Cold Boot’ Encryption Hack...
March 2008
Users can keep thieves from stealing encrypted data by changing some settings in Windows, a Microsoft Corp. product manager said as he downplayed the threat posed by new research that shows how attackers can inspect a “ghost” of computer memory. A senior product manager for Windows Vista security reacted Friday to reports last week about a new low-tech technique that could be used to lift the encryption key used by Vista’s BitLocker or Mac OS X’s FileVault. Once an attacker has the key, of course, he could easily access the data locked away on an encrypted drive. The method – dubbed “Cold Boot” because criminals can boost their chances by cooling down the computer’s memory with compressed gas or even liquid nitrogen – relies on the fact that data does not disappear instantly when a system is turned off or enters “sleep” mode. Instead, the bits stored in memory chips decay slowly, relatively speaking. Cooling down memory to -58 degrees Fahrenheit (-50 degrees Celsius) would give attackers as long as 10 minutes to examine the contents of memory, said the researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems Inc. And when they pushed the envelope and submersed the memory in liquid nitrogen to bring the temperature down to -310 degrees Fahrenheit (-190 degrees Celsius), researchers saw just 0.17 percent data decay after an hour. But the Vista security blog contended that such a risk is unlikely, as an attacker would need physical access to a machine in “sleep” mode, rather than in “hibernate” mode or powered off. But even as the Vista security blog downplayed the chance of an attack, it also spelled out ways users of BitLocker – the full-disk encryption feature included in Vista Ultimate and Vista Enterprise – could protect their laptops from a Cold Boot.
Users can keep thieves from stealing encrypted data by changing some settings in Windows, a Microsoft Corp. product manager said as he downplayed the threat posed by new research that shows how attackers can inspect a “ghost” of computer memory. A senior product manager for Windows Vista security reacted Friday to reports last week about a new low-tech technique that could be used to lift the encryption key used by Vista’s BitLocker or Mac OS X’s FileVault. Once an attacker has the key, of course, he could easily access the data locked away on an encrypted drive. The method – dubbed “Cold Boot” because criminals can boost their chances by cooling down the computer’s memory with compressed gas or even liquid nitrogen – relies on the fact that data does not disappear instantly when a system is turned off or enters “sleep” mode. Instead, the bits stored in memory chips decay slowly, relatively speaking. Cooling down memory to -58 degrees Fahrenheit (-50 degrees Celsius) would give attackers as long as 10 minutes to examine the contents of memory, said the researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems Inc. And when they pushed the envelope and submersed the memory in liquid nitrogen to bring the temperature down to -310 degrees Fahrenheit (-190 degrees Celsius), researchers saw just 0.17 percent data decay after an hour. But the Vista security blog contended that such a risk is unlikely, as an attacker would need physical access to a machine in “sleep” mode, rather than in “hibernate” mode or powered off. But even as the Vista security blog downplayed the chance of an attack, it also spelled out ways users of BitLocker – the full-disk encryption feature included in Vista Ultimate and Vista Enterprise – could protect their laptops from a Cold Boot.
posted by arkietechs at 7:07 AM
0 Comments:
Post a Comment
<< Home