Breaking disk encryption with RAM dumps


If you haven’t gotten a chance yet, do watch the video of this attack. It’s does a good job explaining the problem. Full drive encryption stores the key in RAM while the computer is powered on. The RAM’s stored data doesn’t immediately disappear when powered off, but fades over time. To recover the keys, they powered off the computer and booted from a USB disk that created an image of the RAM. You can read more about the attack here.

How can you reduce this threat? You can turn off USB booting and then put a password on the BIOS to prevent the specific activity shown in the video. Also, you can encrypt your rarely used data in a folder on the disk. They could still decrypt the disk, but they won’t get everything. I don’t think this problem will truly be fixed unless there is a fundamental change in hardware design to erase the RAM and even then it would probably only help computers that are powered off, not suspended.

The potential for this attack has always been talked about and I’m glad to see someone pull it off. I’m hoping to see future research into dumping RAM data using a USB/ExpressCard with DMA access.

Comments

  1. Chris says:

    I’m a lot less interested in finding out how to protect myself than getting my hands on that software. It sounds like it would be pretty neat to be able to get RAM dumps like that.

  2. m says:

    One of the slashdot comments said that loop-aes considered this in their design.

    http://it.slashdot.org/comments.pl?sid=461784&cid=22504940

  3. urza says:

    No idea how hard this would be, but how about a RAM clearing button hack? Slap it on your case in case of emergency. Then you can integrate a PIC or something with that that’ll clear the RAM as soon as the PC is powered off…or fill it with random data.

  4. Miles Attacca says:

    Really, can’t someone just write a program on some low level that’ll execute at shutdown and zero out everything in memory?

  5. HaDAk says:

    hmm. i would love to get my hands on that juicy bit of software.

  6. TD-er says:

    What is next?
    encapsulated ram-chips, to avoid tapping the signals?
    using single registers on the CPU, which can only be accessed by a hypervisor?
    using random adresses in memory to store the key, which will be cleared as soon as the CPU detects a power-down, but after flushing the buffers to avoid filesystem corruption.

  7. Wolf says:

    This begs the question, who needs their data so secure that they implement bios level encryption, yet has their computer set by default to boot from anything but the internal HDD?

    So the only computers really vulnerable to this attack are laptops with functioning batteries and encrypted hard disks, that were on when stolen (short of any James Bond bs, they’d have to be, given the conspicuousness of the ram freezing and transfer) and have passed bios, but not user level authentication.

    Its interesting attack, but unless you make a habit of carrying around a laptop known to be full of national secrets, which you regularly leave on and unattended, I wouldn’t say this constitutes a significant vulnerability.

  8. Decalis says:

    wolf has a point… I think anybody who has data important enough to be highly concerned about this hack, yet are still that vulnerable to it probably deserve to have their data stolen….

  9. Taylor Alexander says:

    Some people have mentioned that a smart person would disable USB-booting in the BIOS, but that won’t help you if the RAM is moved to another computer…
    This hack looks like a pretty big deal. I think you guys underestimate how many end users of secure material might leave their laptop running somewhere with them logged in. Hell, with the value of this data, it wouldn’t be unreasonable to see someone rob someone of it at gunpoint.
    -Taylor

  10. (Hi, I’m one of the coauthors of the paper in question.)

    Having your bios configured to boot from a given device isn’t going to secure you against this attack. It may be possible to build software countermeasures when given time to activate them. Part of the nature of the problem is that we don’t have that time when an attacker can simply cut the power.

    I suggest reading our full PDF and if nothing else, enjoy the key recovery sections for their error correcting beauty.

    The software will be released in the future as an open source suite of tools. All in good time.

  11. Will Spencer says:

    We used to say “If you want your computer to be secure, unplug it.” We may have to modify that statement now. :D

  12. Dorit says:

    Obviously the key should be stored in WOM (Write Only Memory) then nobody could steel it :)

  13. dunp says:

    minimal linux boot
    and back up memory
    dd if=/dev/mem of=/tmp/mem.img
    and analyse your membackup photorec /tmp/mem.img some images from images are saved…

  14. Bill Michaelson says:

    I would like a BIOS feature that clears memory as first step prior to boot. If I could keep the key memory soldered in, that would be good too.

  15. snow says:

    wouldnt it be possible to create a kind of “hardware codec” wich encripts the ram as well? this would be cool as a new feature for new pc since adding such a codec to an existing pc obviously would be a massive bottleneck ( massive adresse reroute and other problems…)

  16. Pixeltricks says:

    Lets fact it.
    With this method , there really isn’t much you can do to protect a pc that is left in the running state.
    All a thief has to do is grab the laptop, drop it in liquid nitrogen or something similar .
    Bios will not help because they can just remove the memory as shown. You would need a encryption system that doesn’t put the key in ram at any time, thats near impossible.

  17. james underhill says:

    small duel boot program?
    program that wipes the ram on boot.

    - you would run a shutdown link in your main os that flags the boot loader to run the memory wipe on reboot.
    - the machine would then reboot.
    - the wipe program runs then sets a flag that its been run and the main os should boot next time. it then shuts the computer down.

    maybe a key stored in a Trusted Platform Module chip?

  18. This story is another reason state legislatures are unwise to madate encryption as a data security procedure. http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html

  19. Someone says:

    the best way is to add a hardware add on. you get this slot that slots into the memory slot once that is connected you put the memory chip onto the slot that you just slotted in.

    this hardware will somehow kill or overwrite all data on memory once it detects there is no power being passed thought the memory. most motherboards can take this thing. its the best way but it has one problem. it takes about 10-30 secs depending on your memory and the size of the dump

  20. George says:

    Wouldn’t it be ridiculously easy to bypass this whole issue by booting off of some LiveCD Linux or something and running a loop that would require all available system resources after you were done using it? It’d write new values to the RAM, and basically just cover your tracks foolproof. Heck, you could probably even write a script to do this when Windows shuts down. Loop, make sure it fills all available memory, shut down.

  21. George says:

    Okay, it’s cute and all, but this all-lowercase thing is kinda naggy. Worried about all-caps or can you actuall read this without pain?

  22. lmb says:

    Underhill: You mean Memtestx86+? Its slow, but it overwrites ram. Doesn’t seem too complicated (in theory) to disable the read-back funtionality to speed this process up.

  23. plus.medic says:

    What all you people are suggesting about wiping the RAM just won’t work. The attacker needs to only cut the power, and then remove the RAM module and transfer it to another system. What good would some over-thought wipe-memory-on-boot program do you then?

    The point is, if you leave your PC or laptop on unattended, you’re screwed. This paper shows there needs to be a serious reengineering of current disk encryption utilities in order to neutralize this method of attack.

    That, or maybe look at securing access to the internals of your PC or laptop. Maybe it’s time for PC cases to be given ratings akin to safes? ;)

  24. AndyfromTucson says:

    Maybe I am missing something, but if you want to avoid this vulnerability just shut down your computer before you take/leave it somewhere where it could be stolen or accessed by someone unauthorized. If you have something that you want to keep super secret then its worth the time to shut down and then reboot whenever you stop using the computer.

  25. Chamunks says:

    Theres a few things you could definitely do. Short term read up on your type of ram and find a way to do a little work around that detects an irregular “suspicious” power off and nukes the data on the chips. This could also be something to concidder you could build it into the ram to allways poll the system clock. If the clock stops ticking the ram sends itself bad data to skew its own contents this could be accomplished by adding a simple super capacitor that just stays charged all the time incase of a shutdown so that the ram can self clean and once again close a loop hole.

    If your data is extremely sensitive though your going to need to find a way to secure these components so that they cannot be accessed without destroying the chip otherwise someone could just disable this mechanism before removing it.

  26. Chamunks says:

    One last note: You could also go so far as to be as paranoid as to make it difficult to access the pins on the rams chips.

  27. NoMiNaL eKrAsH says:

    What good would it do to run a bootloader for the “next” reboot and then clear the ram? If the ram is going to be taken out and chilled then recovered. A hardware device might be a solution, but how bout an automatic memory slot ejactor, or pin contact release
    that won’t work for sleep or STR or disk hibernation. Some password recovery utilities use the same method of RAM recovery, not just registry or Hard drive flags and password or user policy and account ACL. We’re stuck with normal environmental conditions here. OS code would have to be written to send electrical shorts to the RAM in sleep modes (there goes your desktop)or the power off switch and mobo would have to have a circuit that shorts the ram…probably not good for the RAM…there is nothing that shows this would be effective. RAM is a charge coupled device, And even if the BIOS zeroed anything that would take time on computer shutdown, even if a computer was left on you can still yank the ram out in a powered state.

  28. NoMiNaL eKrAsH says:

    What good would it do to run a bootloader for the “next” reboot and then clear the ram? If the ram is going to be taken out and chilled then recovered. A hardware device might be a solution, but how bout an automatic memory slot ejactor, or pin contact release
    that won’t work for sleep or STR or disk hibernation. Some password recovery utilities use the same method of RAM recovery, not just registry or Hard drive flags and password or user policy and account ACL. We’re stuck with normal environmental conditions here. OS code would have to be written to send electrical shorts to the RAM in sleep modes (there goes your desktop)or the power off switch and mobo would have to have a circuit that shorts the ram…probably not good for the RAM…there is nothing that shows this would be effective. RAM is a charge coupled device, And even if the BIOS zeroed anything that would take time on computer shutdown, even if a computer was left on you can still yank the ram out in a powered state.

  29. Tracy Esau says:

    i wanna get my hands on the juicy bit of the software….

  30. Eliseo says:

    Informative Article… AWESOME.

  31. Shawn says:

    Few thoughts and questions.

    Who would need security from this – what about credit card or insurance companies that deal with full social security numbers on a daily basis?

    Like everyone else has said, running a shutdown program to wipe the RAM requires power to the system. No power = no wipe = stolen info.

    Biggest question is, are hard drives with a built-in security chip safe from something like this? I think Western Digital or Seagate have drives like this. The key is stored on the drive, not in RAM, so a different method is needed?

  32. Daniel Craig says:

    Hey, I was looking around for a while searching for Encryption Disk Security Software and I happened upon this site and your post regarding ing disk encryption with RAM dumps – Hack a Day, I will definitely this to my Encryption Disk Security Software bookmarks!

  33. Tom says:

    The Linux Gentoo variant Incognito (KDE env) has a file named halt.sh that runs at shutdown and overwrites memory with the command: /usr/bin/smem > /dev/null.

    I am experimenting with modifying the halt script at shutdown in a Live CD environment of Ubuntu 8.10 (Gnome env). It looks like there is a configuration parameter that sets HALT=poweroff that might be able to be changed to HALT=halt, so that it might be possible to work it into the script to execute just before powering off (possibly manually).

  34. dick says:

    wouldn’t it help to just bury the hd (and PC) into a wall or ceiling and use rf links to mouse, keyboard, and monitor?

  35. dave says:

    i think we are looking at dedicated memory for the storage of keys as the only solution. this memory should be removable from the laptop so that the owner always takes it with them (its back to common sense here).

    if attacker finds an unattended laptop the key isn’t there.

    lookup IronKey usb drives surly this technology can be applied to external hard disks as well?

  36. mic says:

    If your data is seriously way to important to have compromised… Presenting, “The ultimate in data protection” Hmm not so imaginative, but how about a grenade ducktaped to your laptop and rigged up. “100% Guaranteed to erase all data ( and persons)!”. Or a smaller less catastrophic thing thats a little more Discrete. Thermite is phun…

  37. x86 says:

    How can you reduce this threat? You can turn off USB booting and then put a password on the BIOS to prevent the specific activity shown in the video

    …. Did you not see the tactic demonstrated for recovering dumped ram.. Bios password,hahaha remove the CMOS battery and it’ll reset. BIOMETRIC in the bios and even then a piece of scotch tape foiled your secret data.

    irc.2600.net #backtrace

  38. Jorge says:

    Why not just epoxy your ram modules into their slots? I mean some nasty super-strong epoxy. Something resilient to physical, chemical, and temperature attacks. Sure, they will eventually get in, but not in enough time. You will also need things like BIOS-level password protection to prevent booting into their program. Some epoxy on the BIOS chip and CMOS battery/battery holder (so they cant cut the leads) to prevent resetting the BIOS.

    I mean, thats if you WANT to. I’m sure the number of people out there capable, or even aware, of this attack is extremely low. You’re most likely going to have your laptop stolen by someone who isn’t familiar with this type of attack.

  39. Justin says:

    Just use a Compaq. All of their hardware is soldered in, isn’t it ;)

  40. noone says:

    Step 1:
    Modify/Create encryption software so that it can detect when the OS has been locked either via the user or automatically. Then after 10/15 seconds (depending on user settings), have the encryption software isolate/protect itself in a small area of memory (if not done already), while re-encrypting the rest of the RAM with the original key. Then overwrite (with random data) the area of memory in the isolated section that stores the key.

    This should be able to be done via the software in a few seconds. The only way to restore the session would be for the user to enter their encryption password, which would return them to the OS’s lockout screen, whereby they would have to enter their user account password within 10/15 seconds or it would again re-lock/encrypt.

    While this method isn’t perfect, it does offer increased security. The only way of getting the data/key then, would be to shut off all power to the machine quickly before any OS lockout occurs, then boot the machine to your device or remove the RAM and place in another machine to boot to your device. See next step for increased security.

    Step 2:
    The software could modify the BIOS to force a full RAM test (RAM fill) every time the computer is booted (force it to occur before any booting can take place). This will fill the RAM with random/null data as part of the test, thereby wiping any retained memory before anyone can boot into any device to make a copy of the memory.

    This eliminates someone quickly shutting off power to the machine and then quickly booting into their device to copy the memory. But it does not stop them powering off the machine, spraying the RAM to cool it, removing the RAM and inserting into another machine that will boot to their device. So again, it is increased security but it is far from perfect.

    Step 3:
    Implement specialist hardware to solve the remaining vulnerabilities, for example:
    RAM that loses all of it’s memory upon power loss within 5 seconds at room temperature
    A machine case that requires a key to open, so nobody can access the internal hardware without damaging the case
    An internal mechanism that can tell when the machine case is being tampered with (unauthorized access) and upon detection will wipe the RAM

    Alternative Option:
    Create/Modify encryption software to store the entered key onto a hardware key e.g. a USB drive, rather than in the RAM. If the USB is removed the encryption software (in RAM) will either lockout the user, shut down the machine, or wipe what is in RAM (except itself) before then shutting down. This will eliminate anyone getting the key from the RAM, but does not protect the unencrypted data still residing in RAM. Also the additional problem is introduced of the USB drive becoming the vulnerability; perhaps have a special purpose USB drive that uses a type of fast fading RAM rather than flash. So if it is taken the memory will fade quickly, and if the drive has a secure housing, it would be difficult to obtain any residual memory as they would not be able to get to the chip quick enough to cool it or copy data.

    Conclusion:
    All these ideas need refinement, but a combination of the above methods would make it exceptionally difficult to obtain the user’s key or data. Some of the options are cheap and easy to implement, others are not. It all depends on how much the user is willing to spend. Spend enough, using most of these options and nothing will get your data except an extremely well planned attack, or a vulnerability presented due to user error (e.g. easy to guess pass key / user not watching who is watching them / user leaving a machine with extremely sensitive data unattended…. etc).

  41. Melissa says:

    Could someone give me the code of a RAM Dumping tool? A simple one would be nice. Preferably in C,Perl or Python.

    Thanks-
    Melissa!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,770 other followers