The Design of Rijndael
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Analysis of the Linux Random Number Generator
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Public-Key Cryptosystems Resilient to Key Leakage
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
AESSE: a cold-boot resistant implementation of AES
Proceedings of the Third European Workshop on System Security
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Forenscope: a framework for live forensics
Proceedings of the 26th Annual Computer Security Applications Conference
TRESOR runs encryption securely outside RAM
SEC'11 Proceedings of the 20th USENIX conference on Security
TRESOR-HUNT: attacking CPU-bound encryption
Proceedings of the 28th Annual Computer Security Applications Conference
Deadbolt: locking down android disk encryption
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
PRIME: private RSA infrastructure for memory-less encryption
Proceedings of the 29th Annual Computer Security Applications Conference
Memory encryption: A survey of existing techniques
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Disk encryption has become an important security measure for a multitude of clients, including governments, corporations, activists, security-conscious professionals, and privacy-conscious individuals. Unfortunately, recent research has discovered an effective side channel attack against any disk mounted by a running machine [23]. This attack, known as the cold boot attack, is effective against any mounted volume using state-of-the-art disk encryption, is relatively simple to perform for an attacker with even rudimentary technical knowledge and training, and is applicable to exactly the scenario against which disk encryption is primarily supposed to defend: an adversary with physical access. While there has been some previous work in defending against this attack [27], the only currently available solution suffers from the twin problems of disabling access to the SSE registers and supporting only a single encrypted volume, hindering its usefulness for such common encryption scenarios as data and swap partitions encrypted with different keys (the swap key being a randomly generated throw-away key). We present Loop-Amnesia, a kernel-based disk encryption mechanism implementing a novel technique to eliminate vulnerability to the cold boot attack. We contribute a novel technique for shielding multiple encryption keys from RAM and a mechanism for storing encryption keys inside the CPU that does not interfere with the use of SSE. We offer theoretical justification of Loop-Amnesia's invulnerability to the attack, verify that our implementation is not vulnerable in practice, and present measurements showing our impact on I/O accesses to the encrypted disk is limited to a slowdown of approximately 2x. Loop-Amnesia is written for x86-64, but our technique is applicable to other register-based architectures. We base our work on loop-AES, a state-of-the-art open source disk encryption package for Linux.