Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

TRESOR-HUNT: Attacking CPU-Bound Encryption

Hard disk encryption is known to be vulnerable to a number of attacks that aim
to directly extract cryptographic key material from system memory. Several
approaches to preventing this class of attacks have been proposed, including
Tresor and LoopAmnesia. The common goal of these
systems is to confine the encryption key and encryption process itself to the
CPU, such that sensitive key material is never released into system memory where
it could be accessed by a DMA attack.

In this work, we demonstrate that these systems are nevertheless vulnerable to
such DMA attacks. Our attack, which we call TresorHunt, relies on the insight
that DMA-capable adversaries are not restricted to simply reading physical
memory, but can write arbitrary values to memory as well. TresorHunt leverages
this insight to inject a ring 0 attack payload that extracts disk encryption
keys from the CPU into the target system's memory, from which it can be
retrieved using a normal DMA transfer.

Our implementation of this attack demonstrates that it can be constructed in a
reliable and OS-independent manner that is applicable to any CPU-bound
encryption technique, IA32-based system, and DMA-capable peripheral bus.
Furthermore, it does not crash the target system or otherwise significantly
compromise its integrity. Our evaluation supports the OS-independent nature of
the attack, as well as its feasibility in real-world scenarios. Finally, we
discuss several countermeasures that might be adopted to mitigate this attack
and render CPU-bound encryption systems viable.


Erik-Oliver Blass    
Northeastern University
United States

William Robertson    
Northeastern University
United States


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC