premio
join:2002-02-17
Antelope, CA | reply to SUMware
Re: Disk encryption may not be secure enough
WOW! wonder if GuardianEdge is vulnerable. I never realized these software products store their keys in memory that is so easily obtainable. |
|
darthboy
join:2007-12-31
Canada
| With regards to the posts saying that a computer's POST will wipe out RAM contents:
that's presuming the malicious person plugs the RAM into another computer. Surely there're standalone devices that are able to extract the RAM contents? Engineers, anyone? It probably depends on how much the data's worth before anyone would try this.
However, if a malicious person has physical access to your computer, it's no longer your computer anywayz.  |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by darthboy  :
With regards to the posts saying that a computer's POST will wipe out RAM contents:
that's presuming the malicious person plugs the RAM into another computer.
Actually, its presuming that user has time to restart computer and do the POST, BEFORE attacker can get physical access to the RAM chips in the computer.
quote:
Surely there're standalone devices that are able to extract the RAM contents?
Yes, ofcourse.
quote:
However, if a malicious person has physical access to your computer, it's no longer your computer anywayz.
That is poor quote. The point of encryption is to ensure that even if someone graps your computer, they cannot get the files. If you can have total physical security of your computer, there is no reason to use whole disk encryption or any other file encryption in the first place! |
|
ElJay
join:2004-03-17 | reply to SUMware
On the list of things that I worry about, this sort of attack on my encrypted data is ranks at about 130498120947120958120958th on my list of concerns.  |
|
LanDroid2
join:2004-12-20
Cincinnati, OH
| reply to SUMware
eljay001 said On the list of things that I worry about, this sort of attack on my encrypted data is ranks at about 130498120947120958120958th on my list of concerns. Good for you, but the point is what if you are a hospital administrator with gobs of patient records on your laptop? Or a political operative in a high stakes election campaign? Or an informant for the FBI? An attorney in an insanely expensive civil trial?
For folks like these who could be direct targets, there should be foolproof methods to protect against these attacks. Perhaps a script that automatically overwrites the encryption key in RAM every time you put it into sleep, hibernation, reboot, screen saver, or shutdown modes, forcing you to re-enter the key. Princeton let this cat out of the bag, how about they get on the solution now, AY? |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| said by LanDroid2 :Good for you, but the point is what if you are a hospital administrator with gobs of patient records on your laptop? Then you or the CIO should be fired for gross negligence.
Put the records on a secured server in a locked room. There is then little concern about someone stealing the server RAM before it has had time to get cold. |
|
a_large_rock
join:2003-08-02
Markham, ON
 ·Cogeco Cable
·Rogers Hi-Speed
| reply to Anonymous_
said by Anonymous_ :said by jansson_mark :Is there any way to easily overwrite old data in RAM? memtest86+ » www.memtest.org/will over write it with usesless crap Memtest86 on powerdown would work. I remember reading about a company 20 or 30 years ago using a watchdog card to whipe system memory on a powerdown/power failure. I'm not sure how easy that would be on a PC today. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
| reply to SUMware
Data on laptops is a very significant issue. Laptops with most of my personal information on them have been lost or stolen 3 times in the last 5 years. Twice they were laptops that Human Resources reps from my former employer were carrying, and once was after donating blood. So floating around out there are my (old) address, who I worked for, how long I worked for them, how much I made, my Social Security number, my education, my phone number, my nearest relatives, emergency contacts, and my blood type. I don't even know how I can be sure I'm me any more! |
|
amungus
Premium
join:2004-11-26
America
clubs:
| reply to LanDroid2
Very valid points LanDroid2.
I like this idea:
"Perhaps a script that automatically overwrites the encryption key in RAM every time you put it into sleep, hibernation, reboot, screen saver, or shutdown modes, forcing you to re-enter the key." ---
that is actually a great idea...
There is a foolproof method to protect against such a thing happening - turn the computer off. Completely off. Ram loses juice, end of problem.
Another solution, if using TrueCrypt (or similar software) - unmount your volume, close the program, and run a memory cleaner program.
This issue of being able to gather such info from RAM chips isn't very likely going to be used by a common thief - as others have pointed out.
The common thief, even if they are pretty nerdy, isn't likely to go through such lengths unless they have a good reason to.
They're FAR more likely to be paranoid about a lojack or other method of tracking than whatever might be encrypted.
It's very likely that encrypted info on disk is still very safe from prying eyes... UNLESS the computer resumes from standby/hibernation/sleep WITH the encrypted information already opened up... THEN you might have cause for concern.
I still think the best practices should be shutting down the software AND the computer. Not much chance of anything going bad.
Still, your idea of scripting a memory cleaner (after closing/unmounting etc... of course  ) is probably going to end up being a feature in future mem cleaners... if it isn't... it should be.
Bet someone is already working on it. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| reply to mikenolan7
Yeah, that's why I'm in favour of mandatory jail sentences for CIOs that are responsible for company procedures that puts my personal data on company laptops.
This is not a technical problem. This is a legal problem. The people who put you and I at risk are not held responsible for their actions. |
|
premio
join:2002-02-17
Antelope, CA
| said by dave :Yeah, that's why I'm in favour of mandatory jail sentences for CIOs that are responsible for company procedures that puts my personal data on company laptops. This is not a technical problem. This is a legal problem. The people who put you and I at risk are not held responsible for their actions. That is why California enacted SB1386 to allow for individuals to be liable as well as the company. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| reply to amungus
said by amungus :Very valid points LanDroid2. I like this idea: "Perhaps a script that automatically overwrites the encryption key in RAM every time you put it into sleep, hibernation, reboot, screen saver, or shutdown modes, forcing you to re-enter the key." --- that is actually a great idea... OT: it's harder than you think. I once wrote some code that needed to do some stuff with a password. I figured I'd make sure I overwrote the password before returning the memory to the heap. It is close to impossible. As soon as you call any function you didn't write, you have no idea whether it made and destroyed another copy (that did not get overwritten). And given modern encapsulation techniques, you have no idea whether the password is even sitting at the same address from one moment to the next; an std::string can arbitrarily decide to reallocate itself.
Magnify that up to a real system and it mushrooms out of control.
Maybe the solution is to never put passwords in real memory. Keep 'em in the TPM chip |
|
Anon users
@anonymouse.org
| There is really nothing to worry about... There is only a time frame of about 5 sec (5 sec, yeah, that's in the pdf, refer to the timing graphs of various models of computer tested) that 'they' might able to grab a 'partial' password that is 40 to 50% foul.
It really needs to be a 'JUMPER' that can warp in front of your laptop, opening up your laptop circuitry in less than 2 secs to spray the coolant...
Always power down your machine when not attended; 'Big Bang' on your front door, unplug your machine. That's it
Always Use 256-bit encryption, 50% foul is 128-bit secured :> |
|
jig
join:2001-01-05
Hacienda Heights, CA
| reply to dave
said by dave :Put the records on a secured server in a locked room. There is then little concern about someone stealing the server RAM before it has had time to get cold. the problem is that users keep themselves logged in or have a copy of the access keys to the server on their laptops. large very secure firms use a personal pager-like device that updates the key every 15 minutes or so, but there's still a window. if they don't use the pager-key system, then the password/key could very well still be in ram. |
|
jig
join:2001-01-05
Hacienda Heights, CA
| reply to Anon users
said by Anon users :
Always Use 256-bit encryption, 50% foul is 128-bit secured :> i believe they're saying that isn't true... that once they have 50% of a key, they can get the rest in much less time than cracking a key of 50%*bit-length.
also, this attack really isn't against machines that have been powered off, it goes after machines that have been put to sleep or that use MS's new fandango vista secure crap. either way, 99% of the secure machines i've seen do not force complete shut down when the lid closes (executives hate that).
as far as the TPM - if a password is ever typed in while the computer is running something higher than DOS, i don't think there's currently a sure-fire way to erase any trace from ram. i suppose with some extension of the no-execute bit hardware, maybe you could at least segregate the area that needed to be overwritten, so that the process would be easier to control. |
|
russotto
join:2000-10-05
Collegeville, PA
| reply to SUMware
This vector doesn't really change much. Security software already needs to
1) Ensure that keys are kept in non-pageable RAM
2) Make sure keys are cleared when they are no longer needed and
3) Make sure keys are cleared during sleep.
All this adds is
4) Make sure keys are cleared during (orderly) power-down. |
|
LanDroid2
join:2004-12-20
Cincinnati, OH
| reply to SUMware
Dave said Then you or the CIO should be fired for gross negligence. Put the records on a secured server in a locked room. There is then little concern about someone stealing the server RAM before it has had time to get cold. Hey cool, way to kick ass, but what you're really saying is anyone who puts data of any value on a laptop is guilty of gross negligence. Is that realistic even if methods like whole disc encryption are used? No!
Knowledge of this problem has already expanded from geeky security forums to the NY Times. Stop the finger pointing and get on with solutions...
»www.nytimes.com/2008/02/22/techn···=5087%0A |
|
genewitch
join:2007-09-12
Klamath Falls, OR
·Charter Pipeline
·Suddenlink
·Cebridge Connections
| reply to AB
said by AB :Concerns about this very thing when using WDE (whole disk encryption) in the latest version of TrueCrypt. No easy solution, apparently. I just use straight volume encryption with TrueCrypt, and have it set to not cache passwords. I also have Windows set to clear the pagefile on shutdown. I lose no sleep. I'm confident that if anyone can find a way to fix this issue in WDE, it's the fine and brilliant folks at TrueCrypt. I run my windows boxes without a pagefile. And i'd assume that ram clears itself on a power cycle? One would hope. if not, the first person to come up with ram that clears itself like that would make a ton of money (copyright 2008 Genewitch) |
|
jig
join:2001-01-05
Hacienda Heights, CA | you can't copyright ideas. |
|
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| reply to SUMware
The artworld anticipated this
"Persistence of Memory" - Salvador Dali |
|
|
