Advertisement

CryptMe: Data Leakage Prevention for Unmodified Programs on ARM Devices

  • Chen CaoEmail author
  • Le Guan
  • Ning Zhang
  • Neng Gao
  • Jingqiang Lin
  • Bo Luo
  • Peng Liu
  • Ji Xiang
  • Wenjing Lou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11050)

Abstract

Sensitive data (e.g., passwords, health data and private videos) can be leaked due to many reasons, including (1) the misuse of legitimate operating system (OS) functions such as core dump, swap and hibernation, and (2) physical attacks to the DRAM chip such as cold-boot attacks and DMA attacks. While existing software-based memory encryption is effective in defeating physical attacks, none of them can prevent a legitimate OS function from accidentally leaking sensitive data in the memory. This paper introduces CryptMe that integrates memory encryption and ARM TrustZone-based memory access controls to protect sensitive data against both attacks. CryptMe essentially extends the Linux kernel with the ability to accommodate the execution of unmodified programs in an isolated execution domain (to defeat OS function misuse), and at the same time transparently encrypt sensitive data appeared in the DRAM chip (to defeat physical attacks). We have conducted extensive experiments on our prototype implementation. The evaluation results show the efficiency and added security of our design.

Notes

Acknowledgement

We thank the anonymous reviewers for their valuable comments. This work was supported by NSF CNS-1422594, NSF CNS-1505664, NSF SBE-1422215, and ARO W911NF-13-1-0421 (MURI). Neng Gao and Ji Xiang were partially supported by NSFC (No. U163620068). Jingqiang Lin was partially supported by NSFC (No. 61772518).

References

  1. 1.
    Apache Software Foundation: Apache HTTP server benchmarking tool (2017). http://httpd.apache.org/docs/2.4/programs/ab.html
  2. 2.
    ARM Holdings: mbed TLS (2017). https://tls.mbed.org/
  3. 3.
    ARM Ltd.: Arm cortex-a57 mpcore processor technical reference manual (2013)Google Scholar
  4. 4.
    Azab, A.M., et al.: Hypervision across worlds: real-time kernel protection from the arm trustzone secure world. In: ACM CCS (2014)Google Scholar
  5. 5.
    Becher, M., Dornseif, M., Klein, C.: Firewire: all your memory are belong to us. In: 6th Annual CanSecWest Conference (2005)Google Scholar
  6. 6.
    Chan, E.M., Carlyle, J.C., David, F.M., Farivar, R., Campbell, R.H.: Bootjacker: compromising computers using forced restarts. In: 15th ACM CCS. ACM (2008)Google Scholar
  7. 7.
    Chow, J., et al.: Understanding data lifetime via whole system simulation. In: USENIX SEC (2004)Google Scholar
  8. 8.
    Colp, P., et al.: Protecting data on smartphones and tablets from memory attacks. In: ASPLOS 2015. ACM (2015)Google Scholar
  9. 9.
    CVE Details: The Ultimate Security Vulnerability Datasource (2018). https://www.cvedetails.com/vendor/33/Linux.html. Accessed 29 Mar 2018
  10. 10.
    FuturePlus System: DDR2 800 bus analysis probe (2006). http://www.futureplus.com/download/datasheet/fs2334_ds.pdf
  11. 11.
    Garcia-Morchon, O., Kumar, S., Struik, R., Keoh, S., Hummen, R.: Security considerations in the IP-based internet of things (2013)Google Scholar
  12. 12.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M.: Data lifetime is a systems problem. In: 11th ACM SIGOPS European Workshop (2004)Google Scholar
  13. 13.
    Götzfried, J., Müller, T., Drescher, G., Nürnberger, S., Backes, M.: RamCrypt: kernel-based address space encryption for user-mode processes. In: 11th ACM Asia CCS. ACM (2016)Google Scholar
  14. 14.
    Götzfried, J., et al.: Hypercrypt: hypervisor-based encryption of kernel and user space. In: ARES 2016 (2016)Google Scholar
  15. 15.
    Guan, L., et al.: Trustshadow: secure execution of unmodified applications with arm trustzone. In: ACM MobiSys (2017)Google Scholar
  16. 16.
    Halderman, J.A., et al.: Lest we remember: cold boot attacks on encryption keys. In: USENIX SEC (2008)Google Scholar
  17. 17.
    Harrison, K., Xu, S.: Protecting cryptographic keys from memory disclosure attacks. In: IEEE/IFIP DSN (2007)Google Scholar
  18. 18.
    Henson, M., Taylor, S.: Beyond full disk encryption: protection on security-enhanced commodity processors. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 307–321. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38980-1_19CrossRefGoogle Scholar
  19. 19.
    Henson, M., Taylor, S.: Memory encryption: a survey of existing techniques. ACM CSUR (2014)Google Scholar
  20. 20.
    Jang, J., Kong, S., Kim, M., Kim, D., Kang, B.B.: Secret: secure channel between rich execution environment and trusted execution environment. In: NDSS 2015 (2015)Google Scholar
  21. 21.
    Kleissner, P.: Hibernation file attack (2010)Google Scholar
  22. 22.
    Kolontsov, V.: Solaris (and others) ftpd core dump bug (1996). http://insecure.org/sploits/ftpd.pasv.html
  23. 23.
    Li, W., Li, H., Chen, H., Xia, Y.: Adattester: secure online mobile advertisement attestation using trustzone. In: ACM MobiSys (2015)Google Scholar
  24. 24.
    Lie, D.: Architectural support for copy and tamper resistant software. ACM SIGPLAN Not. 35, 168–177 (2000)CrossRefGoogle Scholar
  25. 25.
    McVoy, L., Staelin, C.: Lmbench: portable tools for performance analysis. In: USENIX ATC (1996)Google Scholar
  26. 26.
    Müller, T., Spreitzenbarth, M., Freiling, F.: FROST: forensic recovery of scrambled telephones. In: 11th ACNS (2013)Google Scholar
  27. 27.
    National Vulnerability Database: CVE-2011-2707 (2011). http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2707
  28. 28.
    National Vulnerability Database: CVE-2005-1264 (2015). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1264
  29. 29.
    Peterson, P.A.: Cryptkeeper: improving security with encrypted RAM. In: IEEE HST (2010)Google Scholar
  30. 30.
    Provos, N.: Encrypting virtual memory. In: USENIX SEC (2000)Google Scholar
  31. 31.
    Reese, W.: Nginx: the high-performance web server and reverse proxy (2008). https://nginx.org/
  32. 32.
    Santos, N., Raj, H., Saroiu, S., Wolman, A.: Using ARM trustzone to build a trusted language runtime for mobile applications. In: ASPLOS 2014. ACM (2014)Google Scholar
  33. 33.
    Stewin, P., Bystrov, I.: Understanding DMA malware. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 21–41. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-37300-8_2CrossRefGoogle Scholar
  34. 34.
    Suiche, M.: Windows hibernation file for fun ‘n’ profit. Black-Hat (2008)Google Scholar
  35. 35.
    Wilson, P., et al.: Implementing embedded security on dual-virtual-CPU systems. IEEE Des. Test Comput. (2007)Google Scholar
  36. 36.
    Zhang, N., Sun, K., Lou, W., Hou, Y.T.: Case: cache-assisted secure execution on arm processors. In: IEEE S&P (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Chen Cao
    • 1
    Email author
  • Le Guan
    • 1
  • Ning Zhang
    • 2
  • Neng Gao
    • 3
  • Jingqiang Lin
    • 3
  • Bo Luo
    • 4
  • Peng Liu
    • 1
  • Ji Xiang
    • 3
  • Wenjing Lou
    • 2
  1. 1.The Pennsylvania State UniversityUniversity ParkUSA
  2. 2.Virginia Polytechnic Institute and State UniversityBlacksburgUSA
  3. 3.Institute of Information EngineeringCASBeijingChina
  4. 4.The University of KansasKansas CityUSA

Personalised recommendations