Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

FridgeLock: Preventing Data Theft on Suspended Linux with Usable Memory Encryption

: Franzen, F.; Andreas, M.; Huber, M.


Roussev, V. ; Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Security, Audit and Control -SIGSAC-:
CODASPY 2020, Tenth ACM Conference on Data and Application Security and Privacy. Proceedings : March 16-18, 2020, New Orleans, LA, USA
New York: ACM, 2020
ISBN: 978-1-4503-7107-0
Conference on Data and Application Security and Privacy (CODASPY) <10, 2020, New Orleans/La.>
Fraunhofer AISEC ()

To secure mobile devices, such as laptops and smartphones, against unauthorized physical data access, employing Full Disk Encryption (FDE) is a popular defense. This technique is effective if the device is always shut down when unattended. However, devices are often suspended instead of switched off. This leaves confidential data such as the FDE key, passphrases and user data in RAM which may be read out using cold boot, JTAG or DMA attacks. These attacks can be mitigated by encrypting the main memory during suspend. While this approach seems promising, it is not implemented on Windows or Linux. We present FridgeLock to add memory encryption on suspend to Linux. Our implementation as a Linux Kernel Module (LKM) does not require an admin to recompile the kernel. Using Dynamic Kernel Module Support (DKMS) allows for easy and fast deployment on existing Linux systems, where the distribution provides a prepackaged kernel and kernel updates. We tested our module on a range o f 4.19 to 5.3 kernels and experienced a low performance impact, sustaining the system's usability. We hope that our tool leads to a more detailed evaluation of memory encryption in real world usage scenarios.