Memory Trick Breaks PC Encryption
BBC NEWS
Memory trick breaks PC encryption

Encrypted information held on a laptop is more vulnerable than previously thought, US research has shown. Scientists have shown that it is possible to recover
the key that unscrambles data from a PC’s memory.

It was previously thought that data held in so-called “volatile memory” was only retained for a few seconds after the machine was switched off. But the
team found that data including encryption keys could be held and retrieved for up to several minutes. “It was widely believed that when you cut the power
to the computer that the information in the volatile memory would disappear, and what we found was that was not the case,” Professor Edward Felten of the
University of Princeton told BBC World Service’s Digital Planet programme.

Volatile memory is typically used in random access memory (RAM), which is used as temporary storage for programs and data when the computer is switched
on.

Deep sleep
Disc encryption is the main method by which companies and governments protect sensitive information. “The key to making it work is to keep the encryption
key secret,” explained Professor Felten.

Encryption has recently become a hot topic after a number of laptops containing personal records were lost or stolen. Simply locking your screen or switching
to ’suspend’ or ‘hibernate’ mode will not provide adequate protection Edward Felten

“What we have found was that the encryption keys needed to access these encrypted files were available in the memory of laptops,” he said. “The information
was available for seconds or minutes.”

In theory, this is enough time for a hacker or attacker to retrieve the key from the memory chips. “The real worry is that someone will get hold of your
laptop either while it is turned on or while it is in sleeping or hibernation mode,” said Professor Felten. In these modes the laptop is not running, but
information is still stored in RAM to allow it to “wake up” quickly.

“The person will get the laptop, cut the power and then re-attach the power, and by doing that will get access to the contents of memory - including the
critical encryption keys.”

Cool running
Switching the machine off and on and is critical to any attack. “When it comes out of sleep mode the operating system is there and it is trying to protect
this data,” explained Professor Felten. But a full power-down followed by a swift re-start removes this protection.

“By cutting the power and then bringing it back, the adversary can get rid of the operating system and get access directly to the memory.” Professor Felten
and his team found that cooling the laptop enhanced the retention of data in memory chips. “The information stays in the memory for much longer - 10 minutes
or more,” he said.

For example, where information stays in a computer for around 15 seconds under normal conditions, a laptop cooled to about -50C will keep information in
its memory for 10 minutes or more.

Professor Felten said that the best way to protect a computer was to shut it down fully several minutes before going into any situation in which the machine’s
physical security could be compromised.

“Simply locking your screen or switching to ’suspend’ or ‘hibernate’ mode will not provide adequate protection,” he added. “It does cast some doubt on the
value of encryption. I think that over time the encryption products will adapt to this and they will find new ways of protecting information.”

Story from BBC NEWS.

Tags: , ,