AESSE: a cold-boot resistant implementation of AES. Cold boot attacks exploit the fact that memory contents fade with time and that most of them can be retrieved after a short power-down (reboot). These attacks aim at retrieving encryption keys from memory to thwart disk drive encryption. We present a method to implement disk drive encryption that is resistant to cold boot attacks. More specifically, we implemented AES and integrated it into the Linux kernel in such a way that neither the secret key nor any parts of it leave the processor. To achieve this, we used the SSE (streaming SIMD extensions) available in modern Intel processors in a non-standard way. We show that the performance penalty is acceptable and present a brief security analysis of the system.
References in zbMATH (referenced in 1 article )
Showing result 1 of 1.
- Santucci, Pierpaolo; Ingrassia, Emiliano; Picierro, Giulio; Cesati, Marco: MemShield: GPU-assisted software memory encryption (2020)