TRESOR-HUNT: attacking CPU-bound encryption

  title={TRESOR-HUNT: attacking CPU-bound encryption},
  author={Erik-Oliver Blass and William K. Robertson},
  booktitle={ACSAC '12},
Hard disk encryption is known to be vulnerable to a number of attacks that aim to directly extract cryptographic key material from system memory. Several approaches to preventing this class of attacks have been proposed, including Tresor [18] and LoopAmnesia [25]. The common goal of these systems is to confine the encryption key and encryption process itself to the CPU, such that sensitive key material is never released into system memory where it could be accessed by a DMA attack. In this… 

Figures and Tables from this paper

PRIME: private RSA infrastructure for memory-less encryption

With PRIME, this work presents a cold boot resistant infrastructure for private RSA operations, where all private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers.

Self-Encrypting Disks pose Self-Decrypting Risks How to break Hardware-based Full Disk Encryption

It is shown that depending on the configuration of a system, hardware-based full disk encryption is generally as insecure as software-based FDE and a new class of surprisingly simple attacks that exploit the fact that a self-encryption drive does not notice whether the SATA cable is replugged to a different computer.

Beyond Full Disk Encryption: Protection on Security-Enhanced Commodity Processors

On-going work to develop and measure a clean-slate operating system --- Bear --- that leverages on-chip encryption to provide confidentiality of code and data is described.

Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory

Through extensive experiments, it is shown that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.

A Primitive for Revealing Stealthy Peripheral-Based Attacks on the Computing Platform's Main Memory

BARM is implemented, a runtime monitor that permanently monitors bus activity to expose malicious memory access carried out by peripherals and not only detects and prevents DMA-based attacks but also runs without significant overhead due to the use of commonly available CPU features of the x86 platform.

Copker: A Cryptographic Engine Against Cold-Boot Attacks

Copker is a cryptographic engine that implements asymmetric cryptosystems entirely within the CPU, without storing any plain-text sensitive data in RAM, and provides cryptographic services that are secure against cold-boot attacks and introduce reasonable overhead.

PixelVault: Using GPUs for Securing Cryptographic Operations

PixelVault is presented, a system for keeping cryptographic keys and carrying out cryptographic operations exclusively on the GPU, which allows it to protect secret keys from leakage even in the event of full system compromise and significantly speeds up the processing throughput of cryptographic operations for server applications.

Hypnoguard: Protecting Secrets across Sleep-wake Cycles

To the best of the knowledge, Hypnoguard provides the first wakeup-time secure environment for authentication and key unlocking, without requiring per-application changes.

Implementation and implications of a stealth hard-drive backdoor

The difficulty of implementing such an attack is not limited to the area of government cyber-warfare; rather, it is well within the reach of moderately funded criminals, botnet herders and academic researchers.

CoKey: fast token-based cooperative cryptography

CoKey is presented, a novel concept for partially moving symmetric cryptography out of the host into a trusted detachable token that securely encrypts initialization vectors on the token which are then used in the cryptographic operations on the host.



Lest we remember: cold-boot attacks on encryption keys

It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.

TreVisor - OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks

TreVisor is presented, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks and builds upon BitVisor, a thin virtual machine monitor which implements various security features.

TRESOR Runs Encryption Securely Outside RAM

TRESOR, a Linux kernel patch that implements the AES encryption algorithm and its key management solely on the microprocessor, takes advantage of Intel's new AES-NI instruction set and exploits the x86 debug registers in a non-standard way, namely as cryptographic key storage.

AESSE: a cold-boot resistant implementation of AES

A method to implement disk drive encryption that is resistant to cold boot attacks is presented and AES is implemented and integrated into the Linux kernel in such a way that neither the secret key nor any parts of it leave the processor.

Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor

Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12

Kingpin: How One Hacker Took over the Billion-Dollar Cybercrime Underground

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground Kevin Poulsen. New York: Crown, 2011. 267 pp. $25Remember Robert T. Morris, Jr.? Kevin Mitnick? Other hackers, crackers,

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

Ex-hacker Kevin Poulsen pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative— and an unprecedented view into the twenty-first century.


Plot Summary Don Cobb (Leonardo di Caprio), who is hired by businesses to steal secrets from the subconscious of rivals during their dream states, has become an international fugitive as a result.

Security through amnesia: a software-based solution to the cold boot attack on disk encryption

Loop-Amnesia, a kernel-based disk encryption mechanism implementing a novel technique to eliminate vulnerability to the cold boot attack is presented, and a novel techniques for shielding multiple encryption keys from RAM and a mechanism for storing encryption keys inside the CPU that does not interfere with the use of SSE are contributed.

Safeguarding Your Data with Hitachi Bulk Data Encryption

  • Safeguarding Your Data with Hitachi Bulk Data Encryption
  • 2008