Authors:
Manuel Huber
;
Julian Horsch
;
Junaid Ali
and
Sascha Wessel
Affiliation:
Fraunhofer AISEC, Germany
Keyword(s):
Memory Encryption, Mobile Device Security, Data Confidentiality, Operating Systems Security
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Data Protection
;
Information and Systems Security
;
Information Assurance
;
Information Hiding
;
Privacy Enhancing Technologies
;
Security and Privacy in Mobile Systems
Abstract:
We present Freeze & Crypt, a framework for RAM encryption. Our goal is to protect the sensitive data the
processes keep in RAM against memory attacks, such as coldboot, DMA, or JTAG attacks. This goal is of
special significance when it comes to protect unattended or stolen devices, such as smartphones, tablets and
laptops, against physical attackers. Freeze & Crypt makes use of the kernel’s freezer, which allows freezing a
group of processes by holding them firm in the so-called refrigerator. Inside, frozen processes inescapably rest
at a point in kernel space where they cannot access their memory from user space. We extend the freezer to
make arbitrary process groups transparently and dynamically encrypt their full memory space with a key only
present during en- and decryption. When thawing a process group, each process decrypts its memory space,
leaves the refrigerator and resumes normal execution. We develop a prototype and deploy it onto productively
used mobile devices
running Android containers. With this application scenario, we show how our mechanism
protects the sensitive data in RAM against physical attackers when a container or device is not in active use.
(More)