Security Software Is RAM really volatile?

[S@ndeep]

Princeton University Paper states this program to experiment ur RAM.

Advanced users can try to observe memory remanence effects on their own systems by performing this simple experiment. (These instructions are written for Linux machines, but they can be adapted for other operating systems.)

1. Create a Python program with the following code:

#!/usr/bin/env python

# a pirate's favorite chemical element
a = ""
while 1: a += "ARGON"

This program will fill memory with copies of the word “ARGONâ€.
2. Run the sync command to flush any cached data to the hard disk.

3. Start the Python program, and allow it to run for several minutes. It won’t display anything on the screen, but after a while you should see hard drive activity as the memory fills and data gets swapped to disk.

4. Deliberately crash the system by turning the power off and on again or briefly removing the battery and power cord.

5. After the system reboots, look for the “ARGON†pattern in memory. You can use the following command to print strings of text contained in RAM:

sudo strings /dev/mem | less

If you see copies of the string “ARGONâ€, some of the contents of memory survived the reboot. You’ll see many other strings that were loaded into memory when the system restarted, and possibly other data left over from before it rebooted.

If you don’t see any copies of the pattern, possible explanations include (1) you have ECC (error-correcting) RAM, which the BIOS clears at boot; (2) your BIOS clears RAM at boot for another reason (try disabling the memory test or enabling “Quick Boot†mode); (3) your RAM’s retention time is too short to be noticeable at normal temperatures. In any case, your computer might still be vulnerable — an attacker could cool the RAM so that the data takes longer to decay and/or transfer the memory modules to a computer that doesn’t clear RAM at boot and read them there.

Source

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Read the full article at: Center for Information Technology Policy Lest We Remember: Cold Boot Attacks on Encryption Keys

 

[Sasuke_Itachi]

Interesting.But is it practically dangerous unless some one has physical access and LN2?