Frozen chips - data remanence - hackers and zeroising to meet FIPS 140-2 and soon 14-3 is your data REALLY secure ?? Be scared, be really scared !!!!

Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation Jim Chow, Ben Pfaff, Tal Garfinkel, Mendel Rosenblum (14th USENIX Security Symposium Aug 2005) paper at Stanford University Department of Computer Science

Is an obscure paper that was a response to knowledge that "sensitive data is often scattered widely through user and kernel memory and left there for indefinite periods " .. what is called persistence in memory and how this can be exploited - One recent study of security bugs in Linux and OpenBSD discovered 35 bugs that can be used by unprivileged applications to read sensitive data from kernel memory. (see also Data remanence Wikipedia)

Anyway this paper was enough to prompt the assorted academics, hackers, gooks, geeks and general ne'er do wells at the Centre for Information Technology Policy at Princeton University( website ) to look at the way , DRAMs can (and do, contrary to popular belief) retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard.

DRAMs are not automatically or immediately erased and the Princeton Posse realised their contents persist sufficiently for " malicious (or forensic) acquisition of usable full-system memory images."

You can read a handy introduction about how they researched this topic here

New Research Result: Cold Boot Attacks on Disk Encryption by Ed Felton + their full Research paper here (NB Researcher Joseph P Calandrino was under appointment to the Department of Homeland Security(DHS) Scholarship and Fellowship Program under DOE contract number DE-AC05-06OR23100.) Hmmmmm.

Their technique (Cold booting) was fffffrighteningly quick'n'easy ... they simply ffffroze the DRAM's (see pic) that contained master decryption keys for disk encrytpion systems by using cans of dust remover upside down yielding temperatures of -50 °C (about the outside temperature in Buffalo today) and even liquid nitrogen (-196 °C) they hold their state for hours at least, without any power.

They show (and have explanatory videos / pics ) how power can be cut to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents. Their reserach paper also has very effective search algorithms for finding and extracting keys from memory, even if the contents of memory have faded somewhat (i.e., even if some bits of memory were flipped during the power-off interval).

They also found it possible to chill the DRAM chips before cutting power and in discussion Ed Felten says .."An attacker could still remove the DRAM and transplant it into another computer that has a friendlier BIOS." Not with the Starbuck's brigade of keyboard monkeys however. Apples new stylish paperweight MacAir’s 2GB of DDR2 SDRAM is soldered directly onto the motherboard. (deliberately to overcome this ?)

What must unnerve the computer / software vendors is the ability the Princeton Posse could demonstrate to defeat three popular disk encryption products: BitLocker, which comes with Windows "What a shitlolad of trouble thisis " Vista ( both use the federal government’s certified Advanced Encryption System algorithm to scramble data as it is read from and written to a computer hard disk see below re FIPS 140-2) ; FileVault, which comes with overpriced and Macs loaded with MacOS X; and dm-crypt, a favourite of the deranged people who use Linux.

Now that they have found this , you might like to go back in time here consider what Peter Gutman published long ago in 1996 for the Sixth USENIX Security Symposium Proceedings, San Jose, California "Secure Deletion of Data from Magnetic and Solid-State Memory" ...

He identified the problem ,"Contrary to conventional wisdom, "volatile" semiconductor memory does not entirely lose its contents when power is removed. Both static (SRAM) and dynamic (DRAM) memory retains some information on the data stored in it while power was still applied. " and that" (a) destructive method to speed up the annihilation of stored bits in semiconductor memory is to heat it" and conversely " to extend the life of stored bits with the power removed, the temperature should be dropped below -60°C. Such cooling should lead to weeks, instead of hours or days, of data retention."

Also this weakness has been identified more recently - Matthew G. Lamb Wed Oct 29 2003 quotes Tim Murray

"Note that the sufficiently well funded can play analagous games with semiconductor memory; if you store data in RAM for a long time there are ways of analyzing the chips to deduce a lot of it too. .... Note, too, that getting the RAM very cold (e.g., a liquid nitrogen bath) quickly after shutdown should allow it to keep its state for quite some time after the power button goes off(certainly long enough to get it to the lab.... this is a good point for people who use encrypted file systems.... Likely, the key will be stored in memory,probably in the same location, for quite some time."

So what they have discovered is...well, not that new, nor is it insurmountable and has been catered for in the latest federal ( Toni Fabulosos moles tell us that UK SIS / GCHQ use these ) cryptographic standards.

A standard for all security system is "Zeroisation" (Wikipedia) which requires the resetting or zeroising or erasing sensitive parameters (especially keys) from a cryptographic module to prevent their disclosure if the equipment is captured.

Standards for zeroisation (plus a lot more) are specified in ANSI X9.17 and (in North America) Federal Information Processing Standard FIPS 140-2.Security Requirements for Cryptographic Modules which is issued by National Institute of Standards and Technology in conjunction with Communications Security Establishment Canada (CSEC) more details here its successor standard FIPS 140-3 is under Development

Bruce Schneier exposed this weakness in his book ; ‘Secrets And Lies : Digital Security In A Networked World’ and fairly low cost utilities are available for commercial use to overwrite RAM contents on power off (useful info here about Windows weaknesses - YOUR WINDOWS® OPEN )***. This does not provide protection against stealing the RAM chips from the powered up machines of course - except for the MacAir .

*** Highly recommended brief , simple, clear intro.