Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

CoKey: Fast token-based cooperative cryptography

: Horsch, Julian; Wessel, Sascha; Eckert, Claudia

Volltext urn:nbn:de:0011-n-4349188 (463 KByte PDF)
MD5 Fingerprint: 0ed45c4d1d9cbb57a093c1bec608eb3f
© ACM This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.
Erstellt am: 9.7.2020

Association for Computing Machinery -ACM-:
32nd Annual Conference on Computer Security Applications, ACSAC 2016. Proceedings : Los Angeles, California, December 05 - 08, 2016
New York: ACM, 2016
ISBN: 978-1-4503-4771-6
Annual Conference on Computer Security Applications (ACSAC) <32, 2016, Los Angeles/Calif.>
Konferenzbeitrag, Elektronische Publikation
Fraunhofer AISEC ()
cooperative cryptography; cryptographic token; USB Token; data confidentiality; full disk encryption; USB armory

Keys for symmetric cryptography are usually stored in RAM and therefore susceptible to various attacks, ranging from simple buffer overflows to leaks via cold boot, DMA or side channels. A common approach to mitigate such attacks is to move the keys to an external cryptographic token. For low-throughput applications like asymmetric signature generation, the performance of these tokens is sufficient. For symmetric, data-intensive use cases, like disk encryption on behalf of the host, the connecting interface to the token often is a serious bottleneck. In order to overcome this problem, we present CoKey, a novel concept for partially moving symmetric cryptography out of the host into a trusted detachable token. CoKey combines keys from both entities and securely encrypts initialization vectors on the token which are then used in the cryptographic operations on the host. This forces host and token to cooperate during the whole encryption and decryption process. Our concept strongly and efficiently binds encrypted data on the host to the specific token used for their encryption, while still allowing for fast operation. We implemented the concept using Linux hosts and the USB armory, a USB thumb drive sized ARM computer, as detachable crypto token. Our detailed performance evaluation shows that our prototype is easily fast enough even for data-intensive and performance-critical use cases like full disk encryption, thus effectively improving security for symmetric cryptography in a usable way.