RR Phantom
Location : Wasted Space Job/hobbies : Cayman Islands Actuary
| Subject: Researchers develop simple method to steal encrypted computer data Sat Feb 23, 2008 8:25 pm | |
| A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.
The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.
The development, which was described Thursday on the group's Web site, could also have implications for the protection of encrypted personal data from prosecutors.
The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer's electrical power is shut off, the data, including the keys, are supposed to disappear.
In a technical paper published on the Web site of Princeton's Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.
When the chips were chilled using an inexpensive can of air, the data were frozen in place, permitting the researchers to easily read the keys - long strings of ones and zeros - out of the chip's memory.
Cool the chips in liquid nitrogen (minus 196 degrees Celsius, or minus 321 degrees Fahrenheit) "and they hold their state for hours at least, without any power," Edward Felten, a Princeton computer scientist, wrote in a Web posting. "Just put the chips back into a machine and you can read out their contents."
The researchers used special pattern-recognition software of their own to identify security keys among the millions or even billions of pieces of data on the memory chip.
"We think this is pretty serious to the extent people are relying on file protection," Felten said.
Link. :affraid: |
|