If the chips are kept at low temperatures, residual data can easily be recovered, researchers found.
Researchers from three groups on Thursday published research showing that disk-based encryption schemes across multiple operating systems can be circumvented to reveal protected data.
In the paper, "Lest We Remember: Cold Boot Attacks on Encryption Keys," the researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems revealed that computer memory, contrary to popular belief, retains data for a brief period after a computer is turned off and that cooling memory chips can prolong the persistence of data in memory.
As a consequence, disc-based encryption products that store decryption keys in memory, like Apple's FileVault, Linux's dm-crypt, Microsoft's BitLocker, are vulnerable to attack.
"Most experts assume that a computer's memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialized equipment," the paper says. "We show that these assumptions are incorrect. Ordinary DRAMs typically lose their contents gradually over a period of seconds, even at standard operating temperatures and even if the chips are removed from the motherboard, and data will persist for minutes or even hours if the chips are kept at low temperatures. Residual data can be recovered using simple, nondestructive techniques that require only momentary physical access to the machine."
In his blog post, Princeton computer science professor Edward W. Felten, one of the authors of the report, explains that cooling DRAM chips by spraying them with inverted cans of compressed air has the effect of freezing the data in memory for 10 minutes or more. If liquid nitrogen is used, the data can be preserved for hours without any power. During this period, a knowledgeable attacker could conduct a "cold boot" attack to access any encryption keys.
The findings raise serious questions about the ability of software-based disk encryption to protect against data theft. A FAQ document posted by the Center for Technology Policy at Princeton advises that computer users fully shut down their machines "several minutes before any situation in which the computers' physical security could be compromised."
In addition, the research paper warns that other data protection techniques, including DRM schemes and SSL sessions, could be vulnerable to this form of attack.
"There seems to be no easy fix for these problems," Felten said. "Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today's Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module."
"We're seeing that software-based protection isn't great, and that isn't a surprise to anyone," said Steven Sprague, CEO of Wave Systems, a maker software for hardware-based encryption systems. He said that TPM, while it may be vulnerable in bulk-encryption scenarios, should still be safe for authentication.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of October 9, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."