TRESOR Runs Encryption Securely Outside RAM

Current disk encryption techniques store necessary keys in RAM and are therefore susceptible to attacks that target volatile memory, such as Firewire and cold boot attacks. We present TRESOR, a Linux kernel patch that implements the AES encryption algorithm and its key management solely on the microprocessor. Instead of using RAM, TRESOR ensures that all encryption states as well as the secret key and any part of it are only stored in processor registers throughout the operational time of the system, thereby substantially increasing its security. Our solution takes advantage of Intel's new AES-NI instruction set and exploits the x86 debug registers in a non-standard way, namely as cryptographic key storage. TRESOR is compatible with all modern Linux distributions, and its performance is on a par with that of standard AES implementations.

[1]  Patrick Simmons,et al.  Security through amnesia: a software-based solution to the cold boot attack on disk encryption , 2011, ACSAC '11.

[2]  Andreas Dewald,et al.  AESSE: a cold-boot resistant implementation of AES , 2010, EUROSEC '10.

[3]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[4]  Jack Bilmes,et al.  Following instructions , 1988 .

[5]  ともやん KVM (Kernel-based Virtual Machine) - 仮想化 , 2009 .

[6]  Joe Grand,et al.  A hardware-based memory acquisition procedure for digital investigations , 2004, Digit. Investig..

[7]  Axel Funk,et al.  Die GNU General Public License, Version 3 , 2007 .

[8]  Jack J. Purdum,et al.  C programming guide , 1983 .

[9]  Ethan V. Munson,et al.  Is 100 Milliseconds Too Fast? , 2001, CHI Extended Abstracts.

[10]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[11]  stallman-richard-m-cygnus-solutions Debugging with GDB: The GNU Source-Level Debugger for GDB , 2000 .

[12]  Shreekant S. Thakkar,et al.  Internet Streaming SIMD Extensions , 1999, Computer.

[13]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[14]  Jeffrey Katcher,et al.  PostMark: A New File System Benchmark , 1997 .

[15]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[16]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.