http://news.bbc.co.uk/2/hi/technology/7275407.stm
Memory trick breaks PC encryption
ncrypted information held on a laptop is more vulnerable than previously
thought, US research has shown.
Scientists have shown that it is possible to recover the key that unscrambles
data from a PC's memory.
It was previously thought that data held in so-called "volatile memory" was
only retained for a few seconds after the machine was switched off.
But the team found that data including encryption keys could be held and
retrieved for up to several minutes.
"It was widely believed that when you cut the power to the computer that the
information in the volatile memory would disappear, and what we found was that
was not the case,"
Professor Edward Felten of the University of Princeton told BBC World Service's
Digital Planet programme.
Volatile memory is typically used in random access memory (RAM), which is used
as temporary storage for programs and data when the computer is switched on.
Deep sleep
Disc encryption is the main method by which companies and governments protect
sensitive information.
"The key to making it work is to keep the encryption key secret," explained
Professor Felten.
Encryption has recently become a hot topic after a number of laptops containing
personal records were lost or stolen.
"What we have found was that the encryption keys needed to access these
encrypted files were available in the memory of laptops," he said.
"The information was available for seconds or minutes."
In theory, this is enough time for a hacker or attacker to retrieve the key
from the memory chips.
"The real worry is that someone will get hold of your laptop either while it is
turned on or while it is in sleeping or hibernation mode," said Professor
Felten.
In these modes the laptop is not running, but information is still stored in
RAM to allow it to "wake up" quickly.
"The person will get the laptop, cut the power and then re-attach the power,
and by doing that will get access to the contents of memory - including the
critical encryption keys."
Cool running
Switching the machine off and on and is critical to any attack.
"When it comes out of sleep mode the operating system is there and it is trying
to protect this data," explained Professor Felten.
But a full power-down followed by a swift re-start removes this protection.
"By cutting the power and then bringing it back, the adversary can get rid of
the operating system and get access directly to the memory."
Professor Felten and his team found that cooling the laptop enhanced the
retention of data in memory chips.
"The information stays in the memory for much longer - 10 minutes or more," he
said.
For example, where information stays in a computer for around 15 seconds under
normal conditions, a laptop cooled to about -50C will keep information in its
memory for 10 minutes or more.
Professor Felten said that the best way to protect a computer was to shut it
down fully several minutes before going into any situation in which the
machine's physical security could be compromised.
"Simply locking your screen or switching to 'suspend' or 'hibernate' mode will
not provide adequate protection," he added.
"It does cast some doubt on the value of encryption. I think that over time the
encryption products will adapt to this and they will find new ways of
protecting information."
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[Non-text portions of this message have been removed]
