TRESOR

TRESOR (recursive acronym for "TRESOR Runs Encryption Securely Outside RAM") is a Linux kernel patch which provides CPU-only based encryption to defend against cold boot attacks on computer systems by performing encryption outside usual random-access memory (RAM). It is one of two proposed solutions for general-purpose computers (the other uses CPU cache for the same purpose[1]), was developed from its predecessor AESSE, presented at EuroSec 2010 and presented at USENIX Security 2011.[2] The authors state that it allows RAM to be treated as untrusted from a security viewpoint without hindering the system.

A 2012 paper called TRESOR-HUNT showed how a DMA attack can break this system, by injecting code that would invisibly function at ring 0 (the highest privilege level), which would allow it to read the keys and transfer them to usual memory. The paper also proposed ways to mitigate against such attacks.[3]

Motivation

In computer security, a common problem for data security is how an intruder can access encrypted data on a computer. Modern encryption algorithms, correctly implemented and with strong passwords, are often unbreakable with current technology, so emphasis has moved to techniques that bypass this requirement, by exploiting aspects of data security where the encryption can be "broken" with much less effort, or else bypassed completely.

A cold boot attack is one such means by which an intruder can defeat encryption despite system security, if they can gain physical access to the running machine. It is premised on the physical properties of the circuitry within memory devices that are commonly used in computers. The concept is that when a computer system has encrypted data open, the encryption keys themselves used to read or write that data are usually stored on a temporary basis in physical memory, in a plain readable form. (Holding these keys in "plain" form during use is hard or impossible to avoid with usual systems since the system itself must be able to access the data when instructed by the authorized user). Usually this is no benefit to an unauthorised intruder, because they cannot access or use those keys—for example due to security built into the software or system. However if the memory devices can be accessed outside the running system without loss of contents, for example by quickly restarting the computer or removing the devices to a different device, then the current contents—including any encryption keys in use—can be plainly read and used. This can be important if the system cannot be used to view, copy or access that data—for example the system is locked, or may have booby traps or other intrusion controls, or is needed in a guaranteed untouched form for forensic or evidentiary purposes.

Since this is a physical property of the hardware itself, and based on physical properties of memory devices, it cannot be defeated easily by pure software techniques, since all software running in memory at the point of intervention becomes accessible. As a result any encryption software whose keys could be accessed this way is vulnerable to such attacks. Usually a cold boot attack involves cooling memory chips or quickly restarting the computer, and exploiting the fact that data is not immediately lost (or not lost if power is very quickly restored) and the data that was held at the point of intervention will be left accessible to examination.

Cold boot attacks can therefore be a means of unauthorized data theft, loss or access. Such attacks can be nullified if the encryption keys are not accessible at a hardware level to an intruder–i.e., the devices in which the keys are stored when in use are not amenable to cold boot attacks–but this is not the usual case.

TRESOR's approach

TRESOR is a software approach that seeks to resolve this insecurity by storing and manipulating encryption keys almost exclusively on the CPU alone, and in registers accessible at ring 0 (the highest privilege level) only—the exception being the brief period of initial calculation at the start of a session. This ensures that encryption keys are almost never available via userland or following a cold boot attack. TRESOR is written as a kernel patch that stores encryption keys in the x86 debug registers, and uses on-the-fly round key generation, atomicity, and blocking of usual ptrace access to the debug registers for security.

TRESOR was foreshadowed by a 2010 thesis by Tilo Muller which analyzed the cold boot attack issue. He concluded that modern x86 processors had two register areas where CPU-based kernel encryption was realistic: the SSE registers which could in effect be made privileged by disabling all SSE instructions (and necessarily, any programs relying on them), and the debug registers which were much smaller but had no such issues. He left the latter for others to examine, and developed a proof of concept distribution called paranoix based on the SSE register method.[4]

Its developers state that "running TRESOR on a 64-bit CPU that supports AES-NI, there is no performance penalty compared to a generic implementation of AES",[5] and run slightly faster than standard encryption despite the need for key recalculation, a result which initially surprised the authors as well.[2]

Potential vulnerabilities

The authors' paper notes the following:

See also

References and notes

  1. The other has been called frozen cache; the two are similar in using CPU based encryption key storage, but differs in that frozen cache uses CPU cache for the purpose (sometimes called "cache as RAM") rather than CPU registers: FrozenCache – Mitigating cold-boot attacks for Full-Disk-Encryption software, presented by Erik Tews at the 27th Chaos Communication , December 2010
  2. 2.0 2.1 Müller, Tilo; Freiling, Felix C.; Dewald, Andreas (2011). "TRESOR Runs Encryption Securely Outside RAM". Preprint.
  3. 3.0 3.1 https://www.acsac.org/2012/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=237&type=4&OPENCONF=8leugbu5he7redddl4p30uj4o0
  4. Cold-Boot Resistant Implementation of AES in the Linux Kernel, Tilo Müller, May 2010 (Thesis)
  5. TRESOR home page
  6. The authors cite Intel: Shay Gueron, Intel Advanced Encryption Standard (AES) Instruction Set White Paper, Rev. 3.0: "Beyond improving performance, the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES."

External links