Jefferson's Wheel

A group at Princeton has released an interesting paper showing that encryption keys can be read from DRAM even after power is lost: Lest We Remember: Cold Boot Attacks on Encryption Keys. 

The research team includes Joseph Calandrino, who was a UVa undergraduate student, as well as J. Alex Halderman, Seth Schoen, Nadia Heninger, William Clarkson, William Paul, Ariel Feldman, Jacob Appelbaum, and Edward Felten.

It seems that most encrypted disk drives (any drive where the key is stored in the host’s DRAM) are likely to be vulnerable to this attack. This work seems to provide further support for moving more processing to the disk itself – if the disk processor performs all the encryption and decryption directly, there is no need to move the key into the host memory at all (where this work provides even more evidence that it becomes difficult to protect).

[Added 23 Feb]: New York Times article

Karsten Nohl, in collaboration with Starbug and Henryk Plötz, has reverse-engineered the encryption algorithm used in Mifare Classic RFID tags, and identified several serious weaknesses in the ciper design and the way it generated random numbers. Mifare tags are used in several large public transportation systems including London Transport’s Oyster cards, and the Dutch government was planning to used them for the nationwide OV-Chipkaart system, but is reconsidering this in light of the revealed security weaknesses. The work involved reverse engineering the cipher from images of its hardware implementation.

The results were announced at the Chaos Communication Congress (December 28). Here’s Karsten’s talk (including a link to a video): Mifare: Little Security, Despite Obscurity.

Some posts about this work include:

• Schneier on Security (Bruce Schneier), Dutch RFID Transit Card Hacked
• Freedom to Tinker (Ed Felten), New $2B Dutch Transport Card is Insecure.
• Andy Tanenbaum, Dutch Public Transit Card Broken (includes links to many Dutch newspaper articles).

Karsten will also be giving a talk about this work at the RFID Security Workshop at Johns Hopkins University, January 23-24.