Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Freeze & crypt: Linux kernel support for main memory encryption

 
: Huber, M.; Horsch, J.; Ali, J.; Wessel, S.

:

Samarati, P. ; Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
ICETE 2017, 14th International Joint Conference on e-Business and Telecommunications. Proceedings. Vol.4: SECRYPT : Madrid, Spain, July 24-26, 2017
SciTePress, 2017
ISBN: 978-989-758-259-2
S.17-30
International Joint Conference on e-Business and Telecommunications (ICETE) <14, 2017, Madrid>
International Conference on Security and Cryptography (SECRYPT) <14, 2017, Madrid>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
We present Freeze & Crypt, a framework for RAM encryption. Our goal is to protect the sensitive data the processes keep in RAM against memory attacks, such as coldboot, DMA, or JTAG attacks. This goal is of special significance when it comes to protect unattended or stolen devices, such as smartphones, tablets and laptops, against physical attackers. Freeze & Crypt makes use of the kernel's freezer, which allows freezing a group of processes by holding them firm in the so-called refrigerator. Inside, frozen processes inescapably rest at a point in kernel space where they cannot access their memory from user space. We extend the freezer to make arbitrary process groups transparently and dynamically encrypt their full memory space with a key only present during en-and decryption. When thawing a process group, each process decrypts its memory space, leaves the refrigerator and resumes normal execution. We develop a prototype and deploy it onto productively used mobile devices running Android containers. With this application scenario, we show how our mechanism protects the sensitive data in RAM against physical attackers when a container or device is not in active use.

: http://publica.fraunhofer.de/dokumente/N-470760.html