MemShield: GPU-assisted software memory encryption
This addresses security risks for users of cryptographic applications by providing a novel defense against Cold Boot attacks, though it is incremental as it builds on existing memory encryption concepts.
The authors tackled the vulnerability of cryptographic algorithm implementations to Cold Boot attacks by proposing MemShield, a GPU-assisted memory encryption framework that stores the master key on the GPU and performs encryption/decryption operations, achieving transparency to applications without OS kernel modifications.
Cryptographic algorithm implementations are vulnerable to Cold Boot attacks, which consist in exploiting the persistence of RAM cells across reboots or power down cycles to read the memory contents and recover precious sensitive data. The principal defensive weapon against Cold Boot attacks is memory encryption. In this work we propose MemShield, a memory encryption framework for user space applications that exploits a GPU to safely store the master key and perform the encryption/decryption operations. We developed a prototype that is completely transparent to existing applications and does not require changes to the OS kernel. We discuss the design, the related works, the implementation, the security analysis, and the performances of MemShield.