Apple + Security & Privacy

FileVault Encryption is Not As Secure as Previously Thought

Posted on February 22nd, 2008 by

A group of researchers at Princeton University has just published a novel way to defeat disk encryption such as Apple’s FileVault or Microsoft’s BitLocker. These systems encrypt entire discs or large sections thereof – FileVault encrypts a user’s home folder – and use special keys to allow the computers to read files.

The researchers discovered that, because of the way DRAM (dynamic random access memory) chips work, the data they read and write does not go away as soon as computers are turned off, but rather may linger for several minutes. Using canned air to cool the chips, the researchers were able to “freeze” their contents, and using software that they developed, they managed to find the keys used for disk encryption on the chips.

The danger arises only when a computer is asleep, or in screen saver mode with or without password protection. If the computer has been turned off completely, any action to defeat the encryption would have to be taken immediately. But when asleep or in screen saver mode, the computer’s RAM still contains the data needed to decrypt files.

This highlights that, even though the software is able to ensure security, there can still be unexpected weaknesses in the hardware used. Since people tend to take hardware for granted, security researchers tend to focus on the strength of software – in this case encryption keys – without considering that there may be other vulnerabilities.

Here is the abstract to their paper outlining this procedure:

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Comments are closed.