 |
|
Attack on computer memory reveals vulnerability of widely-used security systems
February 22, 2008A team of academic, industry and independent researchers has demonstrated a new class of computer attacks that compromise the contents of "secure" memory systems, particularly in laptops.
The attacks overcome a broad set of security measures called "disk encryption," which are meant to secure information stored in a computer's permanent memory. The researchers cracked several widely used technologies, including Microsoft's BitLocker, Apple's FileVault and Linux's dm-crypt, and described the attacks in a paper and video published on the Web Feb. 21.
The team reports that these attacks are likely to be effective at cracking many other disk encryption systems because these technologies have architectural features in common.
"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said Alex Halderman, a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."
The attack is particularly effective against computers that are turned on but are locked, such as laptops that are in a "sleep" or hibernation mode. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.
Halderman's Princeton collaborators included graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman and Professor Edward Felten, the director of the Center for Information Technology Policy. The team also included Seth Schoen of the Electronic Frontier Foundation, William Paul of Wind River Systems and independent computer security researcher Jacob Appelbaum.
Felten said the findings demonstrate the risks associated with recent high-profile laptop thefts, including a Veterans Administration computer containing information on 26 million veterans and a University of California, Berkeley laptop that contained information on more than 98,000 graduate students and others. While it is widely believed that disk encryption would protect sensitive information in instances like these, the new research demonstrates that the information could easily be read even when data is encrypted.
"Disk encryption is often recommended as a magic bullet against the loss of private data on laptops," Felten said. "Our results show that disk encryption provides less protection than previously thought. Even encrypted data can be vulnerable if an intruder gets access to the laptop."
The new attacks exploit the fact that information stored in a computer's temporary working memory, or RAM, does not disappear immediately when a computer is shut off or when the memory chip is taken from the machine, as is commonly thought. Under normal circumstances, the data gradually decays over a period of several seconds to a minute. The process can be slowed considerably using simple techniques to cool the chips to low temperatures.
Disk encryption technologies rely on the use of secret keys -- essentially large random numbers -- to encode and protect information. Computers need these keys to access files stored on their own hard disks or other storage systems. Once an authorized user has typed in a password, computers typically store the keys in the temporary RAM so that protected information can be accessed regularly. The keys are meant to disappear as soon as the RAM chips lose power.
The team wrote programs that gained access to essential encryption information automatically after cutting power to machines and rebooting them. The method worked when the attackers had physical access to the computer and when they accessed it remotely over a computer network. The attack even worked when the encryption key had already started to decay, because the researchers were able to reconstruct it from multiple derivative keys that were also stored in memory.
In one extremely powerful version of the attack, they were able to obtain the correct encryption data even when the memory chip was physically removed from one computer and placed in another machine. After obtaining the encryption key, they could then easily access all information on the original machine.
"This method is extremely resistant to countermeasures that defensive programs on the original computer might try to take," Halderman said.
The attacks demonstrate the vulnerability of machines when they are in an active state, including "sleep mode" or the "screen lock" mode that laptops enter when their covers are shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent.
None of the attacks required specialized equipment. "I think we're going to see attackers doing things that people have previously though impractical or impossible," Appelbaum said.
The researchers were able to extend the life of the information in RAM by cooling it using readily available "canned air" keyboard dusting products. When turned upside down, these canisters spray very cold liquid. Discharging the cold liquid onto a memory chip, the researchers were able to lower the temperature of the memory to -50 degrees Celsius. This slowed the decay rates enough that an attacker who cut power for 10 minutes would still be able to recover 99.9 percent of the information in the RAM correctly.
"Hints of problems associated with computers retaining their temporary memory have appeared in the scientific literature, but this is the first systematic examination of the security implications," said Schoen.
The researchers posted the paper describing their findings on the website of Princeton's Center for Information Technology Policy. They submitted the paper for publication and it is currently undergoing review.
In the meantime, the researchers have contacted several manufacturers to make them aware of the vulnerability: Microsoft, which includes BitLocker in some versions of Windows Vista; Apple, which created FileVault; and the makers of dm-crypt and TrueCrypt, which are open-source products for Windows and Linux platforms.
"There's not much they can do at this point," Halderman said. "In the short term, they can warn their customers about the vulnerability and tell them to shut their computers down completely when traveling."
In the longer term, Halderman said new technologies may need to be designed that do not require the storing of encryption keys in the RAM, given its inherent vulnerability. The researchers plan to continue investigating this and other defenses against this new security threat.
Princeton University, Engineering School
"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said Alex Halderman, a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."
The attack is particularly effective against computers that are turned on but are locked, such as laptops that are in a "sleep" or hibernation mode. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.
Halderman's Princeton collaborators included graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman and Professor Edward Felten, the director of the Center for Information Technology Policy. The team also included Seth Schoen of the Electronic Frontier Foundation, William Paul of Wind River Systems and independent computer security researcher Jacob Appelbaum.
Felten said the findings demonstrate the risks associated with recent high-profile laptop thefts, including a Veterans Administration computer containing information on 26 million veterans and a University of California, Berkeley laptop that contained information on more than 98,000 graduate students and others. While it is widely believed that disk encryption would protect sensitive information in instances like these, the new research demonstrates that the information could easily be read even when data is encrypted.
"Disk encryption is often recommended as a magic bullet against the loss of private data on laptops," Felten said. "Our results show that disk encryption provides less protection than previously thought. Even encrypted data can be vulnerable if an intruder gets access to the laptop."
The new attacks exploit the fact that information stored in a computer's temporary working memory, or RAM, does not disappear immediately when a computer is shut off or when the memory chip is taken from the machine, as is commonly thought. Under normal circumstances, the data gradually decays over a period of several seconds to a minute. The process can be slowed considerably using simple techniques to cool the chips to low temperatures.
Disk encryption technologies rely on the use of secret keys -- essentially large random numbers -- to encode and protect information. Computers need these keys to access files stored on their own hard disks or other storage systems. Once an authorized user has typed in a password, computers typically store the keys in the temporary RAM so that protected information can be accessed regularly. The keys are meant to disappear as soon as the RAM chips lose power.
The team wrote programs that gained access to essential encryption information automatically after cutting power to machines and rebooting them. The method worked when the attackers had physical access to the computer and when they accessed it remotely over a computer network. The attack even worked when the encryption key had already started to decay, because the researchers were able to reconstruct it from multiple derivative keys that were also stored in memory.
In one extremely powerful version of the attack, they were able to obtain the correct encryption data even when the memory chip was physically removed from one computer and placed in another machine. After obtaining the encryption key, they could then easily access all information on the original machine.
"This method is extremely resistant to countermeasures that defensive programs on the original computer might try to take," Halderman said.
The attacks demonstrate the vulnerability of machines when they are in an active state, including "sleep mode" or the "screen lock" mode that laptops enter when their covers are shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent.
None of the attacks required specialized equipment. "I think we're going to see attackers doing things that people have previously though impractical or impossible," Appelbaum said.
The researchers were able to extend the life of the information in RAM by cooling it using readily available "canned air" keyboard dusting products. When turned upside down, these canisters spray very cold liquid. Discharging the cold liquid onto a memory chip, the researchers were able to lower the temperature of the memory to -50 degrees Celsius. This slowed the decay rates enough that an attacker who cut power for 10 minutes would still be able to recover 99.9 percent of the information in the RAM correctly.
"Hints of problems associated with computers retaining their temporary memory have appeared in the scientific literature, but this is the first systematic examination of the security implications," said Schoen.
The researchers posted the paper describing their findings on the website of Princeton's Center for Information Technology Policy. They submitted the paper for publication and it is currently undergoing review.
In the meantime, the researchers have contacted several manufacturers to make them aware of the vulnerability: Microsoft, which includes BitLocker in some versions of Windows Vista; Apple, which created FileVault; and the makers of dm-crypt and TrueCrypt, which are open-source products for Windows and Linux platforms.
"There's not much they can do at this point," Halderman said. "In the short term, they can warn their customers about the vulnerability and tell them to shut their computers down completely when traveling."
In the longer term, Halderman said new technologies may need to be designed that do not require the storing of encryption keys in the RAM, given its inherent vulnerability. The researchers plan to continue investigating this and other defenses against this new security threat.
Princeton University, Engineering School
Computer Memory News and Current Computer Memory Events RSSMemory in artificial atoms
Three of our nano-physicists have made a discovery that can change the way we store data on our computers. This means that in the future we can store data much faster, and more accurate. Their discovery has been published in the scientific journal Nature Physics.
Swarm approach to photography
A new approach to cleaning up digital photos and other images has been developed by researchers in the UK and Jordan. The research, published recently in Inderscience's International Journal of Innovative Computing and Applications uses a computer algorithm known as a PSO (Particle Swarm Optimization) to intelligently boost contrast and detail in an image without distorting the underlying features.
ASU researchers improve memory devices using nanotech
Arizona State University's Center for Applied Nanoionics (CANi) has a new take on old memory, one that promises to boost the performance, capacity and battery life of consumer electronics from digital cameras to laptops. Best of all, it is cheap, made from common materials and compatible with just about anything currently on the market.
The solution to a 7-decade mystery is crystal-clear to FSU chemist
A Florida State University researcher has helped solve a scientific mystery that stumped chemists for nearly seven decades. In so doing, his team's findings may lead to the development of more-powerful computer memories and lasers.
Landmark Modeling Study at Penn Reveals How Ferroelectric Computer Memory Works
A collaboration of University of Pennsylvania chemists and engineers has performed multi-scale modeling of ferroelectric domain walls and provided a new theory of behavior for domain-wall motion, the "sliding wall" that separates ferroelectric domains and makes high-density ferroelectric RAM (FeRAM) possible.
Carnegie Mellon scientists devise method to increase kidney transplants
Computer scientists at Carnegie Mellon University have developed a new computerized method for matching living kidney donors with kidney disease patients that can increase the number of kidney transplants - and save lives.
A Fresh Spin in Quantum Physics: The 'Spin Triplet' Supercurrent
For the first time, scientists have created a "spin triplet" supercurrent through a ferromagnet over a long distance.
Another world-record achievement for National High Magnetic Field Laboratory
The National High Magnetic Field Laboratory is ending its year with another achievement of international importance as engineers and technicians this week completed testing of a world-record magnet.
NIST demonstrates better memory with quantum computer bits
Physicists at the National Institute of Standards and Technology (NIST) have used charged atoms (ions) to demonstrate a quantum physics version of computer memory lasting longer than 10 seconds-more than 100,000 times longer than in previous experiments on the same ions.
Spintronics - breakthroughs for next generation electronics
Traditional silicon chips in computers and other electronic devices control the flow of electrical current by modifying the positive or negative charge of different parts of each tiny circuit. However it is also possible to use of the mysterious magnetic properties of electrons - know as "spin" - to control the movement of currents. Many large companies have spent millions of dollars trying to solve some of the problems faced by this technology, but progress has remained slow. Discoveries made in Oxford solve several of the most difficult problems and open up this exciting new world of possibilities.
More Computer Memory News Articles
 | Digital Wedding Photography: Capturing Beautiful Memories by Glen Johnson Capture unforgettable moments of that special day Professional wedding photographer Glen Johnson knows there's a huge difference between being able to take good pictures and being a good wedding photographer. In this exquisite, full-color book, Glen dispenses sage advice and solutions for taking impressive digital wedding images -- posed or candid, in any weather, in any setting,... |
 | Understanding the Linux Kernel, Third Edition by Daniel Bovet, Marco Cesati In order to thoroughly understand what makes Linux tick and why it works so well on a wide variety of systems, you need to delve deep into the heart of the kernel. The kernel handles all interactions between the CPU and the external world, and determines which programs will share processor time, in what order. It manages limited memory so well that hundreds of processes can share the system... |
 | Understanding Operating Systems, Fifth Edition by Ann McHoes, Ida M. Flynn With the same straightforward and clear writing style that has made previous editions so successful, Understanding Operating Systems, Fifth Edition, provides the ideal blend of operating theory and practice. Coverage includes the fundamentals of operating systems: what they are, what they do, how they function, how they can be evaluated, and how they compare to one another. Part One describes... |
 | Mind Hacks: Tips & Tricks for Using Your Brain (Hacks) by Tom Stafford, Matt Webb The brain is a fearsomely complex information-processing environment--one that often eludes our ability to understand it. At any given time, the brain is collecting, filtering, and analyzing information and, in response, performing countless intricate processes, some of which are automatic, some voluntary, some conscious, and some unconscious. Cognitive neuroscience is one of the ways we have to... |
 | Programming Embedded Systems: With C and GNU Development Tools, 2nd Edition by Michael Barr, Anthony Massa If you have programming experience and a familiarity with C--the dominant language in embedded systems--Programming Embedded Systems, Second Edition is exactly what you need to get started with embedded software. This software is ubiquitous, hidden away inside our watches, DVD players, mobile phones, anti-lock brakes, and even a few toasters. The military uses embedded software to guide missiles,... |
 | Building the Perfect PC, Second Edition by Robert Thompson, Barbara Fritchman Thompson This popular Build-It-Yourself (BIY) PC book covers everything you want to know about building your own system: Planning and picking out the right components, step-by-step instructions for assembling your perfect PC, and an insightful discussion of why you'd want to do it in the first place. Most big brand computers from HP, Dell and others use lower-quality components so they can meet their... |
 | Memory Dump Analysis Anthology, Volume 1 by Dmitry Vostokov This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in 2006 - 2007 for software engineers developing and maintaining products on Windows platforms, technical support and escalation engineers dealing with complex software issues and general Windows... |
 | Scrapbooking Digitally: The Ultimate Guide to Saving Your Memories Digitally by Kerry Arquette, Andrea Zocchi, Darlene D'Agostino, Susha Roberts Forget about traditional scrapbooking! Throw out the scissors and glue and save your memories in a whole new way. Scrapbooking Digitally is a complete reference book for people of all ages. A step-by-step guide, Scrapbooking Digitally takes readers through every step of the scrapbooking process--from picking the right camera to working with software to learning creative tools, like altering... |
 | Core Memory: A Visual Survey of Vintage Computers by John Alderman An unprecedented combination of computer history and striking images, Core Memory reveals modern technology's evolution through the world's most renowned computer collection, the Computer History Museum in the Silicon Valley. Vivid photos capture these historically important machines including the Eniac, Crays 1 3, Apple I and II while authoritative text profiles each, telling the stories of... |
 | Using OpenMP: Portable Shared Memory Parallel Programming (Scientific and Engineering Computation) by Barbara Chapman, Gabriele Jost, Ruud van der Pas "I hope that readers will learn to use the full expressibility and power of OpenMP. This book should provide an excellent introduction to beginners, and the performance section should help those with some experience who want to push OpenMP to its limits." --from the foreword by David J. Kuck, Intel Fellow, Software and Solutions Group, and Director, Parallel and Distributed Solutions, Intel... |
| © 2008 BrightSurf.com |