TRESOR Runs Encryption Securely Outside RAM
TRESOR is a secure implementation of AES which is resistant against cold boot attacks. The basic idea behind this implementation is to store the secret key inside CPU registers rather than in RAM. All computations take place only on registers, no AES state is ever going to RAM. In particular, the x86 debug registers are misused as secure key storage. Running TRESOR on a 64-bit CPU that supports AES-NI, there is only little performance penalty compared to a generic implementation of AES. The supported key sizes are 128, 192 and 256 bits (full AES).
Further development from 3rd parties:
[support for keydevices] (by Matt Corallo)
[tresor_sysfs.c] (userland prompt to write tresor keys securely via sysfs)
[tresor_cobra.tar.gz] (cold boot attack on the tresor key registers)
[tresor_picklock.tar.gz] (kernel module based attack on the tresor key)
Alternative: A similar project to TRESOR is Loop-Amnesia (AES-128 for 64-bit CPUs without AES-NI support).
TreVisor - The TRESOR Hypervisor
TreVisor adds the encryption facilities of TRESOR to BitVisor, i. e., we move TRESOR one layer below the operating system into the hypervisor such that secure disk encryption runs transparently for the guest OS.
BitVisor-1.2 patch: [http://www1.cs.fau.de/filepool/projects/trevisor/trevisor-1.2-patch]
BitVisor-1.3 patch: [http://www1.cs.fau.de/filepool/projects/trevisor/trevisor-1.3-patch]
(The original publication is available at Springer.)
ARMORED - CPU-bound Encryption for Android-driven ARM Devices
As recently shown by attacks against Android-driven smartphones, ARM devices are vulnerable to cold boot attacks. At the end of 2012, the data recovery tool FROST was released which exploits the remanence effect of RAM to recover user data from a smartphone, at worst its disk encryption key. Disk encryption is supported in Android since version 4.0 and is today available on many smartphones. With ARMORED, we demonstrate that Android’s disk encryption feature can be improved to withstand cold boot attacks by performing AES entirely without RAM on ARM CPUs.
(The research paper is published at the 8th ARES conference.)