Most people use disk encryption tools to prevent someone who may have physical possession of their computer from gaining access to their data without their personal password or key. These tools are supposed to be very effective, and people commonly assume that with the tools, their data are protected even when their computers are lost or stolen.

A group of researchers recently published a paper that details simple methods they developed to steal encrypted data stored in hard disk drives. Their technique could seriously undermine the effectiveness of security software used to protect data on computers, especially laptops and other portable computers which are very vulnerable to theft.

The procedure requires the attacker to have physical access to the computer; it cannot be done remotely. It exploits an obscure vulnerability in the DRAM (dynamic random access memory) chip, which temporarily holds data while you are working on your computer. When you shut off the computer, the data in the DRAM, including the data encryption keys, are erased from the DRAM.

Contrary to popular assumption, however, the content in the DRAMs do not disappear immediately. It takes several seconds or a few minutes after shutting off power before the data is erased, and even if the DRAMs are separated from the motherboard. With more specialized techniques, the data could remain for hours, or even days, in the chips.

The simplest method involved chilling the chips with a can of inexpensive dust remover. This produced temperatures cold enough (-50 °C) to have the data in the chips stay long enough for the researchers to retrieve the keys easily.

The more complicated method involved cooling the chips in liquid nitrogen to temperatures of -196 °C. This froze the data in place for hours without any power.

In either method, the researchers then put the chips back into a computer after cooling and easily retrieved the contents. They then used pattern-recognition software to pick out the security keys from the other bits of data on the cooled DRAM chip.

The researchers successfully tested their procedure on various encryption utilities in Windows, Macintosh and Linux operating systems. They did not test the methods on disk encryption systems now built into a number of commercial disk drives.

Nevertheless, their tests proved that current industry standard platforms (called Trusted Computing) to securing data on modern personal computers may not give sufficient protection against these potential attacks. People cannot simply assume anymore that claims of robust computer security are correct.

Safety Tips:

• Shut down your computer completely several minutes before you leave your computer (which could compromise its physical security). If you want to protect your encrypted files better, do not leave your computer in ‘sleep’ mode or with locked screen saver. This does not completely shut off the computer.

• Protect your computer from theft.

• Use an encrypted volume PGP disk and remove it when you’re done.

• Use multi-factor authentication.

Add to: del.icio.us | Digg