Disk encryption has become an important security measure for a multitude ofclients, including governments, corporations, activists, security-consciousprofessionals, and privacy-conscious individuals. Unfortunately, recentresearch has discovered an effective side channel attack against any diskmounted by a running machine\cite{princetonattack}. This attack, known as thecold boot attack, is effective against any mounted volume usingstate-of-the-art disk encryption, is relatively simple to perform for anattacker with even rudimentary technical knowledge and training, and isapplicable to exactly the scenario against which disk encryption is primarilysupposed to defend: an adversary with physical access. To our knowledge, noeffective software-based countermeasure to this attack supporting multipleencryption keys has yet been articulated in the literature. Moreover, since noproposed solution has been implemented in publicly available software, allgeneral-purpose machines using disk encryption remain vulnerable. We presentLoop-Amnesia, a kernel-based disk encryption mechanism implementing a noveltechnique to eliminate vulnerability to the cold boot attack. We offertheoretical justification of Loop-Amnesia's invulnerability to the attack,verify that our implementation is not vulnerable in practice, and presentmeasurements showing our impact on I/O accesses to the encrypted disk islimited to a slowdown of approximately 2x. Loop-Amnesia is written for x86-64,but our technique is applicable to other register-based architectures. We baseour work on loop-AES, a state-of-the-art open source disk encryption packagefor Linux.
展开▼
