Association for Computing Machinery
Hard disk encryption is known to be vulnerable to a number of attacks that aim to directly extract cryptographic key material from system memory. Several approaches to preventing this class of attacks have been proposed, including Tresor and LoopAmnesia. The common goal of these systems is to con ne the encryption key and encryption process itself to the CPU, such that sensitive key material is never released into system memory where it could be accessed by a DMA attack. In this paper, the authors demonstrate that these systems are nevertheless vulnerable to such DMA attacks. Their attack, which they call Tresor-Hunt, relies on the insight that DMA-capable adversaries are not restricted to simply reading physical memory, but can write arbitrary values to memory as well.