United States [Change]
Shopping Cart About Us Contact Us Sitemap MyUtimaco
Utimaco SafewareStatement on the Vulnerability of Disk Encryption to Key Extraction from RAM
This content requires the flash player.

Statement on the Vulnerability of Disk Encryption to Key Extraction from RAM

Executive summary

There is truth in the vulnerability issue of extracting hard disk encryption keys from RAM raised by the recently published Princeton report. In fact, this has been a discussion point for some time. The report points to a very specific circumstance involving applying excessive cooling techniques, such as liquid nitrogen, which may increase the window of vulnerability.

Even with this discovery, however, the methods outlined below mitigate the security risks for the vast majority of businesses today.

According to Utimaco Safeware this issue can be easily addressed by leveraging certain security policies, best practices and well designed encryption products. The opportunity for exposure occurs when a laptop or desktop is left unattended in a ‘power on’ state. Ensuring your computer is in hibernation mode or powered down prior to stepping away from it negates the vulnerability. In addition, employing ‘power on authentication’ further secures your data by requiring user reauthentication from either the ‘hibernate’ or ‘power off state’ to regain normal working mode.

Furthermore, additional protection can be achieved particularly against remote attacks with multifactor authentication using cryptographic smartcards, tokens and biometrics, such as a fingerprint reader. For those requiring an even greater level of security, hardware security modules (HSM) can be deployed. HSM solutions, such as those offered by Utimaco, provide security that is physically tamperproof and has an active temperature sensing functionality.

What is it all about?

Recently some students at Princeton University published a paper that showed a method of copying the entire contents of RAM in a PC and then extracting the hard disk encryption key from this data. PCs which are running, locked, or in the standby mode are potentially vulnerable. For the full article see http://citp.princeton.edu/memory/.

What security applications are potentially vulnerable?

In theory, any encryption software from any vendor can be attacked and the attack is not limited to full disk encryption. The attack occurs when hackers copy the contents of RAM including the encryption key that is stored in RAM. Disk encryption products always need to have a copy of the key in RAM while the PC is being used otherwise hard disk access would not be possible. This attack is relevant for computational devices like PCs only while they are powered on and running. It does not affect encrypted removable media or encrypted PCs that have been shut down or hibernated for more than a few minutes.

Is this a newly discovered vulnerability?

No, it is not. The report simply highlights that with excessive cooling, RAM content persists for several minutes, especially when using cryogenic methods described in the Princeton paper. This opens a small window of opportunity for an attacker (stealing a PC that is in the Powered-on state or immediately after the user has shut it down and left it unattended).

What does an attacker need to execute the attack?

The attacker needs physical access to the PC while it is in the Power-on state, Desktop Lock mode, or Suspend to RAM mode, or immediately after it has been hibernated. The attacker needs to have the proper hardware and software to make a copy of RAM and eventually reconstruct fading bits. The attacker then needs to analyze the entire contents of RAM and understand how Statement on the Vulnerability of Disk Encryption to Key Extraction from RAM, Page 2, 26.02.2008 and where a product device driver would store the encryption key that is currently in use. Finally, the attacker has to understand exactly how the product in question uses that key and encryption format and rebuild a customized application to then apply the extracted key. Barring this exact procedure, key recovery is not possible.

Clearly, a very sophisticated, methodical approach.

What can be done by a user to avoid this vulnerability?

When full disk encryption products are used, the PC is safe when the operating system has been shut down. In this case, the key is no longer in RAM and no longer present anywhere on the system. It is only re-established by a user action -- a password entered at next boot cycle, or with a smartcard used for authentication.

The same reasoning applies to PCs in Hibernate (suspend to disk) mode as long as the full disk encryption product supports safe hibernation — Utimaco SafeGuard products support safe hibernation. When the PC is going in to hibernation mode, RAM content would only be vulnerable until the memory persistence fully decays. Users are safe if they properly enable “Hibernate” mode, instead of using the “Suspend to RAM” mode. It is assumed that users will not have their PC snatched from their hands while they are using it.

Overall, this type of attack can easily be avoided by the following best practices:

  • Ensuring that unattended PCs are either completely powered off or in a state of hibernation
  • Enabling power-on authentication requiring users to authenticate each time the PC changes state.

What measures are implemented in SafeGuard® product software to address this concern?

It is standard corporate policy that SafeGuard products are designed such that key values are only present in RAM as long as they are required by the application. Keys which are no longer required are actively deleted and overwritten before the memory is freed. In addition, various techniques are used to disguise the keys in memory to make a search more difficult.

What further alternatives exist to address this concern?

Utimaco recommends the use of security hardware that performs encryption independent of RAM. For example, Utimaco supplies hardware security modules (HSM) – SafeGuard CryptoServer – that provide a tamperproof environment within which cryptographic keys can be stored and other critical application processes can be executed.

Furthermore, Utimaco products fully support security hardware in the form of smartcards, crypto tokens and biometrics which raises the security bar through multi-factor authentication.

With over six million licenses sold, SafeGuard products have been successfully deployed for many years. Utimaco products have been audited by independent agencies and awarded multiple certifications, including Common Criteria and FIPS. Utimaco is committed to provide best-of-breed, modular security solutions for multiple platforms meeting the demands for enterprise clients.

Please contact your local sales representative if you interested in learning more about how Utimaco can help you address your security concerns.

SafeGuard and Utimaco are trademarks of Utimaco Safeware AG. All other marks are the property of their respective owners.
Copyright © Utimaco Safeware Inc. All rights reserved. Policies | About Us | Contact Us