A number of simple changes will make sleeping laptops immune to having their encryption keys filched from memory, a Windows Vista security expert said last week.
On Thursday, a group of security researchers published a paper that revealed a method of stealing encryption keys from the memory of laptops that have been put to sleep or just shut down. The technique also works more than 10 minutes after the computer is shut down, if the data thief can cool the memory chips using a can of compressed air.
In a post to the Windows Vista Security blog, a Microsoft manager pointed out, however, that laptop users that are willing to slightly reduce a notebook computer's ease of use can foil such attacks.
"The thing to keep in mind here is the old adage of balancing security, usability and risk," Russ Humphries, Microsoft's senior product manager for Windows Vista security, said on the company's blog. "For example BitLocker provides several options that allow for a user -- or more likely Administrator -- to increase their security protections but at the cost of somewhat lowering ease-of-use."
Security researchers have poked holes in encryption algorithms in the past. In 2003, Swiss security researchers found a timing attack that could reveal the keys to messages encrypted with Secure Sockets Layer (SSL). In 2005, three Chinese researchers found ways to successively weaken a hash function known as the Secure Hash Algorithm (SHA-1) commonly used to digitally sign documents.
In the latest paper, researchers found that they could retrieve keys stored in a computer's primary memory by common security software, including Microsoft's BitLocker and Apple's FileVault. While some computers exhibit complete data loss in a few seconds at room temperature, by lowering the temperature of a computer's primary memory to -50 degrees Celsius using compressed air, 99.9 percent of the data stored in memory can be reliably retrieved up to a minute later. In some cases, the researchers could retrieve the data more than 10 minutes after the computer was shutdown.
By using error-correction methods, the researchers were able to retrieve encryption keys stored to memory, even in the presence of significant errors.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos