Equipped with a can of air spray and sophisticated data hunting techniques, attackers can rebuild disk encryption keys from fragments of data in memory Just when you thought you could sleep easy with disk encryption, here comes a wake-up call from the Center for Information Technology Policy at Princeton University. In just a few pages, the center’s research team proves that disk encryption is easy to defeat if your attacker is skilled and determined enough.When the laptop is in sleep mode, whatever is stored in memory remains in memory, including encryption keys. Big deal, you might think, the laptop asks for a password whenever anyone tries to use it. That’s where many people, including me, are wrong. As the Center for Information Technology Policy researchers explain, a bad guy can get to the encryption keys, bypassing the password as if it wasn’t even there:The attacker will then insert a special thumb drive into the laptop, yank out the laptop’s battery, quickly replace the battery, and push the power button to reboot the laptop. The encryption keys will still be in memory — the memory will not have lost its contents because the laptop was without power only momentarily while the battery was out.How can the encryption keys be still in memory after yanking the battery out? Some memory cards maintain 50 percent or more of their content intact for a minute after powering down, the researchers found. Some for longer, but an attacker doesn’t have to take that chance: As the study shows, using an air-duster can upside down can lower the temperature of a memory card to -50 C (-58 F). At that temperature, the cards they tested maintained a perfect or near-perfect image of their content for a minute or longer, long enough to copy the data in memory to another medium. At even lower temperatures, such as what you can attain by using liquid nitrogen, the researchers saw very little RAM reading errors after 60 minutes. To complete the story, once memory content has literally been frozen, the attacker can boot from a thumb drive that contains a small OS kernel plus an application that will quickly copy whatever RAM content has not overlapped to the same USB drive. Stage three: Using a data-sniffing application, the attacker is able to rebuild or retrieve the encryption keys and can now copy the content of your drive, in the clear, to another device.If you doubt any of what I just described, I urge you to read the report in its entirety. For example, the research team had little trouble building an application capable of finding or recreating keys from fragments of data in memory: To reconstruct an AES key, we treat the decayed key schedule as an error correcting code and find the most likely values for the original key. Applying this method to keys with 10% of bits decayed, we can reconstruct nearly any 128-bit AES key within a few seconds. We have devised reconstruction techniques for AES, DES, and RSA keys, and we expect that similar approaches will be possible for other cryptosys.Mind boggling? I agree, but the good news is that the techniques the researchers used are probably way over the head of the average crook. The bad news is that if you carry desirable enough information, your opponents will have a sufficient incentive to come after your laptop. How can we defend our laptops now that we know of this vulnerability? The first, obvious, remedy is to always power off your laptop before walking away from it. Another suggestion is to evaluate carefully the encryption tools you use. By definition, software encryption tools will keep — and possibly leave for a long time — keys in memory in some shape or form. By contrast, a quick check with Seagate — which offers the Momentus FDE family of laptop drives with hardware encryption — triggered this response (PDF): DRAM attacks to hardware-based full disk encryption (FDE) drives, the technology that powers the Seagate Momentus 5400 FDE.2 drives for laptop computers, are not possible, because the cryptographic key never leaves the hard drive. The key is not stored in DRAM, but in the ASIC chip that implements the encryption algorithm, which is built into the drive.That’s what Larry Swezey, Consumer and Commercial HDD director for Hitachi GST had to say. As you know, Hitachi offers optional hardware encryption on all Travelstar 2.5″ drives: When used together with the ATA HDD locking feature, encryption can prevent an attacker from gaining access to the data. Even if the attacker were to physically remove the disks and read them on some specialized equipment such as that used by data recovery services, the data itself would be encrypted and hence not understandable.However, Swezey offered a note of caution about attacks to the DRAM content:It is conceivable that the software will indeed have the drive password present in the system DRAM so the attacker can gain access to that password.In summary, a laptop mounting a drive with hardware encryption is less vulnerable, while providing faster access and easier administration, but the drive encryption barrier could still be penetrated if we let a smart attacker break into the laptop memory. Check out my in-depth review of the Momentus FDE and a rival drive from Hitachi GST with BDE (Bulk Drive Encryption). Do you use encryption on you laptop? How secure do you feel?