splash

Home > insight > PGP Blogs > PGP CTO Blog

PGP CTO Blog

On the "Cold Boot" Attack on Computer Memory
25 February 2008

Last week, a research team that includes people from Princeton University and the EFF announced ways to read computer memory after a computer has been shut down. In this CTO Corner, I will discuss how it affects PGP® software in specific, but my explanation applies to other software in general.

The authors of this paper used their attack to compromise a number of encryption products, but they did not attack PGP software. I will also describe what we believe is and is not possible to do with this sort of attack on PGP software.

You can find the researchers' site at http://citp.princeton.edu/pub/coldboot.pdf. If you haven't read it, it is worth reading. You don't need to be especially technical to understand it.

The basic issue is one that we have known for years. When you turn off the power to a computer, the RAM does not instantly erase and fade into something that is neither zero nor one. Depending on many things, most importantly temperature, the memory fades. At normal temperatures, the memory fades completely in a minute or two. But if you chill the memory it fades slower. By using a can of compressed air, you can cool the memory to about -50 degrees and it will take tens of minutes to fade. If you are really adventurous and use liquid nitrogen, the memory state could last for hours.

It is important both to understand that this is a real attack, but not to panic too much. This is an attack on the memory of the computer, on the hardware itself. Cryptographic keys may be the juiciest things to pluck out of memory, but everything that was in memory is all there -- documents someone may have been editing, and so on.

Those of us who consider these things have known that this was at least in theory possible for some time. This team did two impressive things: they made it actually work, and they did some math to recover partially-damaged RSA and AES keys. This latter feat they did by looking at scratch variables that the encryption systems use, and back-deducing what some of the damaged bits of the keys must have been. The process is a bit like a big Sudoku game; when you play Sudoku, you deduce what is missing based on what is present.

Despite how dramatic this attack is, there is an easy fix for it. That is to clear the memory in which valuable information is held. The true risks come from software that relies on removing power from memory to clear it. Software that does not explicitly clear memory is at risk. Memory that has simply been written over is safe. We don't have to do it multiple times or anything special, we just have to clear it.

In short, there is an easy way to describe the problem. If you thought that computer memory fades instantly when you cut the power, you're wrong. You can remedy this problem by clearing memory when you're done with it.

In what I will call "normal operation" PGP software already does that, in almost all cases. If you use PGP® to decrypt an email, the memory that is used for the crypto is immediately cleared. If you dismount a disk protected by PGP® Virtual Disk, that memory is cleared. The danger comes from what I call "edge conditions" and I will describe those:

  • If you put your computer into "suspend" or "sleep" mode, the memory still has power to it. Any disks you have are still mounted even if they are not spinning. If someone takes a suspended laptop and drops it into a bath of liquid nitrogen, it's likely that they could get the keys for any mounted disks, be they Virtual Disks or WDE disks. It's also possible that they would fry the memory as they remove it, too. Remember, this is a running system, just running very slowly.
  • Contrast this with "hibernate" mode. When a computer is hibernated, the contents of its memory is written to disk, and then the computer is shut down. No residual power is supplied to the RAM, so it will fade in one to two minutes, just as if you had shut it off. It doesn't matter what software you are running; if you hibernate a machine with WDE, it will be safe in a couple of moments. (Note: the Cold Boot researchers say that hibernate mode is vulnerable, and they are wrong on this nit. A truly hibernated machine is turned off, but with a copy of RAM written to disk. These machines are safe, once memory has faded.)
  • If there is a hard power loss, such as pulling the battery from a laptop or yanking the power cord out from a server, there's next to nothing that software alone can do. There's next to nothing that hardware can do. We could design hardware and software to do something in this case, but you probably wouldn't pay for it. I wouldn't.
  • PGP uses a technique to avoid memory "burn-in" of the key bits in many places. This might be a partial amelioration. It might cause the key bits to fade a little faster. It might keep key bits from being captured from a suspended system (for example), but it is unlikely to help much. A number of people have asked me about this, and I don't think it helps much. Alex Halderman (one of the researchers), kindly gave me a heads-up about the research before it was announced. I asked him about this and he didn't think it would do much, either. The correct answer is to clear the memory.
  • PGP Virtual Disk has an option to dismount disks on suspend. If someone uses this, then they will be protected. However, this feature often doesn't work well because programs have open files. We also have a feature to dismount the disks even if there are open files, and this does solve the memory problem, but if a disk is dismounted in the middle of a write operation, you will lose data. I believe the risk of losing data from an interrupted write is greater than the risk of being attacked by muggers with liquid gas. Your situation may be different.

There is a related option to prevent suspend if a disk is mounted. It is now more useful than it was before, but just as annoying. (And it isn't available at all on Vista.) But the option to dismount a disk when it is idle is also more valuable.

  • On Windows, PGP will clear all passphrase caches on suspend. On the Macintosh, there is a preference for this. If you don't have that preference enabled, do so.
  • Windows does not dismount the boot disk of a computer before shutting down. Shipping versions of PGP® WDE (9.8.0 or earlier) do not dismount the boot disk before shutdown or hibernate. This means that there is a window of a minute or two while the memory holding the volume key fades. Our WDE engineers are working on a mechanism to deduce that the disk has been dismounted so that they can clear the memory. We expect to have a solution, but cannot commit to when or if we will succeed. Furthermore, WDE does not presently clear the key storage of removable disks. We expect to fix that in the next release of PGP software, but I can give no commitments on when that will ship.

Here is what we are doing immediately to further address the issue:

  • As I mentioned above, we are working on a solution to the WDE boot drives, and will make WDE clear key material for removable volumes.
  • We have verified that PGP Virtual Disk properly clears all key material and properly performs its anti-burn-in system.
  • We are adding the anti-burn-in system to PGP WDE.
  • We have audited and verified the PGP® memory management systems used by other parts of PGP software to make sure that they properly clear memory.
  • This is a hardware problem, and comprehensive solutions for it require hardware support. We have already started talking with our partners who are hardware manufacturers on how to come up with some new things. If you are with a hardware or BIOS company and you would like to talk to us, we'd like to talk to you, too. Send me an email.

Here are some more observations that you might find enlightening.

  • Think of this issue as being one about how you protect the keys when you go from a "running" to a "non-running" state. We can think of hibernation as a special case of shutting down. But we have to think of suspending as a special case of running. If we want to protect one of those running states, we have to clear keys, and this means closing down any encrypted objects.
  • External authentication using smart cards, tokens, TPMs, does not solve the problem. There have been reports of some people claiming that it does. It doesn't. Remember, this is very simple; there is some RAM that has a key, and that RAM needs to be cleared. Authentication doesn't clear memory. TPMs do not clear memory. The people who claim that a USB key helps at all are displaying their ignorance.
  • Other hardware devices such as disk drives with built-in encryption, bus encryptors, and so on, may or may not have this problem. If you don't know which way to bet, bet that they do. Any device that has RAM has the potential for this problem. Expect to see variations of this attack that can get the keys from VPN concentrators and other important devices.
  • On the other hand, devices that have sealed cases, memory that is soldered to the board, or other difficulties to getting there have a mitigation, in that it's much harder to attack them. This includes encrypting disk drives, but it also includes the new MacBook Air, which is now arguably the most secure laptop there is. Nonetheless, I know exactly how I'd grab the keys from an encrypting drive or a sealed laptop. It's harder to attack these devices and harder is good, but it is not impossible to attack them.
  • There is more reason to use WDE in conjunction with either Virtual Disk or NetShare. We have always said that the primary threat model for WDE is a machine that is shut down or hibernated. We have always pointed to the added benefits of the other forms of encryption. In his recent article on mobile data protection, Bruce Schneier touts PGP Virtual Disk. The PGP Encryption Platform gives you defense in depth. Defense in depth is good because the layers of protection give more security.
  • Ryan Singel's article in Wired quotes me extensively, and has the title of, "Encryption Still Good, Sleeping Mode Not So Much," which I think is a good summary.
  • This is a real attack, but it also has a bit of what we call a "movie-plot security threat" because it is in some respects more dramatic than realistic. There are plenty of people in this world who have movie-plot lives, but most people don't. All you really need to know is that when you turn your computer off, memory fades, it doesn't just zap itself.

I want to finish up with a summary to help you understand what you need to know.

This is an attack on hardware. It is an attack on the RAM of a computer. Any device that has RAM is subject to some form of this attack, because it is an attack on the RAM. Look very skeptically at anyone who says they have a complete solution. They're probably wrong, and they probably don't understand the issue.

Many very smart people don't really understand this, yet. I read the blog of a world-renowned scientist this weekend who said (I am summarizing) that it's okay for archival disks not to be encrypted because someone can just throw them in liquid nitrogen to read them. Liquid nitrogen or canned air does not dissolve cryptography. Encrypted ones and zeroes do not flip back to their unencrypted state when you cool them. I'm not going to say who this person was, because he doesn't really believe this, and I don't want to embarrass him. He just doesn't understand yet.

Don't panic. This is a new finding and it is dramatic and therefore scary. However, it probably doesn't affect you much. If it does affect you, you may decide to stop suspending your computer and use hibernate instead. All software developers now know that we cannot assume that shutting down a computer is the same thing as clearing memory. We are already taking action.

I hope this explains the situation with this attack, how it affects PGP software, and what we are doing about it. If you or anyone have any further questions, please do not hesitate to call or write me.

Jon

References:

The researchers' web site, includes paper and videos:
http://citp.princeton.edu/memory/

Declan McCullagh's article on CNet and photo gallery:
http://www.news.com/2300-1029_3-6230933-1.html
http://www.news.com/8301-13578_3-9876060-38.html

Ryan Singel's article in Wired:
http://blog.wired.com/27bstroke6/2008/02/encryption-stil.html

John Markoff's article in the NYT:
http://www.nytimes.com/2008/02/22/technology/22chip.html

PGP News Feed
Archives
Recent Posts

National Museum of Computing at Bletchley Park
09 Sep, 2008

Cold Boot Attack Commentary
24 Mar, 2008

Metrics that Matter
08 Feb, 2008

Smile When You Say That.
05 Oct, 2007

Why You Need Enterprise Data Protection
14 June, 2007

Media Contacts


North America
Christina Grenier
PGP Corporation
+1 650 543 3697
cgrenier@pgp.com

Tom Rice
Merritt Group
+1 703 856 2218
rice@merrittgrp.com

Germany
Ingrid Daschner
Johnson King
+49 (0) 89 8940 8511
ingridd@johnsonking.de

Japan
Kyosuke Wakairo
Powered Communications Inc.
+81 3 5211 7899
pgp@powered-communications.com

United Kingdom
Jacqui Depares
Johnson King
+44 (0)20 7401 7968
jacquid@johnsonking.co.uk