1

AFAIK, our current disk encryption methods (dm-crypt) preserve the key (as well as decrypted data) in RAM while the computer is running with an implicit assumption that the memory is volatile and key will be lost along with decrypted data when computer is shut down.

However, future advancements in technology may make volatile memory obsolete. Given operating-systems adapt to work without RAM in future, what are the ways to achieve disk decryption without volatile memory? Is it possible, or will we always need volatile memory for cryptography?

[UPDATE]

After thinking about this, I conclude that there are inherent properties in cryptography that necessitate the presence of a temporary insecure location. I don't think it is even theoretically possible to have algorithms that need to access the key once and be done with it without storing it in an insecure location. And that volatile insecure location also acts like a kill-switch.

(*insecure = not encrypted).

Vikrant Chaudhary
  • 113
  • 4
  • I am not sure if you would consider CPU registers as "volatile memory", but if not then it is possible and has been done before. See the TRESOR (https://en.wikipedia.org/wiki/TRESOR) patch for Linux, but it has not been widely deployed. – Nasrus Jun 10 '14 at 05:53
  • CPU registers and cache are certainly volatile. – Polynomial Jun 10 '14 at 07:23

3 Answers3

1

It's possible that at some point in the future we might have a dedicated volatile memory designed for storing encryption keys, much like we use TPMs for long-term storage of keys. Perhaps a portion of the TPM could be memory mapped by the kernel and used for ephemeral key storage. This might even give rise to devices designed to resist cold boot attacks, going beyond the security offered by current FDE schemes. We haven't seen these things yet because volatile ram is "good enough", but in a world where flash has the speed of RAM (and thus the merger of persistent and ephemeral storage) the dedicated key storage may become a necessity.

David
  • 15,814
  • 3
  • 48
  • 73
0

CPU registers are not volatile memory as they use SRAM. Volatile memory loses its contents once it loses power, nonvolatile does not. OP's concern seems to be that the key for disk encryption could be stolen from nonvolatile RAM, but the issue also exists for volatile RAM (cold boot) as it is not perfectly volatile. Some security-based operating systems wipe DRAM before shutting down, the same could be done to a theoretical nonvolatile key storage space.

The threat model matters when discussing cryptography. The symmetric key for internet traffic doesn't have the same storage requirements as the symmetric key for disk encryption.

edit:In case my answer wasn't clear enough for some people; yes it is possible to use encryption with only nvRAM, though the risks may change slightly.

Answer1
  • 1
  • 1
  • This answer is slightly inaccurate in that SRAM is still classified as volatile though it exhibits short-term data remanence. Also see a relevant discussion from a sister site: https://electronics.stackexchange.com/questions/198274/storing-a-secure-key-in-an-embedded-devices-memory – Jedi Jul 12 '17 at 02:28
0

It seems to me that the goal here is to make the data unreadable once we are done with it. This could be achieved to a large degree by securely overwriting the data during shutdown. Granted, this is not ideal as it leaves the question as to what would happen in he event that power is interrupted.

Khang T
  • 36
  • 3