HOW SECURE IS YOUR LAPTOP

The notebook/laptop computer is today’s essential business tool. But with even the best of technology, the mobile data in laptops is data at risk. And laptops with removable drives, thumb drives and portable data devices present their own set of security risks — any one can run out of your company doors with valuable IP/Product Design/Specifications/Data and even your customer database.

One recent study estimated that as much as 80 per cent of the business data that a company owns — customer files, product specifications, proposals, e-mail history files, contracts and financial information — is stored on notebook/laptop PCs. If your laptop/notebook breaks down, is stolen or hacked into, your productivity may be affected for weeks, and your company could even face significant financial loss. Multiply that by every laptop user in your organisation, and it’s a strong motivation to seek products with a reputation for reliability and security.But the million dollar question is – Is your laptop really secure?

Recently, Princeton researchers revealed that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. They demonstrated a method of chilling a Laptop memory chip to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, used with Linux. The research team was led by J. Alex Halderman at Princeton.

The method, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear. In a technical paper published on the Web site of Princeton’s Centre for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.

When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys — long strings of ones and zeroes — out of the chip’s memory. The Princeton researchers used special pattern-recognition software of their own to identify security keys among the millions or even billions of pieces of data on the memory chip.

This has proved that so-called Trusted Computing hardware, an industry standard approach heralded as significantly increasing the security of modern personal computers, does not appear to stop potential attacks.

Several possibilities for securing against this type of attack have been suggested by experts.

Change location of keys during runtime:

This has no bearing on this issue since the DRAM is literally frozen at the time of the attack. Mounting this attack via a key search algorithm such as the one suggested by the Princeton researchers renders the location of the keys, and whether or not they are periodically moved, irrelevant.

Fragment keys into discontinuous pieces to increase obfuscation:

Similar to changing the location of the keys, this suggestion has no effect on key recovery. While in use, the encryption key must be unified, and careful study of the encryption software prior to the attack will remove any difficulty the attacker might face. The purpose of encryption is to ensure that obfuscation such as this is unnecessary. While this may delay an attack, it will not prevent it. It will also slow down decryption during regular system use. Use multiple keys for different parts of the disk:

This suggestion prevents the entire contents of the disk from being exposed at one time during a single attack. However, multiple encryption keys require additional authentication if they are to avoid exposure in the same attack instance. Although this suggestion is valid and is implemented in many Full Disk Encryption solutions, there is no reasonable presumption that the most sensitive data is not on the exposed partition.

Multiple keys used in sequence to decrypt the disk:

This might delay an attack by adding an additional layer of complexity, but the DRAM attack would ensure that all keys are available to the attacker. Since the search algorithms employed by the author do not rely on decrypting plaintext to check for key integrity, the attacker will simply have a variety of keys to check in order to decrypt the data correctly.

Use longer encryption keys:

As the contents of DRAM decay, more and more key data is lost. The more key data lost, the larger the searchable key space is and the less likely that an attacker can reconstruct the correct key required for decryption.

Utilising a longer decryption key means a larger searchable key space and makes it statistically more likely that a sufficient degradation of the key will take place during the same period of time that a shorter key might still be recoverable. Although it goes without saying that longer keys mean more security, this does not eliminate a potential DRAM attack since DRAM decay has a steep acceleration curve and most decay occurs in a relatively brief period of time. However, as a precaution, one can employ the largest available key lengths and use AES 256 algorithms for encrypting the Data Encryption and Key Encryption Key.

Erase dram free space periodically during system run:

This suggestion does not offer any real solution. The encryption keys must be available during normal use, and wiping DRAM does nothing if the keys are immediately replaced or moved to a location with similar vulnerabilities. There is also no guarantee that DRAM space happens to be wiped immediately prior to the theft and shutdown of the notebook.

Force a complete erasure of dram during shutdown, hibernate, or standby:

This suggestion is valid in theory, but impractical in reality. Wiping out DRAM during standby is unfeasible because recovering from standby would be impossible.In the case of shutdown or hibernate mode, erasure of DRAM is advisable, but still does not eliminate the basic attack proposed by the Princeton authors. There is no guarantee that an attacker cannot completely cut power and prevent any erasure before it takes place.

Leave fake keys in dram which will erase the disk if implemented:

This suggestion is an inconvenience at best. An attacker using this attack method is not attempting to decrypt the contents of the drive via the Full Disk Encryption program. Therefore, there is no way for the computer to recognise and execute any command indicated by the fake key. At best, this suggestion is obfuscation again and will slightly delay the attacker by forcing him to attempt decryption with more than one key.

Take steps to make boot code disassembly difficult:

Aside from open-source implementations, all encryption software vendors take steps to ensure their software is difficult to disassemble in order to preserve their competitive advantage.

However, an attacker implementing this attack should be presumed to have the foresight and preparation time to obtain and sufficiently examine a copy of the drive owner’s software. The purpose of encryption is that data should be secure regardless of the amount of preparation or the length of time available for an attack.

Use a trusted platform module (tpm) in conjunction with full disk encryption (FDE):

The use of a TPM chip in conjunction with FDE does nothing to eliminate the possibility of a DRAM attack since the TPM chip does not perform the drive decryption and the key must be copied into memory in order for decryption to take place.

Clear memory at boot time:

Some computers can be configured to require that RAM be cleared at startup before loading any operating system. This would prevent an attacker from using the stolen laptop to perform the DRAM attack, but an attacker could still move the DRAM to a separate computer. Configuring laptops to clear RAM at power up, regardless, is recommended.

Block accessible ports:

Eliminating the possibility of booting from separable media eliminates the possibility of using the stolen laptop to perform the DRAM attack (as above), but suffers from the same weakness. The DRAM can be moved to a separate computer or the hard drive can be entirely replaced during the DRAM attack.

Software-based defence inadequate

Although the likelihood of an attacker being able to successfully steal a laptop and implement an attack before the DRAM decays is low at best, software-based FDE is theoretically vulnerable to this attack. Potential fixes by software vendors cannot eliminate the possibility entirely. However, for those extremely security conscious individuals or enterprises, newer hardware encryption technology exists that eliminates many of the difficulties posed by this attack.

Recently, hard drive vendors such as Hitachi and Seagate released products that implement hardware-based Full Disk Encryption in their hard disk drives. Intel has also announced the implementation of a Trusted Platform Module (TPM) as well as Full Disk Encryption in its new chip set to be released in the third quarter of 2008. These newer technologies share a distinct advantage over software-based encryption in terms of DRAM attacks — the data encryption keys never enter into computer memory and are thus not vulnerable to this sort of attack.