Popsicle Hack Tries to Chill Zeal for Hardware Security
Academic Paper Slams Trusted Platform Module
By Roger L. Kay
Frozen memory sticks will not undo the Trusted Platform Module (TPM), the silicon core of
security in most commercial notebook PCs.  Despite the fact that researchers have re-
discovered that volatile random access memory (RAM) can be made less volatile by freezing it,
thus allowing an intruder in some cases to remove encryption keys from notebook PCs at their
ease, hardware security is still the way to go.

In a paper recently published by Edward Felten et al from Princeton and picked up by John
Markoff of the New York Times in an article published Feb. 22, this particular security
vulnerability is brought to light in a most spectacular way.  The Times article is accompanied by
a photo of a frozen memory stick, looking for all the world like a digital popsicle, and the
Princeton authors claim that data is at risk because cooling the memory stick makes it act more
like non-volatile storage.  After removing the frozen memory from the PC, a perpetrator can take
his time to pick any encryption keys stored in main memory.

An unfortunate side effect of the Princeton paper (and of the Times article, which amplifies the
misimpression) is that the TPM, a silicon module that creates and stores keys, is unfairly
smeared.  The Princeton paper says, most damningly, “… using BitLocker [Microsoft’s full-disk
encryption utility] with a [TPM] sometimes makes it less secure, allowing an attacker to gain
access to the data even if the machine is stolen while it is completely powered off.”

The key word here is “sometimes,” but the real story turns out to be “never” — when the machine
is completely powered off.  The “sometimes” applies to when the system is in “sleep” mode.”  In
sleep, the system trickles just enough juice to memory to keep it refreshed so that the data
remains intact.  Sleep is used for faster wakeup.  If all the pre-sleep bits are still in main
memory when the user opens the notebook’s lid, the operating system can get back up and
going more quickly than it would if it had to go to the hard drive to find a saved-out version of
these bits, which is what happens when waking up from “hibernate,” a deeper form of sleep.

The focus of the paper, how access to keys in main memory, frozen or otherwise, allows a
hacker to decrypt an encrypted hard drive, highlights the fact that the cryptographic encoding of
large amounts of data (bulk encryption) — required for so-called full-drive encryption (FDE) —
involves placing a key in memory.  Although the TPM can generate and store keys, it cannot
undertake bulk encryption by itself.  This process can only occur when the key, the algorithm that
uses it, and the data to be encrypted are all in main memory at the same time.  Normally, the
operating system (OS) protects against a sniff of this vulnerable moment, but the user or his or
her company’s policies must do the right thing.  Otherwise, the data will be vulnerable.  

Clearly, access through the USB and firewire ports must be blocked on sensitive machines. All
a hacker has to do is attach an unmanaged system to an open port, launch is simple program,
and help himself to the contents of main memory.  No need to freeze it at all; just sniff it while the
machine is running.  This type of “lunchtime” attack assumes that a hacker can get at a running
system when the legitimate user is out of the room for a few minutes.  This type of attack leaves
no trace and doesn’t involve taking out memory sticks and popping them in the freezer.

Anyone who knows the security biz knows that there is no such thing as absolute security, only
reasonable security for a given situation.  Commercial-grade security is good enough for most
businesses, but spooks need a higher grade.  Security is achieved not through one monolithic
Maginot Line, but through a layered approach that takes into consideration the various obvious
and less obvious attacks.  So, protecting against someone opening your notebook when it’s
sleeping, spraying liquid nitrogen on your memory sticks, and absconding with them to another
machine to sniff out your drive password — and then returning to your machine, reinserting the
memory, and using your now-discovered password to crack your encrypted hard drive — is
clearly of a lower order of likelihood than just doing a port sniff, for a similar result, from your
unprotected USB while the machine is running and you’re not in the room.

While the popsicle hack makes great photos and interesting news copy, it is not the most
obvious avenue in.  Meanwhile, simple procedures that make correct use of the TPM can prevent
such hacks — as well as the much more obvious port sniff.  By disabling ports through policy,
an IT department or user can stop the obvious port hack.  By ensuring that computers left
unattended are not left in sleep state, but are either put in hibernate (which clears memory) or
shut down (same effect), the popsicle hack can be rendered toothless.

Best-practices recommendations by the Trusted Computing Group, the industry body charged
with developing and promulgating security standards, includes methods for ensuring that
memory is wiped as part of overall security procedures related to FDE.  The Princeton group did
a real disservice to the industry and PC customers by saying that TPMs make a popsicle attack
easier.  That assertion makes for sensationalist journalism, but doesn’t help with customers
who are tying to ensure that their data remains safe.

© 2008 Endpoint Technologies Associates, Inc.  All rights reserved.
Real World Security