7

Without adding any additional hardware, is RAM encryption possible? If so are there any known and currently used implementations for Linux or Windows systems? And if this is something that is possible without extra hardware, is there any software available that can perform this task without needing to reinstall the OS?

16b7195abb140a3929bbc322d1c6f1
  • 3,344
  • 4
  • 16
  • 20
  • 1
    What is the threath model? Or, at least, what/who/where is the attacker you are trying to protect against? – CristianTM Jan 07 '16 at 14:41
  • I imagine an OS where exactly one page on the computer has read (optionally read-write), and exactly two pages have read-execute protection (one of them contains the fault handler, so it must be permanently read-execute and plaintext). Accessing _any_ page but the "current" one faults, every time. The fault handler decrypts the new page, and re-encrypts the previously "current" page. That would actually be possible... but oh my, how nonsensical and what a bummer for performance. – Damon Jan 07 '16 at 15:30

2 Answers2

13

Without adding any additional hardware, is RAM encryption possible?

Sure.
You can encrypt whatever you like in RAM, just like you encrypt everything else.
The more interesting quesstion is "where are the keys". You can just leave the keys in RAM as well or give them to the OS which will also store them in RAM.
You can apply some of the fancy techniques proposed by Schneier et. al. in Cryptography Engineering, i.e. one-time-pad encrypt the key to your data, store the pad in RAM and decrypt data only when needed.

If so are there any known and currently used implementations for Linux or Windows systems

Windows offers the Data-Protection API (DPAPI), letting you encrypt data using the user's log-in credentials. I know that at least some password managers (like KeePass) use this to protect the valuable passwords in RAM.

Using a Trusted Platform Module (TPM; which get increasingly popular as Windows now requires them) or some other dedicated hardware would indeed solve the issue best by offloading the key to a place you trust in case the RAM is compromised.

However there's one solution that is rolling out right now: Intel's Software Guard Extensions (SGX), shipping with Skylake and newer CPUs. They allow you to load a program into your processor, verify its state is correct - remotely - and then protect its execution. The CPU will automatically encrypt everything leaving the processor (i.e. everything that is offloaded to RAM) and will thereby ensure security for you. The only problem for mass deployment is that SGX requires you to have a signed code that your processor will accept, i.e. Intel must issue you a certificate for this purpose.

SEJPM
  • 9,540
  • 6
  • 37
  • 67
4

Absolutely, particularly if you are using RAM as non-persistent storage in which case you can encrypt it like any disk, file or directory after partitioning it off and mounting it in namespace.

However, executable program data needs to exist as 'plaintext' in memory at some point so it is ineffective to try and protect kernel and program memory in this manner.

The tools necessary are simple and ubiquitous (openssl, etc).

Whome
  • 1,231
  • 11
  • 21
  • It might be sensible to encrypt working memory if memristors are to become a replacement for RAM as some people have proposed. – JimmyJames Jan 07 '16 at 15:17
  • 1
    Isn't this kind of a zero-sum game because the key to decrypt the data needs to be stored in the ram too but unencrypted?!^^ – davidb Jan 07 '16 at 19:07
  • 2
    @davidb Not necessarily, you can you homomorphic encryption schemes in software or TPM hardware to get around exposing keys to physical memory. Arm boards also have trust zone which can partition off this access to a trusted processing partition. – Whome Jan 07 '16 at 19:11