Cold boot attacks on encryption keys

The Center for Information Technology Policy at Princeton University released a paper that shows that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods.

They demonstrate the methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.

The root of the problem lies in an unexpected property of today’s DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

The video below describes the attacks that result from the remanence of encryption keys in DRAM after power loss.

This following video shows decay of the Mona Lisa after it is placed in DRAM memory, and power is cut over a period of 5 minutes.

The paper can be downloaded here.