Abstract:Today's computing devices keep considerable amounts of sensitive data unencrypted in RAM. When stolen, lost or simply unattended, attackers are capable of accessing the data in RAM with ease. Valuable and possibly classified data falling into the wrongs hands can lead to severe consequences, for instance when disclosed or reused to log in to accounts or to make transactions. We present a lightweight and hardware-independent mechanism to protect confidential data on suspended Linux devices against physical atta… Show more
“…Prior works have illustrated that trusted components can suffer power failures or crash fail, which can wipe out their states [38]. Further, these trusted components can face state rollback attacks [8,43], and the accompanying persistent memory can suffer data loss through malicious attacks [31,55]. If these attacks take place, byzantine replicas can manipulate the ordering of client requests, thereby violating application safety.…”
Section: Observationsmentioning
confidence: 99%
“…Existing trust-bft protocols expect Stateful trusted computations as they require their trusted components to be backed by persistent memory. However, recent works have illustrated that these trusted components and their accompanying memory hardware can face attacks such as power failure or rollbacks [8,31,43,55]. As a result, existing trust-bft protocols are stateless, which endangers safety.…”
Section: Trusted Bft Consensusmentioning
confidence: 99%
“…A simple variation of this attack is where the state of the trusted components are rollbacked to a previous state [8,43]. Further, recent works have illustrated that persistent memory can suffer data loss through malicious attacks [31,55].…”
The growing interest in secure multi-party database applications has led to the widespread adoption of Byzantine Fault-Tolerant (bft) consensus protocols that can handle malicious attacks from byzantine replicas. Existing bft protocols permit byzantine replicas to equivocate their messages. As a result, they need f more replicas than Paxos-style protocols to prevent safety violations due to equivocation. This led to the design of trust-bft protocols, which require each replica to host an independent, trusted component.In this work, we analyze the design of existing trust-bft and make the following observations regarding these protocols: (i) they adopt weaker quorums, which prevents them from providing service in scenarios supported by their bft counterparts, (ii) they rely on the data persistence of trusted components at byzantine replicas, and (iii) they enforce sequential ordering of client requests.To resolve these challenges, we present solutions that facilitate the recovery of trust-bft protocols despite their weak quorums or data persistence dependence. Further, we present the design of lightweight, fast, and flexible protocols (FlexiTrust), which achieve up to 100% more throughput than their trust-bft counterparts.
“…Prior works have illustrated that trusted components can suffer power failures or crash fail, which can wipe out their states [38]. Further, these trusted components can face state rollback attacks [8,43], and the accompanying persistent memory can suffer data loss through malicious attacks [31,55]. If these attacks take place, byzantine replicas can manipulate the ordering of client requests, thereby violating application safety.…”
Section: Observationsmentioning
confidence: 99%
“…Existing trust-bft protocols expect Stateful trusted computations as they require their trusted components to be backed by persistent memory. However, recent works have illustrated that these trusted components and their accompanying memory hardware can face attacks such as power failure or rollbacks [8,31,43,55]. As a result, existing trust-bft protocols are stateless, which endangers safety.…”
Section: Trusted Bft Consensusmentioning
confidence: 99%
“…A simple variation of this attack is where the state of the trusted components are rollbacked to a previous state [8,43]. Further, recent works have illustrated that persistent memory can suffer data loss through malicious attacks [31,55].…”
The growing interest in secure multi-party database applications has led to the widespread adoption of Byzantine Fault-Tolerant (bft) consensus protocols that can handle malicious attacks from byzantine replicas. Existing bft protocols permit byzantine replicas to equivocate their messages. As a result, they need f more replicas than Paxos-style protocols to prevent safety violations due to equivocation. This led to the design of trust-bft protocols, which require each replica to host an independent, trusted component.In this work, we analyze the design of existing trust-bft and make the following observations regarding these protocols: (i) they adopt weaker quorums, which prevents them from providing service in scenarios supported by their bft counterparts, (ii) they rely on the data persistence of trusted components at byzantine replicas, and (iii) they enforce sequential ordering of client requests.To resolve these challenges, we present solutions that facilitate the recovery of trust-bft protocols despite their weak quorums or data persistence dependence. Further, we present the design of lightweight, fast, and flexible protocols (FlexiTrust), which achieve up to 100% more throughput than their trust-bft counterparts.
“…However, CryptKeeper is fragile versus Cold Boot attacks because it stores the encryption key in RAM. A related idea is in Huber et al [26]: the authors suggest to perform encryption of user space processes memory at suspend time, using the same key used for Full Disk Encryption (FDE). Yet another variant of this idea is presented in [25], where the system memory of portable devices, like notebooks and smartphones, is encrypted by means of the "freezer" infrastructure of the Linux kernel.…”
Cryptographic algorithm implementations are vulnerable to Cold Boot attacks, which consist in exploiting the persistence of RAM cells across reboots or power down cycles to read the memory contents and recover precious sensitive data. The principal defensive weapon against Cold Boot attacks is memory encryption. In this work we propose MemShield, a memory encryption framework for user space applications that exploits a GPU to safely store the master key and perform the encryption/decryption operations. We developed a prototype that is completely transparent to existing applications and does not require changes to the OS kernel. We discuss the design, the related works, the implementation, the security analysis, and the performances of MemShield.
“…Other approaches encrypt the RAM of devices [30], [31] or groups of processes during their suspension [32] (suspend to RAM). While those concepts protect suspended devices and processes, they cannot protect secrets in RAM owned by running processes.…”
Attacks on memory, revealing secrets, for example, via DMA or cold boot, are a long known problem. In this paper, we present TransCrypt, a concept for transparent and guestagnostic, dynamic kernel and user main memory encryption using a custom minimal hypervisor. The concept utilizes the address translation features provided by hardware-based virtualization support of modern CPUs to restrict the guest to a small working set of recently accessed physical pages. The rest of the pages, which constitute the majority of memory, remain securely encrypted. Furthermore, we present a transparent and guest-agnostic mechanism for recognizing pages to be excluded from encryption to still ensure correct system functionality, for example, for pages shared with peripheral devices. The detailed evaluation using our fully functional prototype on an ARM Cortex-A15 development board running Android shows that TransCrypt is able to effectively protect secrets in memory while keeping the performance impact small. For example, the system is able to keep the E-mail account password of a typical user in the Android mail app's memory encrypted 98.99% of the time, while still reaching 81.7% and 99.8% of native performance in different benchmarks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.