UW Computer Security Research and Course Blog

Researchers at Princeton University have found a very interesting and different approach to bypassing encryption. It has been demonstrated that when dynamic random access memory (DRAM) is frozen to extremely low temperatures, it retains whatever data is currently loaded onto the chip for minutes or even up to hours. On an encrypted system, when a computer is turned on or in use, the data contained on the RAM includes the key to whatever encryption structure is being used on the machine. This means that given physical access to a machine, an attacker can freeze the memory to retain that data that is currently on the RAM, then reboot the machine, and quickly copy the information off of the DRAM before the system has a chance to overwrite this sensitive information. Obviously once a key is obtained, the encryption of the system is useless. Given that DRAM is currently the most widely used type of memory chip in personal computing, the possibility of this sort of attack is cause for great concern. In the research attacks carried out, nothing more was used than multi-purpose duster spray cans turned upside down, which can freeze the RAM to temperatures as low as -60 degrees Fahrenheit, and a simple piece of software that copies the contents of the RAM that can easily be loaded from a network connection or USB device. These attacks worked both on the original compromised machine, or even when the DRAM was taken from the original machine and booted from a separate machine. This method of attack is a serious threat to the strength of such general disk encryption structures as Apple’s FileVault and Microsoft’s BitLocker.

It has been known since the 70’s that memory can retain it’s data for a prolonged period of time when frozen, but Princeton’s research in the area is the first time that this situation has been formally addressed from a security standpoint. It is unclear if or how much this tactic has been used in the past, since this was simply research on a possible attack that could be carried out and not on any particular use of the attack in the real world. However, knowing that it is possible will certainly cause security designers to re-think the structure of their products with this in mind. It seems that since this characteristic of the RAM has been known for so long (30-40 years), this attack possibility would have been forseen and addressed by this point. However, this is just another example of how Security vulnerabilities are always infinite, and there is no end to the strange and creative ways a system can be attacked.

Even though this attack is only possible when an attacker has physical access to the machine, this does not mean that it can be written off as unlikely and thus low-impact. This issue is especially important in a world where laptop and mobile computing is becoming the status-quo, causing full disk encryption to be a critical measure in security as physical compromise of personal computers becomes more and more likely. That is why companies like Apple and Microsoft have made large efforts to make sure that there is full disk encryption available on the systems that they produce. Now finding that such systems might not be nearly as secure as was once hoped will have a great impact on these companies, their customers, and the general computing community at large.

It is difficult to say how the industry will respond to this security threat. This is an issue that stems from a combination of hardware and software characteristics of current computing technology. Thus steps could be taken in a variety of directions, such as changing the common DRAM model so that this freezing tactic does not in fact cause the data to remain on the chip, or somehow reworking the full disk encryption model so that the key is not so readily accessible on the chip at any given time (which seems hard since the system needs the key in order to decrypt the data itself). Regardless of the direction the industry goes in response to this threat, the solution will not be easy and will certainly not be instantly carried out, since the characteristics that allow the attack to happen are deeply rooted in how personal computing works today (what type of memory that is used or how encryption schemes are set up). Consequently this could be a legitimate security concern for a long time to come.