Decryption through memory theft
Of late we have seen a number of articles on a new way to get decryption keys, in this case, by pulling out the DRAM and reading it. You can see this demonstrated at http://citp.princeton.edu/memory/.
This is another threat that isn’t keeping us awake at night. For a start, while all our data is encrypted using Private Disk (see the November 2006 issue of ÆGIS), the keys are only in memory when the disk is mounted. When we leave the office, we dismount the virtual drive, and the keys disappear. I believe that the developers actually wrote the program.
But let us say that they didn’t do this. We are still not worried. In order for someone to get to the DRAM several things have to happen. First, the machine has to be unattended. Second, it has to have the keys still in DRAM, where it only stays for something between a few seconds and a few minutes. Putting aside all the other issues, if you shut down a machine and stay with it for two or three minutes, it is unlikely that this will be a problem for you in any real term.
We cannot, however, say the same for a key logger. If someone is able to plant a key logger (or key logger software) on your machine, then they will not only have the encryption keys, but also actual data that is entered. This seems to us to be a more realistic concern to us if someone can get access to a machine.
