptops is bad security and poor business. So, what does this all mean?
From Princeton University's Center for Information Technology Policy FAQs:
Q. What encryption software is vulnerable to these attacks?
A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable.
Q. What can users do to protect themselves?
A. The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers’ physical security could be compromised. On most systems, locking the screen or switching to “suspend” or “hibernate” mode does not provide adequate protection. (Exceptions exist; some systems may not be protected even when powered off. Check with the developer of your disk encryption software for further guidance.)
Q. Isn’t your attack difficult to carry out? Don’t you need materials like liquid nitrogen?
A. We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.
And from "Lest We Remember: Cold Boot Attacks on Encryption Keys" Conclusion:
"There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed."
[Evan] Well, if this ain't a shot to the gut! On the surface I am miffed by research that leaves me wondering what in the world am I supposed to do now? When I think about it more, I am extremely grateful for the work these people do and I'm not really surprised by the findings. People that have been in the information security field for a while, understand some of the concepts that (we think) make us effective in what we do. Nobody can rightfully claim that full disk encryption or any other single technology is the one that protects against everything. We are never 100% secure will all technologies, let alone one. Security is a holistic discipline that is about defense in depth, continual analysis and improvement, systems and backup systems, threats, countermeasures, etc. etc. This is just another attack vector that wasn't widely known or accepted until now.
I am still an advocate for using full disk encryption (and encryption in general) as good information security practice. It is another essential cog in the bigger information security machine. Recognize the technology for what it is and understand that it's use does reduce risk when compared to the alternative of using clear-text. Obtaining the encryption keys is obviously very possible, but obtaining clear text information is completely trivial. Long-term this is a great problem to have. I have seen many, many good "out of the box" ideas being kicked around by information security professionals, debating possible solutions. It's the out of the box thinking that spurs creative solutions.
Other News Sources:
CNET.com News story
The New York Times story
SecurityFocus story
InformationWeek story
Originally I was not going to write about this because it is not a breach (incident), but...Yesterday, researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems released an eye-opening report labeled "Lest We Remember: Cold Boot Attacks on Encryption Keys" in which they "present a suite of attacks that exploit DRAM remanence [sic] effects to recover cryptographic keys held in memory".
OK. What does this mean to the non-geek? It means that there are now successful attacks against many encryption implementations, including those most commonly used on mobile devices (laptop, thumb drive, etc.). Here at The Breach Blog I have advocated the use of hard drive encryption in many posts and pointed out the fact that storing confidential information on unencrypted laptops is bad security and poor business. So, what does this all mean?
From Princeton University's Center for Information Technology Policy FAQs:
Q. What encryption software is vulnerable to these attacks?
A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable.
Q. What can users do to protect themselves?
A. The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers’ physical security could be compromised. On most systems, locking the screen or switching to “suspend” or “hibernate” mode does not provide adequate protection. (Exceptions exist; some systems may not be protected even when powered off. Check with the developer of your disk encryption software for further guidance.)
Q. Isn’t your attack difficult to carry out? Don’t you need materials like liquid nitrogen?
A. We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.
And from "Lest We Remember: Cold Boot Attacks on Encryption Keys" Conclusion:
"There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed."
[Evan] Well, if this ain't a shot to the gut! On the surface I am miffed by research that leaves me wondering what in the world am I supposed to do now? When I think about it more, I am extremely grateful for the work these people do and I'm not really surprised by the findings. People that have been in the information security field for a while, understand some of the concepts that (we think) make us effective in what we do. Nobody can rightfully claim that full disk encryption or any other single technology is the one that protects against everything. We are never 100% secure will all technologies, let alone one. Security is a holistic discipline that is about defense in depth, continual analysis and improvement, systems and backup systems, threats, countermeasures, etc. etc. This is just another attack vector that wasn't widely known or accepted until now.
I am still an advocate for using full disk encryption (and encryption in general) as good information security practice. It is another essential cog in the bigger information security machine. Recognize the technology for what it is and understand that it's use does reduce risk when compared to the alternative of using clear-text. Obtaining the encryption keys is obviously very possible, but obtaining clear text information is completely trivial. Long-term this is a great problem to have. I have seen many, many good "out of the box" ideas being kicked around by information security professionals, debating possible solutions. It's the out of the box thinking that spurs creative solutions.
Other News Sources:
CNET.com News story
The New York Times story
SecurityFocus story
InformationWeek story
