Security through amnesia: a software-based solution to the cold boot attack on disk encryption
@inproceedings{Simmons2011SecurityTA, title={Security through amnesia: a software-based solution to the cold boot attack on disk encryption}, author={Patrick Simmons}, booktitle={ACSAC '11}, year={2011} }
Disk encryption has become an important security measure for a multitude of clients, including governments, corporations, activists, security-conscious professionals, and privacy-conscious individuals. Unfortunately, recent research has discovered an effective side channel attack against any disk mounted by a running machine [23]. This attack, known as the cold boot attack, is effective against any mounted volume using state-of-the-art disk encryption, is relatively simple to perform for an…
105 Citations
A Systematic Assessment of the Security of Full Disk Encryption
- Computer ScienceIEEE Transactions on Dependable and Secure Computing
- 2015
It is shown that neither software- nor hardware-based FDE provides perfect security, nor is one clearly superior to the other, regarding physical access threats.
Amnesiac DRAM: A Proactive Defense Mechanism Against Cold Boot Attacks
- Computer ScienceIEEE Transactions on Computers
- 2021
A proactive defense mechanism, Amnesiac DRAM, is proposed and evaluated, that comprehensively prevents the cold boot attacks and locks itself and deletes all the remaining contents, making it amnesiac.
PRIME: private RSA infrastructure for memory-less encryption
- Computer Science, MathematicsACSAC
- 2013
With PRIME, this work presents a cold boot resistant infrastructure for private RSA operations, where all private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers.
Self-Encrypting Disks pose Self-Decrypting Risks How to break Hardware-based Full Disk Encryption
- Computer Science, Mathematics
- 2013
It is shown that depending on the configuration of a system, hardware-based full disk encryption is generally as insecure as software-based FDE and a new class of surprisingly simple attacks that exploit the fact that a self-encryption drive does not notice whether the SATA cable is replugged to a different computer.
Forward Secure On-device Encryption Scheme Withstanding Cold Boot Attack
- Computer Science, Mathematics2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing
- 2015
This paper state the impossibility of performing the read operation securely, when the device is in locked state, and proposes a new forward secure ODE scheme which supports secure writing in lock state and is more efficient when compared to the public key based solution.
Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory
- Computer Science2015 IEEE Symposium on Security and Privacy
- 2015
Through extensive experiments, it is shown that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.
Mimosa: Protecting Private Keys Against Memory Disclosure Attacks Using Hardware Transactional Memory
- Computer ScienceIEEE Transactions on Dependable and Secure Computing
- 2021
Through extensive experiments, it is shown that Mimosa effectively protects cryptographic keys against attacks that attempt to read sensitive data in memory, and introduces only a small performance overhead, even with concurrent cache-clogging workloads.
TreVisor - OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks
- Computer ScienceACNS
- 2012
TreVisor is presented, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks and builds upon BitVisor, a thin virtual machine monitor which implements various security features.
Hypnoguard: Protecting Secrets across Sleep-wake Cycles
- Computer ScienceCCS
- 2016
To the best of the knowledge, Hypnoguard provides the first wakeup-time secure environment for authentication and key unlocking, without requiring per-application changes.
TRESOR-HUNT: attacking CPU-bound encryption
- Computer Science, MathematicsACSAC '12
- 2012
The implementation of this attack demonstrates that it can be constructed in a reliable and OS-independent manner that is applicable to any CPU-bound encryption technique, IA32-based system, and DMA-capable peripheral bus, and its feasibility in real-world scenarios is supported.
References
SHOWING 1-10 OF 50 REFERENCES
AESSE: a cold-boot resistant implementation of AES
- Computer ScienceEUROSEC '10
- 2010
A method to implement disk drive encryption that is resistant to cold boot attacks is presented and AES is implemented and integrated into the Linux kernel in such a way that neither the secret key nor any parts of it leave the processor.
Lest we remember: cold-boot attacks on encryption keys
- Computer ScienceCACM
- 2009
It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.
TRESOR Runs Encryption Securely Outside RAM
- Computer Science, MathematicsUSENIX Security Symposium
- 2011
TRESOR, a Linux kernel patch that implements the AES encryption algorithm and its key management solely on the microprocessor, takes advantage of Intel's new AES-NI instruction set and exploits the x86 debug registers in a non-standard way, namely as cryptographic key storage.
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
- Computer Science, MathematicsTCC
- 2009
The public-key encryption scheme of Regev, and the identity-basedryption scheme of Gentry, Peikert and Vaikuntanathan are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secret-key, or more generally, can compute an arbitrary function of thesecret-key of bounded output length.
Leakage-Resilient Cryptography
- Computer Science, Mathematics2008 49th Annual IEEE Symposium on Foundations of Computer Science
- 2008
A stream-cipher S is constructed whose implementation is secure even if a bounded amount of arbitrary (adversarially chosen) information on the internal state of S is leaked during computation, and a lemma is proved that the output of any PRG has high HILLpseudoentropy even if arbitrary information about the seed is leaked.
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
- Computer Science2010 IEEE Symposium on Security and Privacy
- 2010
This paper presents HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control flow integrity and shows HyperSafe can reliably enable the hypervisor self- protection and provide the integrity guarantee with a small performance overhead.
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
- Computer ScienceSOSP
- 2007
A tiny hypervisor that ensures code integrity for commodity OS kernels, SecVisor ensures that only user-approved code can execute in kernel mode over the entire system lifetime, which protects the kernel against code injection attacks, such as kernel rootkits.
Related-Key Cryptanalysis of the Full AES-192 and AES-256
- Computer Science, MathematicsASIACRYPT
- 2009
This paper shows the first key recovery attack that works for all the keys and has 299.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has much higher complexity.
Forenscope: a framework for live forensics
- Computer ScienceACSAC '10
- 2010
Forenscope is presented, a framework that allows an investigator to examine the state of an active system without the effects of taint or forensic blurriness caused by analyzing a running system, and how Forenscope can fit into accepted workflows to improve the evidence gathering process.
Analysis of the Linux random number generator
- Computer Science2006 IEEE Symposium on Security and Privacy (S&P'06)
- 2006
A description of the underlying algorithms and exposes several security vulnerabilities of the Linux random number generator are presented, and an attack on the forward security of the generator is shown which enables an adversary who exposes the state of the generators to compute previous states and outputs.