.   +---------------------+      
+---|---------------------|-------.    .---_||||||_-----------------.   
|:--|-----\\\\\//////-----|--. o   ----                          (\)| 
|#|||------         ------|--.||      [  Peter A. H. Peterson       | 
|-::|-----|.-,   ,-.|-----|===========[  Assistant Professor of CS  |  
|o+o|----(| @ |   @ |)----|:::::::::::[  329 Heller Hall            | 
||o||-----#  '-'    #-----|:::::::::::[  1114 Kirby Drive           | 
|||||------\"==="  /------|===========[  Duluth, MN 55812           | 
|||||-------`-----'|------| | o       [  pahp@d.umn.edu             | 
||/ |.----/'\'-----'/\---.|-+-'       [  pedro@tastytronic.net_  (/)|   
||^_|     '''|     |''    |-----'''----||||-||||||||||-||||||||||.  |  
||| +---------------------+-----------'                          | :| 
|:|                                                              |:.|
| '------------.  [back to research]                             |.:|
| home         |                                                 |:.| 
'------------. |  Cryptkeeper                                    |.:|
.------------' |                                                 |:.|      
| cv           |  The security world was fascinated in 2008 by   |.:|      
| .------------'  the "Cold Boot Attacks" as published by J. A.  |:.|      
| '------------.  Halderman, et al. In this paper, keys for      |.:|      
| research     |  full disk encryption (FDE) were recovered by   |:.|      
'------------. |  chilling live RAM (using "compressed air" or   |.:|      
.------------' |  liquid Nitrogen) and moving it to a specially  |:.|      
| interests    |  prepared platform. This system was able to     |.:|      
| .------------'  identify and reconstruct keys using redundant  |:.|      
| '------------.  key schedule information left in "volatile     |.:|      
| blog         |  memory." Obviously, RAM also contains          |:.|      
'------------. |  gigabytes of other potentially-sensitive       |.:|      
.------------' |  information in cleartext form, which           |:.|      
| reading      |  represents a security risk to users, even if   |.:|      
| .------------'  FDE keys are unrecoverable in a physical       |:.|      
| '------------.  attack.                                        |.:|      
| quotes       |                                                 |:.|      
'------------. |  We developed a working prototype of            |.:|      
.------------' |  Cryptkeeper, an encrypted virtual memory       |:.|      
| contact      |  manager [paper]. Cryptkeeper extends the       |.:|      
|              |  ideas of FDE and the hierarchical memory       |:.|      
|''''''''''''''|  model to virtual memory, inserting an          |.:|      
| 001010101101 |  encrypted memory layer in between RAM and the  |:.|      
| 011011011001 |  disk. This layer is composed of the majority   |.:|      
| 010011011011 |  of physical RAM, although these pages are      |:.|      
| 110011010111 |  stored encrypted and protected so that         |.:|      
| 100100001100 |  accesses to them are passed through a special  |:.|      
| 101001100111 |  page fault handler. This handler restores the  |.:|      
| 001101100101 |  decrypted text to the "cleartext RAM,"         |:.|      
| 001111000000 |  evicting pages into the encrypted memory as    |.:|      
| 001010101101 |  necessary. In doing this, Cryptkeeper trades   |:.|      
| 011011011001 |  a performance hit for stronger protections on  |.:|      
| 010011011011 |  the majority of RAM.                           |:.|      
| 110011010111 |                                                 |.:|      
| 100100001100 |  Cryptkeeper achieves reasonable performance    |:.|      
| 101001100111 |  because data can be encrypted and decrypted    |.:|      
| 001101100101 |  on the fly faster than it can be read or       |:.|      
| 001111000000 |  written to disk. This is particularly true     |.:|      
| 001010101101 |  for SMP systems, since many cryptographic      |:.|      
| 011011011001 |  operations can be easily parallelized. While   |.:|      
| 010011011011 |  encrypting and decrypting over two-thirds of   |:.|      
| 110011010111 |  RAM on the fly, our prototype experiences      |.:|      
| 100100001100 |  only a 9% degradation in runtime versus a      |:.|      
| 101001100111 |  system without Cryptkeeper. We also described  |.:|      
| 001101100101 |  many potential performance optimizations and   |:.|      
| 001111000000 |  enhancements that we did not have time to      |.:|      
| 001010101101 |  implement. For example, Cryptkeeper could      |:.|      
| 011011011001 |  easily track  crypt/clear memory quotas on a   |.:|      
| 010011011011 |  per-process basis, rather than a system-wide   |:.|      
| 110011010111 |  basis. This would result in degradation only   |.:|      
| 100100001100 |  for processes that specifically required       |:.|      
| 101001100111 |  extra protection.                              |.:|      
| 001101100101 |                                                 |:.|      
| 001111000000 |  Like software-based FDE, Cryptkeeper requires  |.:|      
| 001010101101 |  a secure key store in order for its encrypted  |:.|      
| 011011011001 |  data to be truly secure. While we did not      |.:|      
| 010011011011 |  implement such a store, we describe how one    |:.|      
| 110011010111 |  could be created using TPM or other custom     |.:|      
| 100100001100 |  hardware.                                      |:.|      
| 101001100111 |                                                 |.:|      
| 001101100101 |  [back to research]                             |:.|      
| 001111000000 |                                                 |.:|      
|'''''''''''''''-------------------------------------------------'::'. 
|::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| 
`=======---------.______.-------:::::::-:------------------------. ? | 
                                                                  ---'