{"title":"PRIME:用于无内存加密的私有RSA基础设施","authors":"Behrad Garmany, Tilo Müller","doi":"10.1145/2523649.2523656","DOIUrl":null,"url":null,"abstract":"Cold boot attacks exploit the fact that data in RAM gradually fades away over time, rather than being lost immediately when power is cycled off. An attacker can gain access to all memory contents by a restart or short power-down of the system, a so called cold boot. Consequently, sensitive data in RAM like cryptographic keys are exposed to attackers with physical access. Research in recent years found software-based solutions to the cold boot problem in terms of CPU-bound or memory-less encryption. To date, however, the focus has been set on symmetric ciphers, particularly concerning disk encryption systems. Contrary to that, the work in hand aims to close the gap to asymmetric ciphers. With PRIME, we present a cold boot resistant infrastructure for private RSA operations. All private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers. The modular exponentiation algorithm for RSA is implemented entirely on the CPU, such that no sensitive state of RSA ever goes to RAM.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"271 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":"{\"title\":\"PRIME: private RSA infrastructure for memory-less encryption\",\"authors\":\"Behrad Garmany, Tilo Müller\",\"doi\":\"10.1145/2523649.2523656\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cold boot attacks exploit the fact that data in RAM gradually fades away over time, rather than being lost immediately when power is cycled off. An attacker can gain access to all memory contents by a restart or short power-down of the system, a so called cold boot. Consequently, sensitive data in RAM like cryptographic keys are exposed to attackers with physical access. Research in recent years found software-based solutions to the cold boot problem in terms of CPU-bound or memory-less encryption. To date, however, the focus has been set on symmetric ciphers, particularly concerning disk encryption systems. Contrary to that, the work in hand aims to close the gap to asymmetric ciphers. With PRIME, we present a cold boot resistant infrastructure for private RSA operations. All private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers. The modular exponentiation algorithm for RSA is implemented entirely on the CPU, such that no sensitive state of RSA ever goes to RAM.\",\"PeriodicalId\":127404,\"journal\":{\"name\":\"Proceedings of the 29th Annual Computer Security Applications Conference\",\"volume\":\"271 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"42\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 29th Annual Computer Security Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2523649.2523656\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 29th Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2523649.2523656","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
PRIME: private RSA infrastructure for memory-less encryption
Cold boot attacks exploit the fact that data in RAM gradually fades away over time, rather than being lost immediately when power is cycled off. An attacker can gain access to all memory contents by a restart or short power-down of the system, a so called cold boot. Consequently, sensitive data in RAM like cryptographic keys are exposed to attackers with physical access. Research in recent years found software-based solutions to the cold boot problem in terms of CPU-bound or memory-less encryption. To date, however, the focus has been set on symmetric ciphers, particularly concerning disk encryption systems. Contrary to that, the work in hand aims to close the gap to asymmetric ciphers. With PRIME, we present a cold boot resistant infrastructure for private RSA operations. All private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers. The modular exponentiation algorithm for RSA is implemented entirely on the CPU, such that no sensitive state of RSA ever goes to RAM.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
