Top

Cluster Computing

Published in:

11-01-2017

Cryptographic key protection against FROST for mobile devices

Authors: Xiaosong Zhang, Yu-an Tan, Yuan Xue, Quanxin Zhang, Yuanzhang Li, Can Zhang, Jun Zheng

Published in: Cluster Computing | Issue 3/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With the flourish of applications based on the internet of things and cloud computing, privacy issues have been attracting a lot of attentions. Although the increasing use of full disk encryption (FDE) significantly hamper privacy leakage and digital forensics, cold boot attacks have thwarted FDE since forensic recovery of scrambled telephones (FROST), a forensic tool, is proposed. The cryptographic keys which are stored in the mobile devices are inclined to be obtained by FROST. Recent research results have shown CPU-bound encryption methods to resist FROST. However, these methods performs AES encryption solely on CPU registers, whose advantage comes at the cost of encryption speed. This paper, therefore, presents a cryptographic key protection scheme for android devices which prevents FROST from acquiring the key of AES by changing storage location of the key in memory. The storage location of the key is switched to the fixed position where command line parameters will be stored when android boots. Therefore, the key will be covered by command line parameters while the system reboots, which negates FROST from obtaining the key. Compared with the popular CPU-bound encryption methods, our method has less impact on encryption efficiency and employs no additional storage resources.

previous article New directly revocable attribute-based encryption scheme and its application in cloud storage environment

next article Identifying opinion leaders in social networks with topic limitation

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Gupta, B.B., Agrawal, D.P., Yamaguchi, S.: Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security. IGI Global, Hershey (2016)CrossRef

Xu, M., Song, C., Ji, Y., Shih, M.-W., Lu, K., Zheng, C., Duan, R., Jang, Y., Lee, B., Qian, C., et al.: Toward engineering a secure android ecosystem: a survey of existing techniques. ACM Comput. Surv. (CSUR) 49(2), 38 (2016)CrossRef

Sufatrio, Darell, J.J., Chua, T.-W., Thing, V.L.L.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. 47(4), 1–45 (2015)CrossRef

Rastogi, S., Bhushan, K., Gupta, B.B.: Android applications repackaging detection techniques for smartphone devices. Proced. Comput. Sci. 78, 26–32 (2016)CrossRef

Sharma, K., Gupta, B.B.: Multi-layer defense against malware attacks on smartphone wi-fi access channel. Proced. Comput. Sci. 78, 19–25 (2016)

Zhu, R., Tan, Y., Zhang, Q., Wu, F., Zheng, J., Xue, Y.: Determining image base of firmware files for arm devices. IEICE Trans. Inf. Syst. 99(2), 351–359 (2016)CrossRef

Zhu, R., Tan, Y., Zhang, Q., Li, Y., Zheng, Jun: Determining image base of firmware for arm devices by matching literal pools. Digit. Invest. 16, 19–28 (2016)CrossRef

Müller, T., Spreitzenbarth, M.: Frost. In: International Conference on Applied Cryptography and Network Security, pp. 373–388. Springer, New York (2013)

Carbone, R., Bean, C., Salois, M.: An in-depth analysis of the cold boot attack. DRDC Valcartier, Defence Research and Development, Canada, Tech. Rep. (2011)

10.

Gruhn, M., Müller, T.: On the practicability of cold boot attacks. In: Eighth International Conference on Availability, Reliability and Security (ARES), 2013, pp. 390–397. IEEE (2013)

11.

Zidlicky, R.: Re: the cold-boot attack—a paper tiger? www.spinics.net/lists/crypto/msg04668.html (2008). Accessed 30 Oct 2016

12.

Müller, T., Dewald, A., Freiling, F.C.: Aesse: a cold-boot resistant implementation of aes. In: Proceedings of the Third European Workshop on System Security, pp. 42–47. ACM (2010)

13.

Simmons, P.: Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 73–82. ACM (2011)

14.

Müller, T., Freiling, F.C., Dewald, A.: Tresor runs encryption securely outside ram. In: USENIX Security Symposium, vol. 17 (2011)

15.

Müller, T., Taubmann, B., Freiling, F.C.: Trevisor. In: International Conference on Applied Cryptography and Network Security, pp. 66–83. Springer (2012)

16.

Götzfried, J., Müller, T.: Armored: Cpu-bound encryption for android-driven arm devices. In: Eighth International Conference on Availability, Reliability and Security (ARES) 2013, pp. 161–168. IEEE (2013)

17.

Nilsson, A., Andersson, M., Axelsson, S.: Key-hiding on the arm platform. Digit. Invest. 11, S63–S67 (2014)CrossRef

18.

Henson, M., Taylor, S.: Memory encryption: a survey of existing techniques. ACM Comput. Surv. (CSUR) 46(4), 53 (2014)CrossRefMATH

19.

McGregor, P., Hollebeek, T., Volynkin, A., White, M.: Braving the cold: new methods for preventing cold boot attacks on encryption keys. In: Black Hat Security Conference, Las Vegas (2008)

20.

TCG.: Tcg platform reset attack mitigation specification. https://www.trustedcomputinggroup.org/resources/pc_client_work_group_platform_reset_attack_mitigation_specification_version_10/ (2008). Accessed 30 Oct 2016

21.

Gutmann, P.: Data remanence in semiconductor devices. In: Proceedings of the 10th conference on USENIX Security Symposium, vol. 10. USENIX Association (2001)

22.

Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)CrossRef

23.

Saout, C.: dm-crypt: a device-mapper crypto target. http://www.saout.de/misc/dm-crypt/ (2011). Accessed 30 Oct 2016

24.

Google.: Encryption. https://source.android.com/security/encryption/ (2016). Accessed 30 Oct 2016

25.

Beniamini, G.: Extracting qualcomm’s keymaster keys—breaking android full disk encryption. https://bits-please.blogspot.jp/2016/06/extracting_qualcomms_keymaster_keys.html (2016). Accessed 30 Oct 2016

Title: Cryptographic key protection against FROST for mobile devices
Authors: Xiaosong Zhang
Yu-an Tan
Yuan Xue
Quanxin Zhang
Yuanzhang Li
Can Zhang
Jun Zheng
Publication date: 11-01-2017
Publisher: Springer US
Published in: Cluster Computing / Issue 3/2017
Print ISSN: 1386-7857
Electronic ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-016-0721-3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2017

I/O access frequency-aware cache method on KVM/QEMU

Separation of concerns for distributed cross-platform context-aware user interfaces

A big data analytics approach to combat telecommunication vulnerabilities

The framework and algorithm for preserving user trajectory while using location-based services in IoT-cloud systems

Parameter based tuning model for optimizing performance on GPU

PB-MII: replacing static RSUs with public buses-based mobile intermediary infrastructure in urban VANET-based clouds

Premium Partner