Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Disk encryption easily cracked, researchers find

Security approach common on Vista, Apple and Linux laptops
By Network World Staff , Network World , 02/21/2008
  • Share/Email
  • Comment
  • Print

The disk encryption technology used to secure the data in your Windows, Apple and Linux laptops can be easily circumvented, according to new research out of Princeton University.


Get Network World columnist Scott Bradner's take on this research.


The flaw in this approach, the researchers say, is that data previously thought to disappear immediately from dynamic RAM (DRAM) actually takes its time to dissolve, leaving the data on the computer vulnerable to thievery regardless of whether the laptop is on or off. That's because the disk encryption key, unlocked via a password when you log on to your computer, then is held in DRAM. If a thief can get a hold of the key, he can then get into the disk.

"We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux," writes Ed Felten, a Princeton professor, on his blog, Freedom to Tinker.

The researchers, which also included participants from the Electronic Frontier Foundation and Wind River Systems, have created a captivating video demonstrating a process (one using a program dubbed "Bit-unLocker") that can be used to snatch the data. In the video, the narrator explains that it takes seconds for data to fade and that the process can be slowed by cooling the memory chips (they chill the memory chips to around -58 F with a liquid spray and remove them without affecting the contents). The chips can even be switched to a different computer to read them. Liquid nitrogen can be used to cool the chips for hours, the researchers say.

"This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM," Felten writes.

Felten adds that even using Trusted Computing hardware doesn't help.

(A presentation from a pair of security researchers scheduled for Black Hat USA last summer that promised to undermine chip-based desktop and laptop security was suddenly withdrawn without explanation. The briefing promised to show how computer security based on trusted platform module hardware could be circumvented.)

The Princeton findings prompted Steven Sprague, CEO of Wave Systems, which makes management software for hardware security devices, to point out that such attacks on laptops would be preventable via hardware-based encryption offerings.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comments (6)
Login
Forgot your account info?

Anything easily cracked ifBy tuomoks on February 22, 2008, 2:44 pmOld news but nice that someone (again) raises the question. Now, that's why NIST FIPS requirements on different levels, physical security is as important as logical....

Reply | Read entire comment

Re: SolutionBy uner on February 22, 2008, 1:30 pmUnfortunately that does not solve the core issue that they key is in external RAM as plaintext for relatively long periods of time. Virtualization and sudden power...

Reply | Read entire comment

Encyption LawBy BenjaminWright on February 22, 2008, 1:29 pmThis story is another reason state legislatures are unwise to madate encryption as a data security procedure. http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html

Reply | Read entire comment

SolutionBy jhansonxi on February 22, 2008, 12:46 pmIn Linux the kernel just needs to wipe the memory space prior to halting or suspending. For Windows I predict that Symantec and other data security companies will...

Reply | Read entire comment

Not as trivial as it soundsBy uner on February 22, 2008, 7:39 amAt first look, my reaction was the same as Mark's - that this is both an obvious and impractical weakness. However, consider the technical implication here, that...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed