News

posted on 22 February 2008 09:45

---

Princeton University researchers have demonstrated the reading of sensitive information from computer memory that has been switched off. This compromises the security of Trusted Computing hardware systems and opens their supposed security reliability to doubt.

In a published paper Princeton’s Center for Information Technology Policy group write: "Most experts assume that a computer’s memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialized equipment. We show that these assumptions are incorrect. Ordinary DRAMs typically lose their contents gradually over a period of seconds, even at standard operating temperatures and even if the chips are removed from the motherboard, and data will persist for minutes or even hours if the chips are kept at low temperatures. Residual data can be recovered using simple, nondestructive techniques that require only momentary physical access to the machine."

A spray can of cold air can be used to preserve DRAM data for a few seconds after switch off. Putting the chips in liquid nitrogen will preserve the data for hours.

When the DRAM holds encryption keys to data held on disk then the entire security of encrypted systems can be compromised. These keys can be recognised by pattern-recognition software.

The researchers successfully read encrypted information, using special utility software, from Apple, Microsoft and Linux systems.

Apple's FileVault is a disk encryption function of Mac OS X. BitLocker is a file encryption function in Vista. Both functions hold the encryption keys in memory in unencrypted form.

It looks as if additional hardware security is going to be needed, such as a DRAM flush process at computer switch-off.

Both Apple and Microsoft have additional hardware protection available or being investigated.