Login | Register

Hypnoguard: Protecting Secrets across Sleep-wake Cycles


Hypnoguard: Protecting Secrets across Sleep-wake Cycles

Zhao, Lianying and Mannan, Mohammad (2016) Hypnoguard: Protecting Secrets across Sleep-wake Cycles. In: ACM Conference on Computer and Communications Security (CCS), October 24-28, 2016, Vienna, Austria.

[thumbnail of Extended version]
Text (Extended version) (application/pdf)
hypnoguard-techreport.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Attackers can get physical control of a computer in sleep (S3/suspend-to-RAM), if it is lost, stolen, or the owner is being coerced. High-value memory-resident secrets, including disk encryption keys, and private signature/encryption keys for PGP, may be extracted (e.g., via cold-boot or DMA attacks), by physically accessing such a computer. Our goal is to alleviate threats of extracting secrets from a computer in sleep, without relying on an Internet-facing service.

We propose Hypnoguard to protect all memory-resident OS/user data across S3 suspensions, by first performing an in-place full memory encryption before entering sleep, and then restoring the plaintext content at wakeup-time through an environment-bound, password-based authentication pro- cess. The memory encryption key is effectively “sealed” in a Trusted Platform Module (TPM) chip with the measurement of the execution environment supported by CPU’s trusted execution mode (e.g., Intel TXT, AMD-V/SVM). Password guessing within Hypnoguard may cause the memory content to be permanently inaccessible, while guessing without Hypnoguard is equivalent to brute-forcing a high- entropy key (due to TPM protection). We achieved full memory encryption/decryption in less than a second on a mainstream computer (Intel i7-4771 CPU with 8GB RAM, taking advantage of multi-core processing and AES-NI), an apparently acceptable delay for sleep-wake transitions. To the best of our knowledge, Hypnoguard provides the first wakeup-time secure environment for authentication and key unlocking, without requiring per-application changes.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Conference or Workshop Item (Paper)
Authors:Zhao, Lianying and Mannan, Mohammad
Date:11 August 2016
  • NSERC Discovery Grant
ID Code:981477
Deposited By: Mohammad Mannan
Deposited On:11 Aug 2016 17:30
Last Modified:18 Jan 2018 17:53
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top