MemShield: GPU-Assisted Software Memory Encryption
Pages 323 - 343
Abstract
Cryptographic algorithm implementations are vulnerable to Cold Boot attacks, which consist in exploiting the persistence of RAM cells across reboots or power down cycles to read the memory contents and recover precious sensitive data. The principal defensive weapon against Cold Boot attacks is memory encryption. In this work we propose MemShield, a memory encryption framework for user space applications that exploits a GPU to safely store the master key and perform the encryption/decryption operations. We developed a prototype that is completely transparent to existing applications and does not require changes to the OS kernel. We discuss the design, the related works, the implementation, the security analysis, and the performances of MemShield.
References
[1]
Arcangeli, A.: aa.git repository. https://git.kernel.org/pub/scm/linux/kernel/git/andrea/aa.git/. Accessed 17 Sept 2019
[2]
Bauer J, Gruhn M, and Freiling FC Lest we forget: cold-boot attacks on scrambled DDR3 memory Digit. Invest. 2016 16 S65-S74
[3]
Bernstein, D.J.: ChaCha, a variant of Salsa20. In: Workshop Record of SASC, vol. 8, pp. 3–5 (2008)
[4]
Blass, E.O., Robertson, W.: TRESOR-HUNT: attacking CPU-bound encryption. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 71–78. ACM, New York (2012)
[5]
Carbone, R., Bean, C., Salois, M.: An in-depth analysis of the Cold Boot attack: can it be used for sound forensic memory acquisition? Technical report DRDC Valcartier TM 2010–296, Defence R&D Canada - Valcartier, January 2011
[6]
Cesati, M., Mancuso, R., Betti, E., Caccamo, M.: A memory access detection methodology for accurate workload characterization. In: 2015 IEEE 21st International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA), pp. 141–148, August 2015
[7]
Chen, X., Dick, R.P., Choudhary, A.: Operating system controlled processor-memory bus encryption. In: 2008 Design, Automation and Test in Europe, pp. 1154–1159, March 2008
[8]
Chen Y, Khandaker M, and Wang Z Dacier M, Bailey M, Polychronakis M, and Antonakakis M Secure in-cache execution Research in Attacks, Intrusions, and Defenses 2017 Cham Springer 381-402
[9]
Choudhuri, A.R., Maitra, S.: Differential cryptanalysis of Salsa and ChaCha–an evaluation with a hybrid model. IACR Cryptology ePrint Archive 2016, 377 (2016)
[10]
Kaplan, D., Powell, J., Woller, T.: AMD memory encryption whitepaper (2016)
[11]
Dey S and Sarkar S Improved analysis for reduced round Salsa and Chacha Discret. Appl. Math. 2017 227 58-69
[12]
Di Pietro, R., Lombardi, F., Villani, A.: CUDA leaks: a detailed hack for CUDA and a (partial) fix. ACM Trans. Embed. Comput. Syst. 15(1), 15:1–15:25 (2016)
[13]
Durumeric, Z., et al.: The matter of Heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 475–488. ACM, New York (2014)
[14]
Edelson, D.: Fault interpretation: fine-grain monitoring of page accesses. Technical report, University of California at Santa Cruz (1992)
[15]
Emelyanov, P.: CRIU: Checkpoint/restore in userspace, July 2011. https://criu.org
[16]
Götzfried, J., Dörr, N., Palutke, R., Müller, T.: HyperCrypt: hypervisor-based encryption of kernel and user space. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 79–87, August 2016
[17]
Götzfried, J., Müller, T., Drescher, G., Nürnberger, S., Backes, M.: RamCrypt: kernel-based address space encryption for user-mode processes. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 919–924. ACM, New York (2016)
[18]
Gruhn, M.: Forensically sound data acquisition in the age of anti-forensic innocence, Ph.D. thesis, Der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg, November 2016
[19]
Guan, L., et al.: Protecting mobile devices from physical memory attacks with targeted encryption. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019, pp. 34–44. ACM (2019)
[20]
Götzfried, J., Müller, T.: ARMORED: CPU-bound encryption for Android-driven ARM devices. In: 2013 International Conference on Availability, Reliability and Security, pp. 161–168, September 2013
[21]
Halderman JA et al. Lest we remember: cold-boot attacks on encryption keys Commun. ACM 2009 52 5 91-98
[22]
Henson M and Taylor S Jacobson M, Locasto M, Mohassel P, and Safavi-Naini R Beyond full disk encryption: protection on security-enhanced commodity processors Applied Cryptography and Network Security 2013 Heidelberg Springer 307-321
[23]
Henson, M., Taylor, S.: Memory encryption: a survey of existing techniques. ACM Comput. Surv. 46(4), 53:1–53:26 (2014)
[24]
Horsch, J., Huber, M., Wessel, S.: TransCrypt: transparent main memory encryption using a minimal ARM hypervisor. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 152–161, August 2017
[25]
Huber M, Horsch J, Ali J, and Wessel S Freeze and Crypt: Linux kernel support for main memory encryption Comput. Secur. 2019 86 420-436
[26]
Huber, M., Horsch, J., Wessel, S.: Protecting suspended devices from memory attacks. In: Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, pp. 10:1–10:6. ACM, New York (2017)
[27]
Intel®: Memory encryption technologies specification. Technical report, Intel Corp., April 2019
[28]
Intel®: Software Guard Extensions. Accessed 9 Sept 2019
[29]
Jang, I., Tang, A., Kim, T., Sethumadhavan, S., Huh, J.: Heterogeneous isolated execution for commodity GPUs. In: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, pp. 455–468. ACM (2019)
[30]
King, C.: Stress-NG test suite (2011). https://kernel.ubuntu.com/~cking/stress-ng
[31]
Lin J, Guan L, Ma Z, Luo B, Xia L, and Jing J Copker: a cryptographic engine against cold-boot attacks IEEE Trans. Dependable Secure Comput. 2016 15 742-754
[32]
Maitra S Chosen IV cryptanalysis on reduced round ChaCha and Salsa Discret. Appl. Math. 2016 208 88-97
[33]
Ml̈ler, T., Dewald, A., Freiling, F.: AESSE: a cold-boot resistant implementation of AES. In: Proceedings of the Third European Workshop on System Security, EUROSEC 2010, pp. 42–47 (2010)
[34]
Mofrad, S., Zhang, F., Lu, S., Shi, W.: A comparison study of Intel SGX and AMD memory encryption technology. In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2018, pp. 9:1–9:8. ACM, New York (2018)
[35]
Müller, T.: Cold-Boot resistant implementation of AES in the Linux kernel. Master thesis, RWTH Aachen University, May 2010
[36]
Ml̈ler, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: USENIX Security Symposium, vol. 17 (2011)
[37]
Nickolls J, Buck I, Garland M, and Skadron K Scalable parallel programming with CUDA Queue 2008 6 2 40-53
[38]
NVIDIA®: CUDA toolkit. https://developer.nvidia.com/cuda-toolkit
[39]
Papadopoulos P, Vasiliadis G, Christou G, Markatos E, and Ioannidis S Foley SN, Gollmann D, and Snekkenes E No sugar but all the taste! Memory encryption without architectural support Computer Security – ESORICS 2017 2017 Cham Springer 362-380
[40]
Peterson, P.A.H.: CryptKeeper: improving security with encrypted RAM. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), pp. 120–126, November 2010
[41]
Rybczyńska, M.: A proposed API for full-memory encryption, January 2019. https://lwn.net/Articles/776688
[42]
Simmons, P.: Security through Amnesia: a software-based solution to the Cold Boot attack on disk encryption. Computing Research Repository - CORR, April 2011
[43]
Stoyanov R and Kollingbaum MJ Yokota R, Weiland M, Shalf J, and Alam S Efficient live migration of Linux containers High Performance Computing 2018 Cham Springer 184-193
[44]
Suetake, M., Kizu, H., Kourai, K.: Split migration of large memory virtual machines. In: Proceedings of the 7th ACM SIGOPS Asia-Pacific Workshop on Systems, APSys 2016, pp. 4:1–4:8. ACM, New York (2016)
[45]
TCG platform reset attack mitigation specification. Technical report, Trusted Computing Group (2008). https://www.trustedcomputinggroup.org/wp-content/uploads/Platform-Reset-Attack-Mitigation-Specification.pdf
[46]
Tews, E.: Frozencache-mitigating cold-boot attacks for full-disk-encryption software. In: 27th Chaos Communication Congress, December 2010
[47]
Userfaultfd. Man page on kernel.org. https://www.kernel.org/doc/Documentation/vm/userfaultfd.txt. Accessed 30 Aug 2019
[48]
Vasiliadis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Pixelvault: using GPUs for securing cryptographic operations. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1131–1142. ACM (2014)
[49]
Volos, S., Vaswani, K., Bruno, R.: Graviton: trusted execution environments on GPUs. In: 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2018), pp. 681–696. USENIX Association, Carlsbad, October 2018
[50]
Vömel S and Freiling FC A survey of main memory acquisition and analysis techniques for the Windows operating system Digit. Invest. 2011 8 3-22
[51]
Vömel S and Freiling FC Correctness, atomicity, and integrity: defining criteria for forensically-sound memory acquisition Digit. Invest. 2012 9 125-137
[52]
Wang Z, Zheng F, Lin J, Dong J, et al. Naccache D et al. Utilizing GPU virtualization to protect the private keys of GPU cryptographic computation Information and Communications Security 2018 Cham Springer 142-157
[53]
Würstlein A, Gernoth M, Götzfried J, and Müller T Hannig F, Cardoso JMP, Pionteck T, Fey D, Schröder-Preikschat W, and Teich J Exzess: hardware-based RAM encryption against physical memory disclosure Architecture of Computing Systems – ARCS 2016 2016 Cham Springer 60-71
[54]
Yitbarek, S.F., Aga, M.T., Das, R., Austin, T.: Cold Boot attacks are still hot: security analysis of memory scramblers in modern processors. In: 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA), pp. 313–324, February 2017
[55]
Zhang M, Zhang Q, Zhao S, Shi Z, and Guan Y Softme: a software-based memory protection approach for tee system to resist physical attacks Secur. Commun. Netw. 2019 2019 1-12
[56]
Zhu, Z., Kim, S., Rozhanski, Y., Hu, Y., Witchel, E., Silberstein, M.: Understanding the security of discrete GPUs. In: Proceedings of the General Purpose GPUs, GPGPU 2010, pp. 1–11. ACM, New York (2017)
Index Terms
- MemShield: GPU-Assisted Software Memory Encryption
Index terms have been assigned to the content through auto-classification.
Recommendations
Identity-based proxy re-encryption version 2
Proxy re-encryption (PRE) enables an authorized proxy to convert a ciphertext under Alice's public key into a ciphertext under Bob's public key without exposing the encrypted message. In existing PRE systems, the original ciphertexts and the re-encrypted ...
Trapdoor security in a searchable public-key encryption scheme with a designated tester
We study a secure searchable public-key encryption scheme with a designated tester (dPEKS). The contributions of this paper are threefold. First, we enhance the existing security model to incorporate the realistic abilities of dPEKS attackers. Second, ...
Memory encryption for smart cards
CARDIS'11: Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced ApplicationsWith the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. ...
Comments
Information & Contributors
Information
Published In
Oct 2020
488 pages
ISBN:978-3-030-57877-0
DOI:10.1007/978-3-030-57878-7
© Springer Nature Switzerland AG 2020.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 19 October 2020
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 04 Feb 2025