Security through amnesia: a software-based solution to the cold boot attack on disk encryption

@inproceedings{Simmons2011SecurityTA,
  title={Security through amnesia: a software-based solution to the cold boot attack on disk encryption},
  author={Patrick Simmons},
  booktitle={ACSAC '11},
  year={2011}
}
Disk encryption has become an important security measure for a multitude of clients, including governments, corporations, activists, security-conscious professionals, and privacy-conscious individuals. Unfortunately, recent research has discovered an effective side channel attack against any disk mounted by a running machine [23]. This attack, known as the cold boot attack, is effective against any mounted volume using state-of-the-art disk encryption, is relatively simple to perform for an… 

Figures from this paper

A Systematic Assessment of the Security of Full Disk Encryption
TLDR
It is shown that neither software- nor hardware-based FDE provides perfect security, nor is one clearly superior to the other, regarding physical access threats.
Amnesiac DRAM: A Proactive Defense Mechanism Against Cold Boot Attacks
TLDR
A proactive defense mechanism, Amnesiac DRAM, is proposed and evaluated, that comprehensively prevents the cold boot attacks and locks itself and deletes all the remaining contents, making it amnesiac.
PRIME: private RSA infrastructure for memory-less encryption
TLDR
With PRIME, this work presents a cold boot resistant infrastructure for private RSA operations, where all private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers.
Self-Encrypting Disks pose Self-Decrypting Risks How to break Hardware-based Full Disk Encryption
TLDR
It is shown that depending on the configuration of a system, hardware-based full disk encryption is generally as insecure as software-based FDE and a new class of surprisingly simple attacks that exploit the fact that a self-encryption drive does not notice whether the SATA cable is replugged to a different computer.
Forward Secure On-device Encryption Scheme Withstanding Cold Boot Attack
  • S. Vivek, Rajkumar Ramasamy
  • Computer Science, Mathematics
    2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing
  • 2015
TLDR
This paper state the impossibility of performing the read operation securely, when the device is in locked state, and proposes a new forward secure ODE scheme which supports secure writing in lock state and is more efficient when compared to the public key based solution.
Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory
TLDR
Through extensive experiments, it is shown that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.
Mimosa: Protecting Private Keys Against Memory Disclosure Attacks Using Hardware Transactional Memory
TLDR
Through extensive experiments, it is shown that Mimosa effectively protects cryptographic keys against attacks that attempt to read sensitive data in memory, and introduces only a small performance overhead, even with concurrent cache-clogging workloads.
TreVisor - OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks
TLDR
TreVisor is presented, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks and builds upon BitVisor, a thin virtual machine monitor which implements various security features.
Hypnoguard: Protecting Secrets across Sleep-wake Cycles
TLDR
To the best of the knowledge, Hypnoguard provides the first wakeup-time secure environment for authentication and key unlocking, without requiring per-application changes.
TRESOR-HUNT: attacking CPU-bound encryption
TLDR
The implementation of this attack demonstrates that it can be constructed in a reliable and OS-independent manner that is applicable to any CPU-bound encryption technique, IA32-based system, and DMA-capable peripheral bus, and its feasibility in real-world scenarios is supported.
...
...

References

SHOWING 1-10 OF 50 REFERENCES
AESSE: a cold-boot resistant implementation of AES
TLDR
A method to implement disk drive encryption that is resistant to cold boot attacks is presented and AES is implemented and integrated into the Linux kernel in such a way that neither the secret key nor any parts of it leave the processor.
Lest we remember: cold-boot attacks on encryption keys
TLDR
It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.
TRESOR Runs Encryption Securely Outside RAM
TLDR
TRESOR, a Linux kernel patch that implements the AES encryption algorithm and its key management solely on the microprocessor, takes advantage of Intel's new AES-NI instruction set and exploits the x86 debug registers in a non-standard way, namely as cryptographic key storage.
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TLDR
The public-key encryption scheme of Regev, and the identity-basedryption scheme of Gentry, Peikert and Vaikuntanathan are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secret-key, or more generally, can compute an arbitrary function of thesecret-key of bounded output length.
Leakage-Resilient Cryptography
TLDR
A stream-cipher S is constructed whose implementation is secure even if a bounded amount of arbitrary (adversarially chosen) information on the internal state of S is leaked during computation, and a lemma is proved that the output of any PRG has high HILLpseudoentropy even if arbitrary information about the seed is leaked.
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
TLDR
This paper presents HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control flow integrity and shows HyperSafe can reliably enable the hypervisor self- protection and provide the integrity guarantee with a small performance overhead.
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
TLDR
A tiny hypervisor that ensures code integrity for commodity OS kernels, SecVisor ensures that only user-approved code can execute in kernel mode over the entire system lifetime, which protects the kernel against code injection attacks, such as kernel rootkits.
Related-Key Cryptanalysis of the Full AES-192 and AES-256
TLDR
This paper shows the first key recovery attack that works for all the keys and has 299.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has much higher complexity.
Forenscope: a framework for live forensics
TLDR
Forenscope is presented, a framework that allows an investigator to examine the state of an active system without the effects of taint or forensic blurriness caused by analyzing a running system, and how Forenscope can fit into accepted workflows to improve the evidence gathering process.
Analysis of the Linux random number generator
TLDR
A description of the underlying algorithms and exposes several security vulnerabilities of the Linux random number generator are presented, and an attack on the forward security of the generator is shown which enables an adversary who exposes the state of the generators to compute previous states and outputs.
...
...