Stealing Encryption Keys from Memory

A group at Princeton University has discovered a way to steal keys from memory even after a computer has been shutdown. The technique described here involves freezing a computer memory chip using quick blasts from an air can. This enabled the researchers access to the chips contents allowing it to obtain keys that could be used to decrypt data on a users hard drive.

Most modern operating systems have built in encryption methods. The issue is that most of these methods use the federal government’s certified Advanced Encryption System algorithm to scramble data as it is read from and written to a computer hard disk. Both programs leave the keys in computer memory in an unencrypted form allowing a person with access to the physical memory the ability to obtain these keys using the technique described.

This should have large implications with court proceedings seeking access to encrypted data. Previous court cases have ruled it unconstitutional to make a suspect reveal their password. This technique would bypass any need for a password.

It just goes to show you that what we perceive as being secure today may be just an illusion.

BillP
--
http://www.outervillage.com

_____________________

If you enjoyed this posting please subscribe to our RSS feed or submit it to your favorite social networks.