Abstract
Software-based disk encryption techniques store necessary keys in main memory and are therefore vulnerable to DMA and cold boot attacks which can acquire keys from RAM. Recent research results have shown operating system dependent ways to overcome these attacks. For example, the TRESOR project patches Linux to store AES keys solely on the microprocessor. We present TreVisor, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks. It builds upon BitVisor, a thin virtual machine monitor which implements various security features. Roughly speaking, TreVisor adds the encryption facilities of TRESOR to BitVisor, i. e., we move TRESOR one layer below the operating system into the hypervisor such that secure disk encryption runs transparently for the guest OS. We have tested its compatibility with both Linux and Windows and show positive security and performance results.
Chapter PDF
Similar content being viewed by others
Keywords
- Advance Encryption Standard
- Trust Platform Module
- Virtual Machine Monitor
- Guest Operating System
- USENIX Security Symposium
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wieger, J.: Intel Virtualization Technology for Directed I/O. Intel Technology Journal 10 (August 2006)
Aedla, J.: Linux Kernel CVE-2012-0056 Local Privilege Escalation Vulnerability (January 2012); Common Vulnerabilities and Exposures, http://www.securityfocus.com/bid/51625/
Becher, M., Dornseif, M., Klein, C.N.: FireWire - All Your Memory Are Belong To Us. In: Proceedings of the Annual CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada. Laboratory for Dependable Distributed Systems, RWTH Aachen University (2005)
Böck, B.: Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker. Secure Business Austria Research Lab (August 2009)
Carrier, B.D., Spafford, E.H.: Getting Physical with the Digital Investigation Process. IJDE 2(2) (2003)
Carbone, Bean, Salois: An in-depth analysis of the cold boot attack. Technical report, DRDC Valcartier, Defence Research and Development, Canada, Technical Memorandum (January 2011)
Cardwell, M.: Protecting a Laptop from Simple and Sophisticated Attacks (August 2011), https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks
Devine, C., Vissian, G.: Compromission physique par le bus PCI. In: Proceedings of SSTIC 2009. Thales Security Systems (June 2009)
Gueron, S.: Intel’s New AES Instructions for Enhanced Performance and Security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryptions Keys. In: Proceedings of the 17th USENIX Security Symposium, San Jose, CA, pp. 45–60. Princeton University, USENIX Association (2008)
Hulton, D.: Cardbus Bus-Mastering: 0wning the Laptop. In: Proceedings of ShmooCon 2006, Washington DC, USA (January 2006)
Intel Corporation. Intel 64 and IA-32 Architectures Developer’s Manual, Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C edition (December 2011)
Intel Corporation. Solid-State Drive 320 Series (2011), http://www.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-320-series.html
Rutkowska, J.: Evil Maid goes after TrueCrypt. The Invisible Things Lab (October 2009), http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
Johnson, C.: Protection of Sensitive Agency Information. U.S. Executive Office of the President, Washington, D.C. 20503 (June 2006)
Pabel, J.: Frozen Cache (January 2009), http://frozenchache.blogspot.com/
Microsoft Corporation. Windows BitLocker Drive Encryption: Technical Overview. Microsoft (July 2009)
Müller, T., Dewald, A., Freiling, F.: AESSE: A Cold-Boot Resistant Implementation of AES. In: Proceedings of the Third European Workshop on System Security (EUROSEC), Paris, France, pp. 42–47. RWTH Aachen / Mannheim University, ACM (April 2010)
Müller, T., Freiling, F., Dewald, A.: TRESOR Runs Encryption Securely Outside RAM. In: 20th USENIX Security Symposium, San Francisco, California. University of Erlangen-Nuremberg, USENIX Association (August 2011)
Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Panholzer, P.: Physical Security Attacks on Windows Vista. Technical report. SEC Consult Vulnerability Lab, Vienna (May 2008)
Parker, T.P., Xu, S.: A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 39–59. Springer, Heidelberg (2010)
Simmons, P.: Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption. CoRR, abs/1104.4843. University of Illinois at Urbana-Champaign (2011)
Ponemon, L.: 2010 Annual Study: U.S. Enterprise Encryption Trends. Ponemon Institute, Symantec (2010)
Graham, R.D.: Thunderbolt: Introducing a new way to hack Macs. Errata Security, http://erratasec.blogspot.com/2011/02/thunderbolt-introducing-new-way-to-hack.html (February 2011)
Sacco, A.L., Ortega, A.A.: Persistent BIOS Infection: The early bird catches the worm. In: Proceedings of the Annual CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada. Core Security Technologies (2009)
Gueron, S.: Intel Advanced Encryption Standard (AES) Instruction Set White Paper. Intel Corporation, Rev. 3.0 edn. Intel Mobility Group, Israel Development Center (January 2010)
Shinagawa, T., Eiraku, H., Omote, K., Hasegawa, S., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., Kato, K.: In: International Conference on Virtual Execution Environments, Washington, DC, USA. University of Tsukuba (March 2009)
Richard Stallman and Jerry Cohen. GNU General Public License Version 2. Free Software Foundation (June 1991)
TrueCrypt Foundation. TrueCrypt: Free Open-Source Disk Encryption Software for Windows, Mac OS and Linux (2010), http://www.truecrypt.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Müller, T., Taubmann, B., Freiling, F.C. (2012). TreVisor. In: Bao, F., Samarati, P., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2012. Lecture Notes in Computer Science, vol 7341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31284-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-31284-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31283-0
Online ISBN: 978-3-642-31284-7
eBook Packages: Computer ScienceComputer Science (R0)