Ed Felten Defeats Hard Drive Encryption

from the ed-felten-strikes-again dept

Fri, Feb 22nd 2008 12:33am — Mike Masnick

Ed Felten, and the various grad students who work for him at Princeton, have done plenty to contribute to the computer security field (and make quite a name for themselves), from breaking the old SDMI encryption that the recording industry insisted was unbeatable (which nearly got Felten sued) to showing just how vulnerable e-voting machines are. However, he may have just broken his biggest story yet. Felten and a group of colleagues have now shown that hard disk encryption is incredibly easy to beat. This should be a huge concern, considering how many people and organizations rely on data encryption to protect important data. In fact, with many of the "lost" hard drive stories over the past few years, many organizations have insisted the risk was minimal, since the data was all encrypted. Yet, as Felten's team shows in this video below, not only is it quite easy to defeat the encryption using a simple can of compressed air, in some cases, there isn't much that can be done to protect against this. As the video notes, this won't work on some systems if the computer is turned completely off and the encryption package opens up before the operating system boots -- but otherwise, most systems are vulnerable.

Basically, they've figured out that, despite what many believe, data held in RAM does not disappear immediately when the power is cut. And, if you freeze the chip, you can make the data last a very long time. This is important, because for disk encryption, the key to unlocking the data resides in the RAM. If someone can access that key in the RAM and make a copy of it, then they can unencrypt all of the data without knowing your password.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ed felten, encryption, hard drives, security

32 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Charming Charlie, 22 Feb 2008 @ 1:56am

I know only a bit more about computer hardware than the normal person, but isn't it quite possible to create a hardware solution to the slow powering off of RAM bits? As in, the OS shutdown initiates a power cut off to the circuits supplying power, so that they immediately 0 out？ I'm imagining a capacitor or something that draws the power out of the RAM. Alternatively, couldn't the OS just manually replace all the bits the OS itself isn't using to kind of cover (mostly) it's tracks during a shutdown? In the video, they didn't show a technique which used a sleeping computer that didn't involve temporarily powering it off.

This, combined with the password entry before the OS starts running, would cover all the bases, wouldn't it?
[ link to this | view in chronology ]
Dr.A, 22 Feb 2008 @ 2:37am

If the key is in the memory then a trojan is by far way better for the job.
[ link to this | view in chronology ]
- Paul`, 22 Feb 2008 @ 3:14am
  
  Re:
  Its not about whats better, its showing that it's also possible this way.
  [ link to this | view in chronology ]
  - Liquid, 22 Feb 2008 @ 5:03am
    
    Re: Re:
    I agree with you on that Paul. Plus with a trojan it would most likely be picked up by virus software anyways... I think that if I had physical access to a computer like that I would just snag it and do it this way... if you think about it you wont leave tracks on the hard drive when you happen to "Find it", and return it...
    [ link to this | view in chronology ]
  - lrobbo (profile), 23 May 2012 @ 8:01am
    
    Re: Re:
    Exactly
    [ link to this | view in chronology ]
Jollygreengiant, 22 Feb 2008 @ 3:18am

Charlie, you could have lines that would short out the memory,and drain the charge but it would mean a complete redesign of memory systems, and would add quite a bit to shutdown/reboot times. Better maybe to have a routine that overwrites the data at shutdown.

All of which is a bit moot as the memory doesn't even need to be in the original PC! A quick spray of liquid CO2 or N2, and just whip them out and into your own device which copies the content for later perusal...
[ link to this | view in chronology ]
- Anonymous Coward, 22 Feb 2008 @ 4:50am
  
  Re:
  Nevermind the fact that you don't need to actually shut down the OS. Pull the plug, pop out the chips, and anything your software was supposed to do on a graceful close is avoided.
  [ link to this | view in chronology ]
- Chronno S. Trigger, 22 Feb 2008 @ 5:28am
  
  Re:
  I have an easier way to avoid this. Don't leave your computer in standby and walk away. Always shut down the PC and wait 30sec before walking away. That way the memory chips have time to discharge. I don't know if hibernate would open a risk since the data in the memory is written to the drive during shutdown.
  [ link to this | view in chronology ]
  - Johann, 22 Feb 2008 @ 3:26pm
    
    Re: Re:
    Yes it will solve the problem but people rather leave the PC on when they go to the bathroom, grab a cup of coffee, etc. And if your laptop is stolen during such time frame then your data still gets stolen.
    [ link to this | view in chronology ]
me, 22 Feb 2008 @ 5:07am

Ed Felten Defeats Hard Drive Encryption
uh-oh
[ link to this | view in chronology ]
matt, 22 Feb 2008 @ 5:32am

not what it seems
although they ar5e correct there are easy methods to crack hard drives these are methods involving physical access. If you have physical access to the hard drive there are many many easier methods to get into the encryption due to human exploitation, such as software situations within the target's pc, video cameras, physical keyloggers, audio keyloggers.

So if you can get to the hard drive or not is irrelevant, there''s plenty of methods This isn't like they magically figured out the encryption key, and also isn't the ram situation "within 1-30 minutes" or something? I mean seriously it may take half of the minute just to get access to what you're looking for.

I salute the method, but there are just too many for this to be truly noteworthy.
[ link to this | view in chronology ]
Overcast, 22 Feb 2008 @ 5:55am

I agree with you on that Paul. Plus with a trojan it would most likely be picked up by virus software anyways...

Only if the AV scanner you are running is familiar with it. If you wrote one for the task, there's only a slim chance it might be detected by the heuristics - which, of course, could easily be tested on another PC, running the same AV software prior to 'delivering' the code.
[ link to this | view in chronology ]
mdmadph (profile), 22 Feb 2008 @ 6:06am

Or you could, I don't know, just turn off your computer when you're not using? Why would any computer that needed this level of security be left on all the time, anyway?
[ link to this | view in chronology ]
delphidude, 22 Feb 2008 @ 6:34am

More scare headlines
This story is being ballyhooed far beyond what it is worth. Has anybody tried this outside of that lab? The answer is yes. Me. I have a pair of useless older PCs that are perfect for experimenting. And a box of cans of cool spray left over from my career job of fixing mainframes. These have real Freon and can freeze your katookies off if used upside down.

I loaded a huge text file with a repeating, easy to recognize pattern of data (i.e abcdefg...) into memory on one. Hosed it down with Freon. That didn't work - it blew the memory, an experience that I have had in the past when trying to cool down components in troubleshooting. Apparently the small lands on a PC board will shrink from the cold and pull apart.

Started again with another simm. Not so cold this time.

Yanked it hot (as in with power on, not referring to temperature), plugged it into another old junker with a copy of Win 3.1 and powered up. Started scanning memory (that took a while, since my last experience with 3.1 must be about 15 years old.) but...

There was nothing. And since most memory was all zeros, I couldn't be sure that the hardware/bios was not clearing memory on boot. Turned off everything in the bios, tried again, but still got nothing.

Tried not only pulling it hot, but swapping it hot. Problem was that the receiving machine would lock solid instantly. But finally one try got it in and the receiver stayed up. Time that the memory was without power was less than 3 seconds.

Great. Looked all over but no trace of that pattern could be found.

So. This isn't quite as easy as the articles are making out. I am sure that the researchers did what they say, but nobody needs to panic that some DHS cop is going to whip out a spray can and a screwdriver and suddenly look through a persons surfing history. Heck, most government agents that I have run across have trouble opening the lid of the laptop.

DelphiDude
[ link to this | view in chronology ]
- Chuck Norris' Enemy (deceased), 22 Feb 2008 @ 7:28am
  
  Re: More scare headlines
  Are you a Mythbuster?
  
  I would like to see an uncut video of a single, or even group, of people trying to pull this off. I mean, it is all described in theory with a bunch of cuts but can you physically do it the way it was shown in time to save the data.
  [ link to this | view in chronology ]
- Rick Sarvas, 22 Feb 2008 @ 10:17am
  
  Re: More scare headlines
  It has been many years since I've done any electronics work, but I think I see the problem here with delphidude's experiment with the older laptops...
  
  It seems to me that exploit makes use of the fact DRAM chips are powered by pulses and not a continuous supply of power as required by the Static RAM used in much older computers. In a way, it's like keeping a bucket that has a small hole in the bottom filled with water. If you top off the bucket at regular intervals as dictated by the size of the hole in the bottom, the supply of water out of the bottom of the bucket should remain the same. If you fail to fill the bucket, the supply of water will eventually run out, but not immediately. With static RAM, the bucket is more like a pipe, so an interruption of water from one end would quickly be noticed at the other.
  
  In short, it might be that the failure of the experiment to work (other than the RAM chips pulling away from the circuit traces when chilled) may simply be due to the fact the the memory used in the target laptops was of the wrong type for this specific type of attack to work (SRAM vs. DRAM).
  
  If so, the results are still interesting.
  
  Some background info...
  http://en.wikipedia.org/wiki/DRAM
  http://en.wikipedia.org/wiki/Static_random_access_memory
  
  Then again, I could be completely wrong too.
  [ link to this | view in chronology ]
Kevin, 22 Feb 2008 @ 7:39am

Clarifications
Charlie, it's not a matter of power stored in the RAM. A bit is set in the memory cell as either on or off. Left to it's own with no power the state of the bits will drift or alter over time. Because of this, power is applied to the cells via a refresh strobe. This refresh current helps ensure that the bit state of the cell doesn't change.

Felten's exploit is based on discovering that the bit state doesn't deteriorate very rapidly, and deterioration can be slowed even further by use of a refrigerant to chill/freeze the memory cells.
[ link to this | view in chronology ]
Michael S. Williamson, 22 Feb 2008 @ 8:21am

Wipe the DRAM!
Disk-encryption utilities should use a routine that overwrites the part of RAM holding the keys when unmounting a volume as this may be the best defense against this sort of attack. This would also require users to unmount their encrypted volumes before leaving them unattended.

-Michael
[ link to this | view in chronology ]
Dale, 22 Feb 2008 @ 8:26am

Yes, I am an idiot
ersonallypay Iway encryptway everythingway onway ymay ardhay riveday inway igpay atinlay.
[ link to this | view in chronology ]
interval, 22 Feb 2008 @ 8:30am

Ok, SO - WHAT?
Ok, Felton has shown the possible. Lets look at the reality; the comprisor has to come in fairly soon after the user has powered down the machine. The code breaker then has to take the pc apart, freeze the ram modules and then analyze the latent charge in the modules, and how you do that I'm not sure. For some reason I still feel fairly well protected and will continue to encrypt my data. Thanks for the warning though.
[ link to this | view in chronology ]
Ben, 22 Feb 2008 @ 8:36am

if you get the computer while it's on...
can't you just burn everything to a CD anyway? I don't really see why this is significant. I guess it would allow you to have access to the computer any time you wanted, after turning it off or whatever, but if it requires having access to the computer after someone has already entered the password, couldn't you just get all the data you needed in that session? I suppose if there's some less barrier to access, like a screen saver password, but it just seems like this would be helpful in very few situations.
[ link to this | view in chronology ]
smarmy, 22 Feb 2008 @ 8:47am

Its a comprimise
1) There's no way to program a laptop to not get stolen, so it comes right down to vigilance on the user's part, which should be security step one. Probably any laptop that will be carrying sensitive data should have sleep mode disabled, and part of the power-down process should be a memory overwrite. But other than that, I'm not too sure how much more secure you can make things anyway, even without this vulnerability.
[ link to this | view in chronology ]
DRM Suxx, 22 Feb 2008 @ 8:51am

sleep mode
You are forgetting that they were able to do this when the PC was left in sleep or hibernate. I typically hibernate mine to make it faster by skipping the whole boot process. Most people I work with do the same, just setting it to open to the password prompt. The video claims the machine is vulnerable at this point.
[ link to this | view in chronology ]
- Chuck, 22 Feb 2008 @ 9:32am
  
  Re: sleep mode
  If you hibernate the machine, you just saved them a lot of trouble. Hibernate copies the entire contents of RAM to disk for resume, you just gave them the copy they were looking for.
  [ link to this | view in chronology ]
xtrasico, 22 Feb 2008 @ 10:27am

Need sleep mode
I am an Auditor and Fraud Investigator. The Agency I work for gives me a laptop to do my work. Last year there was something wrong with it and the boot process use to be like 25 minutes one day and 1 minute the next. That happened everyday. I got used to leaving that laptop on sleep mode because when I needed it to boot fast to take a sworn statement or something important it was really frustrating to wait for it to boot up. All the work I do is confidential so we use encryption. This is going to change my preferences... just in case.

Sleep mode:
When referring to speed up the booting process of a PC I have always read everywhere on the net that hibernate is slower comparing it to the boot or sleep process. Hibernate just saves everything to hard drive so you can access it exactly as you had it when leaving the PC. In my PC the booting process is faster than waking it from hibernating, which sometimes hangs. Maybe something is wrong with my PC. I don't know...
[ link to this | view in chronology ]
Steve, 22 Feb 2008 @ 11:31am

Hibernation is Probably Safe with most products
Hibernation and waiting a few minutes should thwart this attack as long as you use a product that encrypts the hibernation file. I know the product I use automatically does that.

I hate to shut down, and hibernating takes too long (even longer now that it's being encrypted) so I just stand by. Looks like I'll have to get used to shutting down.
[ link to this | view in chronology ]
dorion, 22 Feb 2008 @ 1:09pm

Off Topic
I don't know what the big deal is with data security anyway. All of our information is spread across the world anyway thanks to outsourcing IT to foreign countries. My identity was stolen when I was 19 from my local college. Someone snagged my personal info from my school records. Good thing I was too young to have any real credit. Too bad LE did not think it was important enough to pursue the crook.

I have worked with several law enforcement companies that have sophisticated ways of dismantling a drive and pulling data off. Whom are you trying to keep the data away from anyway? If they are good enough to crack this stuff then most likely they have a job paying them more then what this data is worth.
[ link to this | view in chronology ]
Nicko, 22 Feb 2008 @ 5:22pm

The classic method
Well you can always go back to tamper-proofing your machine with a battery driven thermite charge. Nothing quite stops a thief quite like a 4500 degree blast.
[ link to this | view in chronology ]
Tony, 2 Jul 2008 @ 6:20pm

this is not something new
this type of attack is nothing new,

I'm a computer scientist and work for Novell who make SuSe Linux.

if you use something like these products the chances are that your password is only a very small one - as most people will not make the password overly long (aka >20 characters) and even sometimes it is something obvious!

so the vulnerability due to a brute force attack is still about 50-100x more likely to break your encryption than this method is :| due to physical acess needed shortly after a powerdown.
[ link to this | view in chronology ]
Mike, 26 Feb 2009 @ 9:38pm

This article is misleading...
Hard drive encryption is alive and well and living embedded in hard drives from Seagate, Hitachi, etc.. and it is NOT circumventable via the description in this article.

So a grave disservice is done with the headline "Ed Felten Defeats Hard Drive Encryption". He has done nothing of the kind. He has only circumvented one form of it. If he can defeat the encryption in the hard drive from Seagate I will then be MOST IMPRESSED.
[ link to this | view in chronology ]
Mikey, 22 Feb 2010 @ 12:37pm

I think people like Ed are absolutely invaluable to the encryption software industry. Without guys like him, his team and his peers pushing the tech forward, we may just be attacked more often. Think about it, if the good guys aren't cracking this code, who does that leave the job to?
[ link to this | view in chronology ]
fodder99 (profile), 30 Jun 2012 @ 10:09am

Ed Felten is an e security wizard !
[ link to this | view in chronology ]