Planning for 'DRAM remanence'

"Researchers with Princeton University and the Electronic Frontier Foundation (EFF) have found a flaw that renders disk encryption systems useless if an intruder has physical access to a computer. The attack works because sensitive content, such as encryption keys, may be held in dynamic random access memory (DRAM) where they linger, even after the machine is powered off. This enables an attacker to obtain keys to decrypt file contents after reapplying power to the machine. How serious is the threat, and would/could you recommend products or practices that are secure against it?"

Michael Cobb:
There's no doubt that this spring's hot security read was the paper titled "Lest We Remember: Cold Boot Attacks on Encryption Keys." The Princeton University research describes the ways in which data could be compromised by a process called "DRAM remanence," the tendency of dynamic random access memory to retain information after the last refresh cycle.

Dynamic random access memory is used to hold data that a system needs immediate access to, like the content of this document while I am typing it, or, in the case of your question, the keys used by disk encryption software to write an encrypted copy to disk.

Disk remanence, the tendency of file data to persist despite the user issuing file delete commands, has been known for at least twenty years. The risks from DRAM remanence have been mentioned before, but seldom in the context of disk encryption keys. The research paper firmly establishes DRAM remanence as a new class of attack.

When a new threat appears, it is reasonable to ask how much of a risk it poses. Precise answers are problematic precisely because the threat is just emerging. Not all hackers publish their findings, so there is no way of knowing how many people have been working on perfecting this attack, or for how long.

And certainly there are alternative methods of achieving unauthorised access to a disk encryption program's stored data. I would think, for example, that social engineering or eavesdropping would be an easier tactic for data thieves right now.

But let's plan some defenses. The two main ways for a DRAM remanence compromise to occur would be to: reboot a system with a specially configured boot device (a bootable CD-ROM, USB drive, or network boot), or; take physical possession of a system that is still powered on (or in standby mode for some operating system configurations). All vectors, apart from a network boot, require physical access to the system for an attack. A network form of the attack requires access to a server on the same network as the target system.

So defense No. 1 should be to physically prevent other people from so much as touching your computer without your permission. Hopefully, all of your users already feel that way about their/your machines. Users of systems which contain data that is so sensitive that the disk encryption has been turned on should already know that theft of their system is a security problem, even if data is encrypted. The mere presence of disk encryption may bring some compliance-related benefits if a theft occurs, but theft is still going to be a major hassle, one that is best prevented in the first place.

Hopefully you have already trained your users and told them that no system should ever be left unattended, unless it is in a secure environment (i.e. a place accessible only to trusted personnel). This DRAM remanence issue presents a good time to reiterate that policy and emphasise that it includes systems that employ disk encryption. And I would add that before a system is stowed or stored, for example, in a hotel room safe or an airline luggage compartment, it must first be powered off and should not be left in standby or hibernation.

Finally, I would take issue with the assertion that "DRAM remanence renders disk encryption systems useless." Encryption still provides useful protection against a wide range of real world attackers. Sure, if your users are not well-trained, then a skilled and determined opponent may be able to get past the defenses, but I would argue enterprises are still much better off with encryption in place. Over time there will be software and hardware improvements that beat this attack; indeed some forms of hardware encryption already do.

About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications.

Rate this Tip To rate tips, you must be a member of SearchSecurity.co.UK. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threats and security advisories The value of booting from a VHD in Windows 7 What to do with network penetration test results How to prevent memory dump attacks How to prevent phishing attacks with social engineering tests Cyberwarfare and the enterprise: Is the threat real? How to avoid botnet attacks How to ensure the validity of Microsoft Windows updates How to defend against rogue DHCP server malware Mac OS memory flaws pose challenges for enterprise endpoint protection How to find and stop automated SQL injection attacks Data Protection Solutions and Strategy Pros and cons of Skype security for encrypted phone calls NHS smart card devices enable secure access to health care apps Company files at risk of employee data theft McAfee-Intel: Why the McAfee acquisition is being met with scepticism Mobile digital pad/pen helps secure patient data collection Hard-disk erasure: Using HDDerase and Secure Erase hard-drive eraser In any given app for smartphone, security risks are being neglected First of data loss prevention vendors touts downloadable DLP software Ministry of Justice asks for input on UK privacy laws PCI PTS: Understanding PCI PIN security requirements Threat and Vulnerability Management Social networking: Workplace productivity, security no match for Facebook McAfee-Intel: Why the McAfee acquisition is being met with scepticism Network security 101: Default router settings, network hardening Network security 101: Password policy best practices, security documents Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw ISACA issues mobile smartphone security policy guidance Zeus Trojan: Data-stealing malware transfers £675,000 from UK bank Survey: Web 2.0 security issues cause concern Spy recording devices can be thwarted by portable USB security policy Microsoft issues temporary fix for Windows Shell zero-day RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Data Protection Act 1998  (SearchStorageUK.com) Information Commissioner's Office (ICO)  (SearchStorageUK.com) UK Identity Cards Act  (SearchSecurityUK.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.