Zhao, Lianying and Mannan, Mohammad (2016) Hypnoguard: Protecting Secrets across Sleep-wake Cycles. In: ACM Conference on Computer and Communications Security (CCS), October 24-28, 2016, Vienna, Austria.
Text (Extended version) (application/pdf)561kB
hypnoguard-techreport.pdf - Accepted Version
Available under License Spectrum Terms of Access.
Attackers can get physical control of a computer in sleep (S3/suspend-to-RAM), if it is lost, stolen, or the owner is being coerced. High-value memory-resident secrets, including disk encryption keys, and private signature/encryption keys for PGP, may be extracted (e.g., via cold-boot or DMA attacks), by physically accessing such a computer. Our goal is to alleviate threats of extracting secrets from a computer in sleep, without relying on an Internet-facing service.
We propose Hypnoguard to protect all memory-resident OS/user data across S3 suspensions, by first performing an in-place full memory encryption before entering sleep, and then restoring the plaintext content at wakeup-time through an environment-bound, password-based authentication pro- cess. The memory encryption key is effectively “sealed” in a Trusted Platform Module (TPM) chip with the measurement of the execution environment supported by CPU’s trusted execution mode (e.g., Intel TXT, AMD-V/SVM). Password guessing within Hypnoguard may cause the memory content to be permanently inaccessible, while guessing without Hypnoguard is equivalent to brute-forcing a high- entropy key (due to TPM protection). We achieved full memory encryption/decryption in less than a second on a mainstream computer (Intel i7-4771 CPU with 8GB RAM, taking advantage of multi-core processing and AES-NI), an apparently acceptable delay for sleep-wake transitions. To the best of our knowledge, Hypnoguard provides the first wakeup-time secure environment for authentication and key unlocking, without requiring per-application changes.
|Divisions:||Concordia University > Faculty of Engineering and Computer Science > Concordia Institute for Information Systems Engineering|
|Item Type:||Conference or Workshop Item (Paper)|
|Authors:||Zhao, Lianying and Mannan, Mohammad|
|Date:||11 August 2016|
|Deposited By:||MOHAMMAD MANNAN|
|Deposited On:||11 Aug 2016 17:30|
|Last Modified:||05 Nov 2016 08:23|
Repository Staff Only: item control page