Vulnerability of widely-used security systems memory exposedFebruary 22nd, 2008 - 1:20 pm ICT by admin
Washington, February 22 (ANI): A team of Princeton University students and experts from the computer industry has shown that it is still possible to access a piece of encrypted information even when it is stored in memory systems that are known to be secure, particularly in laptops.
Alex Halderman, a PhD candidate in the universitys Department of Computer Science, has revealed that the team has been successful in cracking several widely used technologies like Microsofts BitLocker, Apples FileVault and Linuxs dm-crypt.
The researchers believe that such attacks are likely to be effective in cracking many other disk encryption systems because these technologies have architectural features in common.
Weve broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers. Unlike many security problems, this isnt a minor flaw; it is a fundamental limitation in the way these systems were designed, Halderman said.
Such attacks are particularly effective against computers that are turned on but are locked, such as laptops that are in a sleep mode. Turning the computer off entirely may be one countermeasure, but even this does not provide complete protection in some cases.
Professor Edward Felten, the director of the universitys Center for Information Technology Policy, says that the findings demonstrate the risks associated with recent high-profile laptop theftsa Veterans Administration computer containing information on 26 million veterans and a University of California, Berkeley laptop that contained information on more than 98,000 graduate students and others.
Disk encryption is often recommended as a magic bullet against the loss of private data on laptops. Our results show that disk encryption provides less protection than previously thought. Even encrypted data can be vulnerable if an intruder gets access to the laptop, Felten said.
Computer users usually think that information stored in the systems temporary working memory (RAM) disappear immediately when the machine is shut off. But the researchers say that the data takes a period of several seconds to a minute to decay, which makes the system vulnerable to attacks.
The research team showed this by writing programs that gained access to essential encryption information automatically after cutting power to machines and rebooting them.
They say that the method worked when the attackers had physical access to the computer, and when they accessed it remotely over a computer network. The attack even worked when the encryption key had already started to decay, because the researchers were able to reconstruct it from multiple derivative keys that were also stored in memory.
According to the researchers, the attack was so powerful that they were able to obtain the correct encryption data even when the memory chip was physically removed from one computer, and placed in another machine. It could enable them to access all information on the original machine, they added.
This method is extremely resistant to countermeasures that defensive programs on the original computer might try to take, Halderman said.
The researchers were able to extend the life of the information in RAM by cooling it using readily available canned air keyboard dusting products. When they lowered the temperature of the memory to -50 degrees Celsius, it slowed the decay rates enough that an attacker who cut power for 10 minutes would still be able to recover 99.9 percent of the information in the RAM correctly.
Given the inherent vulnerability of the new technologies, Halderman said that they might need to be designed in such a manner that it does not require to store encryption keys in the RAM. (ANI)
Tags: architectural features, countermeasure, department of computer science, disk encryption, edward felten, encrypted data, fundamental limitation, information technology policy, magic bullet, memory systems, minor flaw, phd candidate, princeton university students, private data, professor edward, security problems, sensitive corporate data, sleep mode, university of california berkeley, veterans administration