In 1996 Peter Gutmann wrote a paper titled “Secure Deletion of Data from Magnetic and Solid-State Memory” [1]. In that paper he mentions the fact that the contents of RAM last longer at lower temperatures and suggests that data could be retained for weeks at a temperature of -60C or lower (while 140C causes rapid data loss). The paper also addresses issues of data recovery from hard drives, but given that adequate CPU power for encryption is available recovering data from a disk shouldn’t be an issue unless thee attacker can get the key to decrypt it or crack the algorithm – so disk recovery is not a hot issue at the moment.
Recently some researchers at Princeton University have published a paper describing in detail how to chill RAM to make it keep its data after a power cycle and even after being installed in a different computer [2]. This attracted a lot of attention, while Peter’s paper described the theoretical concept (in great detail) the Princeton group showed how to implement the attack using materials that are commonly available.
Most of the analysis of this misses some fundamental points. Any suggestion that you can wipe the RAM on power failure or on boot misses the point entirely. If an attacker can chill a DIMM and then remove it from the system then there is no chance for it to be wiped. Maybe if you had security on the PC case to detect case opening (some servers have a basic version of this) such things would do a little good, but it shouldn’t be difficult to bypass in most cases.
Another common flawed analysis is to suggest that this is no big deal because sniffing the memory bus has been possible for years. While it has always been possible for government agencies and companies who design motherboards to sniff the bus, for most potential attackers it has been overly difficult.
When considering the effectiveness of a security system you should first consider what your threat model is. Who is going to attack you and what resources will they be willing and able to devote to the attack? An organisation that is prepared to use expensive equipment and highly trained people to break your encryption probably has other methods of gaining access to your secret data that are easier and cheaper.
The research from Princeton suggests that I could perform such attacks with my spare time and with equipment that is very cheap. I’ve been idly considering doing this to an old PC just for fun! Therefore I have to assume that everyone who has the same amount of skill and money as me can potentially compromise my data if they capture one of my machines.
It is still most likely that if anyone steals my laptop they will want to sell it and use the money to buy drugs. I don’t think that I have any data that is anywhere near valuable enough to justify a targeted mugging. But my procedures (in terms of changing passwords etc) in the case of my laptop being stolen now need to be scaled up due to the ease in which data might be compromised.
The best way of dealing with this would be to have the decryption keys locked inside the CPU (stored in registers or memory that’s locked in the CPU cache). The possibility of getting a modern CPU to operate at any temperature approaching -60C is laughable, and the CPU is a well contained package that can operate on its own and is difficult to attack. This would make things significantly more difficult for an attacker while requiring little effort (in fact it might be possible to lock data in the CPU cache already in which case a software change is all that is required).
Update: A comment by Mike made a good point about CPU cooling. Toms Hardware performed an overclocking experiment (from 3.2GHz to 5.25GHz) and used liquid nitrogen cooling [3]. It might be possible to cool a CPU core to -60C in a reasonably small amount of time. But I still believe that it would raise the bar enough to make it worth doing.
Update2: Thanks Jaime for the spelling advice.
Some of the crazy overclockers use liquid Nitrogen to run their chips at hundreds below zero, so I’d expect a cpu to run just fine at -60C, if it’s not chilled too quickly(thermal contraction, bad solder joints, etc)
Sorry Russell,
I love your blog posts, and I genuinely and greatly appreciate your contribution to FOSS, but I’m an apostrophobic:
“to make it keep it’s data after a power cycle”
should be:
“to make it keep its data after a power cycle”
(possessive “its” has no apostrophe, neither does possessive “his”, nor “hers”, nor “theirs” etc.)
Likewise:
“that can operate on it’s own”
should be:
“that can operate on its own”.
You might find the following page from “A survey of English spelling” interesting:
http://books.google.com/books?id=sceZ5XcqSfIC&pg=PA50&lpg=PA50&ots=TZnOc6rdFA&sig=4-M4je0o7V0fh0PzU6gqjCBI2Ro
Please take this reply as it is intended – _constructively_.
Kind regards, Jaime.
I can’t help but note the similarity between using encrypted memory to stop people sticking your RAM in an esky and TCPA’s approach to hardware security. It’s a huge logistical issue in itself — how long before someone’s wearing the Intel decryption key on a T-shirt?
Really, the simplest way would be a box over the RAM with a few switches or even a sensitive accelerometer that will cut power and/or purge the RAM (using a small backup battery if necessary) as soon as it is tampered with. Sure, it sounds complicated but I daresay it’s going to be easier than an encrypted mechanism.
Regardless, it’s something of a minority case where somebody gets physical access to a locked down computer and wants to steal data from its memory. As you point out, the people who have the resources to do that sort of thing probably have other methods in their toolbox such as sniffing the bus.
Cool hack though.
Thomas: The problem is that purging the memory contents is quite difficult. Unless you have a device that will destroy the RAM with high voltage (rumoured to be used by the military but unreasonably expensive for most civilian use) a quick permanent erasure is difficult to guarantee.
My point is not that people who have the resources to steal data from RAM have other methods, in fact it’s the exact opposite – people who don’t have the resources to implement other methods (such as torture) can steal data from RAM.
etbe: If you wanted to do a DIY self-destruct, it would be quite feasible to plug a 555 sine generator into a little transformer attached to the DIMMs for not much money. I don’t imagine it would take too much current to destroy the RAM. I might even test it sometime. ;) *puts it on the list*. You could do a “the broken”, and use thermite, but that’s probably too expensive.
As for purging the RAM, I was thinking more of an IC on board near the RAM which would hijack the bus and stick a pile of data into the memory. This is beyond the realm of DIY though, obviously, requiring some cooperation from the motherboard manufacturer.
If the only kind of people we’re worrying about here are the people who only have the resources to nick some DIMMs, then I think well-covered self-destructive RAM should solve the issue nicely. Unless that’s just an initial attempt before they step up to torture, which could be a problem. If you’re lucky, all they want is your uid 0 password. :P
Most processors will have JTAG, which is a diagnostic port which allows you to access all their pins for testing the motherboard, and probably to access internal registers and memory for debugging purposes – perhaps the cache too.
It’s likely that the JTAG would be connected on the motherboard. The actual connector is probably not loaded on the motherboard but you could connect to the pins. So I wouldn’t assume that inside the processor means inaccessible.
http://blog.datenritter.de/archives/10-Kryoattacke.html
A German guy has coined the term kryoattacke (cryo-attack) for this. It seems like a good term, the only question is whether we should translate it to English spelling.
Kryoattacke – spreading the *word*…
Es funktioniert: Das Wort “Kryoattacke” erzielt mittlerweile zwei Treffer bei Google und einen bei Yahoo. Bei Google ist mein Blogeintrag der erste Treffer, die anderen beiden führen zu etbe. In den Kommentaren greift etbe den Begriff auf und fragt,…