04-08-2020 | | By Robin Mitchell
The importance of hardware security is ever-growing, and designers are continually developing new ways to implement such measures. What is on-the-fly RAM encryption, and what problems can it solve?
For the longest time, attacks on devices often came from a software point of view whereby an attacker would use code exploits, or bugs in an OS to gain access to sensitive data. While hardware attacks have existed for as long as hardware has been around, they were far rarer than their software counterparts. A classic example of a simple hardware attack on older Windows machines is when an attacker can reboot the machine, gain entry into the Windows boot menu, and start-up in an admin account with full privileges. While some may consider this an OS exploit (which it is), it requires access to the physical computer. This type of attack is known as a side-channel attack as it bypasses security measures without needing to interact with them.
However, the increase of IoT devices sees a whole new range of hardware attacks thanks to poor design and high payoffs. But hardware attacks are often about gaining entry to protected data or taking control of software via the use of hardware. These types of attacks are particularly difficult to stop as software-based security can do very little against them. Software is not real and cannot affect the world outside it, whereas hardware is real. As a result, designers have begun integrating hardware security into CPUs, SoCs, microcontrollers, and boards to protect devices from hardware attacks.
The hardware security field is still in its infancy (when compared to software security), but has already made leaps and bounds. The most basic form of hardware security comes in the form of tamper pins which detect when an attacker has attempted to demount an IC. Once identified, a software subroutine can be called, which could be made to wipe all internal data. Another form of hardware security comes in the form of cryptographic accelerators which are special units that perform specialised encryption algorithms. These units are immutable, and as a result, can defend against hardware attacks that may try to monitor buses. But one emerging technology that could see use in the future is the use of on-the-fly RAM encryption. What does this do, and what attacks can it defend against?
Random Access Memory, or RAM, is an area of memory in a computer that is used to hold temporary data. However, the term “temporary” is incredibly loose, as RAM is used to keep everything from running programs to sensitive data. Because of this, many CPUs deploy privilege levels that prevent an application from accessing the RAM of other processes. Therefore, an operation launched by an attacker cannot peek into the RAM contents of a bank app and obtain usernames, passwords, and additional personal information. However, RAM is incredibly weak against hardware attacks, and attackers can get around privilege levels using such an attack.
When RAM is turned off, it loses the contents of its memory, but this can take minutes depending on its temperature. To make matters worse, most processors do not wipe RAM when rebooting which means that a computer which is quickly turned off and on forces it to reboot, but preserves the contents of RAM. Therefore, an attacker can reduce the temperature of RAM (using compressed air), increase the longevity of the memory, load a custom OS on a flash drive, and have it dump the contents of RAM (which are now entirely unprotected), and store it into a text file. Since RAM can be used to hold private keys, passwords, and much more, the attacker has a wealth of potentially sensitive information with minimal effort. How can such a system be protected against?
One method to protect against such an attack is to implement on-the-fly RAM encryption. While this is still incredibly rare in the industry (but does exist), the contents of RAM are encrypted meaning that even if an attacker can dump the contents into a file, the results would be encrypted. Specialised cryptographic accelerators can load bytes from RAM and decode them in real-time for the CPU to read.
The use of memory encryption requires the use of a private key that should change on each boot of the CPU. Storing this key in RAM would be counter-intuitive, which is why such a system could utilise internal registers instead. The advantage of this is that most CPUs reset all their registers when they first boot meaning that an attacker could not retrieve the encryption key used to encrypt the RAM. However, on-the-fly encryption does have its shortfalls; the strong the encryption the longer it takes to read from RAM. This is also problematic for systems needing DMA as all data needs to be encrypted/decrypted before being transferred.
On-the-fly encryption of RAM could provide future systems with high-degrees of security that not only prevent processes from accessing areas of RAM that they shouldn’t but wouldn’t even be able to decode the data if they did. However, it may be a form of protection that is far too complex for most applications, including IoT, where price and size are essential.