TRESOR is a kernel patch which provides CPU-only based encryption to defend against cold boot attacks on computer systems by performing encryption outside usual RAM. It was developed from its predecessor AESSE, presented at EuroSec 2010 and presented at USENIX Security 2011.[1] The authors state that it allows RAM to be treated as untrusted from a security viewpoint without hindering the system.
Contents |
In computer security, a cold boot attack is a means of defeating data encryption on a running system. It relies on data persistence, namely the fact that software encryption keys are plainly held in RAM and the contents of RAM can be made readable by a third party with physical access by cooling the memory chips or quickly restarting the computer. Since cold boot attacks are based on physical properties of memory devices, they cannot be defeated easily by pure software techniques, since all software running in memory at the point of intervention becomes accessible.
TRESOR is a system that stores and manipulates encryption keys almost exclusively on the CPU alone, and in registers accessible at ring 0 (the highest privilege level) only - the exception being the brief period of initial calculation at the start of a session. This ensures that encryption keys are almost never available via userland or following a cold boot attack. TRESOR is written as a kernel patch that stores encryption keys in the x86 debug registers, and uses on-the-fly round key generation, atomicity, and blocking of usual ptrace access to the debug registers for security.
Its developers state that "running TRESOR on a 64-bit CPU that supports AES-NI, there is no performance penalty compared to a generic implementation of AES",[2] and run slightly faster than standard encryption despite the need for key recalculation, a result which initially surprised the authors as well.[1]
The authors' paper notes the following: