Title :
Cryptkeeper: Improving security with encrypted RAM
Author :
Peterson, Peter A H
Author_Institution :
Univ. of California, Los Angeles, CA, USA
Abstract :
Random Access Memory (RAM) was recently shown to be vulnerable to physical attacks exposing the totality of memory, including user data and encryption keys. We present Cryptkeeper, a novel software-encrypted virtual memory manager that mitigates data exposure when used with a secure key-hiding mechanism. Cryptkeeper significantly reduces the amount of cleartext data in memory by dividing RAM into a smaller, cleartext working set and a larger, encrypted area. This extends the standard memory model and provides encrypted swap as a side effect. Despite a 9x slowdown in pathological cases, target applications such as Firefox are only 9% slower with our Linux-based prototype. We also identify several optimizations which can significantly improve performance. Cryptkeeper enables the expression of new security policies for memory, and demonstrates that modern personal computers can perform heavy-duty work on behalf of operating systems with surprisingly low overhead.
Keywords :
Linux; cryptography; data encapsulation; microcomputers; optimisation; random-access storage; virtual storage; Cryptkeeper; Firefox; Linux based prototype; cleartext data; data exposure; encrypted RAM; encrypted swap; encryption key; heavy duty work; operating system; pathological case; personal computer; physical attack; random access memory; secure key hiding mechanism; security policy; software encrypted virtual memory manager; standard memory model; target application; Encryption; Fires; Kernel; Linux; Random access memory; Resource management; Data security; Memory management; Operating systems;
Conference_Titel :
Technologies for Homeland Security (HST), 2010 IEEE International Conference on
Conference_Location :
Waltham, MA
Print_ISBN :
978-1-4244-6047-2
DOI :
10.1109/THS.2010.5655081
