Protecting Suspended Devices from Memory Attacks

Huber, Manuel; Horsch, Julian; Wessel, Sascha

doi:10.1145/3065913.3065914

Cited by 4 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Prior works have illustrated that trusted components can suffer power failures or crash fail, which can wipe out their states [38]. Further, these trusted components can face state rollback attacks [8,43], and the accompanying persistent memory can suffer data loss through malicious attacks [31,55]. If these attacks take place, byzantine replicas can manipulate the ordering of client requests, thereby violating application safety.…”

Section: Observationsmentioning

confidence: 99%

“…Existing trust-bft protocols expect Stateful trusted computations as they require their trusted components to be backed by persistent memory. However, recent works have illustrated that these trusted components and their accompanying memory hardware can face attacks such as power failure or rollbacks [8,31,43,55]. As a result, existing trust-bft protocols are stateless, which endangers safety.…”

Section: Trusted Bft Consensusmentioning

confidence: 99%

“…A simple variation of this attack is where the state of the trusted components are rollbacked to a previous state [8,43]. Further, recent works have illustrated that persistent memory can suffer data loss through malicious attacks [31,55].…”

Section: Excessive Trust For Safetymentioning

confidence: 99%

See 2 more Smart Citations

Dissecting BFT Consensus: In Trusted Components we Trust!

Gupta¹,

Rahnama²,

Pandey³

et al. 2022

Preprint

View full text Add to dashboard Cite

The growing interest in secure multi-party database applications has led to the widespread adoption of Byzantine Fault-Tolerant (bft) consensus protocols that can handle malicious attacks from byzantine replicas. Existing bft protocols permit byzantine replicas to equivocate their messages. As a result, they need f more replicas than Paxos-style protocols to prevent safety violations due to equivocation. This led to the design of trust-bft protocols, which require each replica to host an independent, trusted component.In this work, we analyze the design of existing trust-bft and make the following observations regarding these protocols: (i) they adopt weaker quorums, which prevents them from providing service in scenarios supported by their bft counterparts, (ii) they rely on the data persistence of trusted components at byzantine replicas, and (iii) they enforce sequential ordering of client requests.To resolve these challenges, we present solutions that facilitate the recovery of trust-bft protocols despite their weak quorums or data persistence dependence. Further, we present the design of lightweight, fast, and flexible protocols (FlexiTrust), which achieve up to 100% more throughput than their trust-bft counterparts.

show abstract

Section: Observationsmentioning

confidence: 99%

Section: Trusted Bft Consensusmentioning

confidence: 99%

See 1 more Smart Citation

Dissecting BFT Consensus: In Trusted Components we Trust!

Gupta¹,

Rahnama²,

Pandey³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…However, CryptKeeper is fragile versus Cold Boot attacks because it stores the encryption key in RAM. A related idea is in Huber et al [26]: the authors suggest to perform encryption of user space processes memory at suspend time, using the same key used for Full Disk Encryption (FDE). Yet another variant of this idea is presented in [25], where the system memory of portable devices, like notebooks and smartphones, is encrypted by means of the "freezer" infrastructure of the Linux kernel.…”

Section: Related Workmentioning

confidence: 99%

MemShield: GPU-Assisted Software Memory Encryption

Santucci¹,

Ingrassia²,

Picierro

et al. 2020

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Cryptographic algorithm implementations are vulnerable to Cold Boot attacks, which consist in exploiting the persistence of RAM cells across reboots or power down cycles to read the memory contents and recover precious sensitive data. The principal defensive weapon against Cold Boot attacks is memory encryption. In this work we propose MemShield, a memory encryption framework for user space applications that exploits a GPU to safely store the master key and perform the encryption/decryption operations. We developed a prototype that is completely transparent to existing applications and does not require changes to the OS kernel. We discuss the design, the related works, the implementation, the security analysis, and the performances of MemShield.

show abstract

“…Other approaches encrypt the RAM of devices [30], [31] or groups of processes during their suspension [32] (suspend to RAM). While those concepts protect suspended devices and processes, they cannot protect secrets in RAM owned by running processes.…”

Section: Related Workmentioning

confidence: 99%

TransCrypt: Transparent Main Memory Encryption Using a Minimal ARM Hypervisor

Horsch

Huber

Wessel

2017

2017 IEEE Trustcom/BigDataSE/Icess

Self Cite

View full text Add to dashboard Cite

Attacks on memory, revealing secrets, for example, via DMA or cold boot, are a long known problem. In this paper, we present TransCrypt, a concept for transparent and guestagnostic, dynamic kernel and user main memory encryption using a custom minimal hypervisor. The concept utilizes the address translation features provided by hardware-based virtualization support of modern CPUs to restrict the guest to a small working set of recently accessed physical pages. The rest of the pages, which constitute the majority of memory, remain securely encrypted. Furthermore, we present a transparent and guest-agnostic mechanism for recognizing pages to be excluded from encryption to still ensure correct system functionality, for example, for pages shared with peripheral devices. The detailed evaluation using our fully functional prototype on an ARM Cortex-A15 development board running Android shows that TransCrypt is able to effectively protect secrets in memory while keeping the performance impact small. For example, the system is able to keep the E-mail account password of a typical user in the Android mail app's memory encrypted 98.99% of the time, while still reaching 81.7% and 99.8% of native performance in different benchmarks.

show abstract

Protecting Suspended Devices from Memory Attacks

Cited by 4 publications

References 21 publications

Dissecting BFT Consensus: In Trusted Components we Trust!

Dissecting BFT Consensus: In Trusted Components we Trust!

MemShield: GPU-Assisted Software Memory Encryption

TransCrypt: Transparent Main Memory Encryption Using a Minimal ARM Hypervisor

Contact Info

Product

Resources

About