Network World's headline was certainly designed to catch a security person's eye: "Disk encryption easily cracked, researchers find." In most cases, however, the risk, while real, is less than the headline implies.

It turns out that some researchers at Princeton University followed up on earlier research showing that modern computer memories retained their contents even with the power off (known as memory remanence), and that the retention time could be lengthened by cooling the memory. (See the chapter on physical tamper resistance in Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems. This information almost makes me want to reminisce about core memory.)  The researchers then set about seeing whether they could use various techniques, including ones related to memory remanence, to extract encryption keys that had been stored in the memory of a computer that was using disk encryption. In many cases, they found they could find the key and thus break the security of the encrypted disk.

The Princeton researchers describe their attack in their paper "Lest We Remember: Cold Boot Attacks on Encryption Keys" and describe it in a video on their Web site, including cooling the memory chips using a spray can of duster.

The risk of the particular attack can be largely mitigated if the user has an idea about when his computer might be attacked,  For example, you are entering the United States and are worried about U.S. Customs wanting to peer into your machine. In this case -- and in other cases where you are worried that a laptop could be stolen -- you can be well protected if you do not have the machine set to auto-logon and you turn the machine fully off (not just into sleep mode) when you are told to shut down your electronic devices in preparation for landing. You would be even better off using the hidden volume mode in TrueCrypt so you could boot the machine for the nice Customs people and they would not even know you had encrypted information on your machine -- so they would not badger you for your key.

The paper also includes a number of ways that computer manufacturers and operating-system vendors can reduce or eliminate the disclosure risk. I use FileVault on my Mac, and I hope Apple will tweak its software to maximize the protection. Not because, I hasten to add, that I have any illegal information on my laptop, but because I have information that some of my clients would not like to see in the press.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports