Conference Paper

Defending Against Attacks on Main Memory Persistence

Dept. of Comput. Sci. & Eng., Pennsylvania State Univ., University Park, PA
DOI: 10.1109/ACSAC.2008.45 Conference: Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Source: IEEE Xplore

ABSTRACT

Main memory contains transient information for all resident applications. However, if memory chip contents survives power-off, e.g., via freezing DRAM chips, sensitive data such as passwords and keys can be extracted. Main memory persistence will soon be the norm as recent advancements in MRAM and FeRAM position non-volatile memory technologies for widespread deployment in laptop, desktop, and embedded system main memory. Unfortunately, the same properties that provide energy efficiency, tolerance against power failure, and "instant-on'' power-up also subject systems to offline memory scanning. In this paper, we propose a memory encryption control unit (MECU) that provides memory confidentiality during system suspend and across reboots. The MECU encrypts all memory transfers between the processor-local level 2 cache and main memory to ensure plaintext data is never written to the persistent medium. The MECU design is outlined and performance and security trade-offs considered. We evaluate a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. This analysis shows the majority of memory accesses are delayed by less than 1 ns, with higher access latencies (caused by resume state reconstruction) subsiding within 0.25 seconds of a system resume. In effect, the MECU provides zero-cost steady state memory confidentiality for non-volatile main memory.

Full-text preview

Available from: psu.edu
    • "PRAMs are non-volatile, so there are privacy concerns over the contents residing in it. The authors in [5] propose a new mechanism to improve these types of memories. They use a counter mode encryption, with secret keys stored inside the processor, but with additional counters for each data block. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The memory of any digital system stores sensitive information that needs to be protected from any type of attacks. In the last decade, device specific attacks have been reported and analyzed, attacks that successfully extract private encryption keys from AES algorithms. In this work, a novel technique is proposed which targets the increase of security in memory systems through the use of data scrambling and information entropy models. In order to make the proposed solution viable, dissemination rules are employed and explained. Also, the method is evaluated from several points of view.
    No preview · Article · Jan 2015
    • "PRAMs are non-volatile, so there are privacy concerns over the contents residing in it. The authors in [4] propose a new mechanism to improve these types of memories. They use a counter mode encryption, with secret keys stored inside the processor, but with additional counters for each data block. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Increasing the security of memory systems is relevant due to the sensitive information which is stored in plain-text. Over the last decade, device specific attacks have been reported as being successfully in retrieving encryption and private keys from AES algorithms. A novel technique is proposed in this work, which improves the security of a cache memory through the use of data scrambling. Several dissemination rules are explained and employed, in order to make the proposed method a viable security solution. The proposed technique is evaluated from several points of view (area overhead, power consumption and performance) and compared to a standard technique.
    No preview · Conference Paper · Sep 2014
  • Source
    • "PRAMs are non-volatile, so there are privacy concerns over the contents residing in it. The authors in [4] propose a new mechanism to improve these types of memories. They use a counter mode encryption, with secret keys stored inside the processor, but with additional counters for each data block. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Protecting the information inside a memory is vital in any digital system. The target objective is to make the data unreadable because device specific attacks can occur at any time. We propose a novel security measure for protecting and securing the stored data from a memory system, by using random vectors for scrambling the information. The results show that data scrambling is possible in any kind of memory system, all with low area overhead, small delay penalty and low power consumption.
    Full-text · Conference Paper · May 2014
Show more