Icy encryption tool protects laptops from "cold boot" attack, vendor says
- 14 May, 2008 08:36
The cold boot vulnerability allows hackers to steal encryption keys from dynamic RAM (DRAM) memory in laptops that have been recently powered down. While Microsoft says such an attack is unlikely, Princeton researchers in February said it is possible because data previously thought to disappear immediately from DRAM persists for a while after the computer has been shut off.
HyBlue's IceLock technology automatically deletes those keys out of memory and overwrites them with random data when there is a state change, such as screen saver activation, hibernation, or a user logging off or powering the computer down. When the user turns the computer back on, the normal password/login process ensues.
"They're the first ones I've seen that [erase the keys from DRAM]," says analyst Michael Santarcangelo of the Security Catalyst. "I think it's pretty clever."
The problem with similar products is they don't "have an awareness of their environment. They assume when you go to sleep or turn off the computer, that RAM is erased," says HyBlue CEO Matthew Sutton.
The cold boot attack is so named because it requires hackers to cool a computer's memory to -58 degrees Fahrenheit (-50 degrees Celsius), giving them as much as 10 minutes to examine the contents.
IceLock is available immediately on Windows XP and Vista for a discounted rate of US$49.95 per computer per year until July 1, 2008. After that, the price goes up to US$99.95 per computer per year. A Macintosh OSX version will be released later this year, and HyBlue intends to offer a similar product for smartphones this year.
While IceLock requires software to be downloaded onto each computer, the product's management tools are delivered over the Web in the software-as-a-service (SaaS) model. These tools include a Web-based central policy management and key recovery system, and ability to remotely wipe data from stolen or missing computers -- assuming the computer is connected to the Internet.
Santarcangelo credited HyBlue for not placing undue burdens on users. A user just needs a Windows login password and a second password to access a partitioned area that contains files protected by IceLock encryption, he notes.
IceLock is also one of only a few products that use ephemeral keys, Santarcangelo says. Essentially, the ephemeral key is assembled by the computer while it is booting up, and this key is used to unlock a second key which provides access to encrypted data, according to Sutton. This technique isolates a user's login and password from the actual cryptographic process, Sutton says.
"You don't have to have a big, long password to ensure the encryption has a complex key to it," he says. "We've generated 256-bit keys that we're managing behind the scenes for the users. They can have relatively simple passwords and still have good encryption."
When IceLock detects several failed attempts to enter a password, the ephemeral key is deleted. Then, even if a hacker is able to log into Windows, the encrypted files will be off limits.
Products that perform similar functions can be purchased from the vendors PGP, Credant, and the Check Point-owned Pointsec, Santarcangelo says. IceLock is the first such product he's seen offered as SaaS.