Cold Boot Attacks on DDR2 and DDR3 SDRAM

Lindenlauf, Simon; Höfken, Hans; Schuba, Marko

doi:10.1109/ares.2015.28

Cited by 15 publications

(11 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A cold boot attack is a physical attack on DRAM that involves hot-swapping a DRAM chip and reading out the contents of the DRAM chip on another system [17,52,57,65,91,96,104,107,143,160,170]. The attacker first disables power to the computer containing the victim DRAM and then transfers the DRAM to another system that can read its content.…”

Section: Preventing Cold Boot Attacksmentioning

confidence: 99%

See 1 more Smart Citation

CODIC: A Low-Cost Substrate for Enabling Custom In-DRAM Functionalities and Optimizations

Orosa¹,

Wang²,

Sadrosadati³

et al. 2021

Preprint

View full text Add to dashboard Cite

DRAM is the dominant main memory technology used in modern computing systems. Computing systems implement a memory controller that interfaces with DRAM via DRAM commands. DRAM executes the given commands using internal components (e.g., access transistors, sense amplifiers) that are orchestrated by DRAM internal timings, which are fixed for each DRAM command. Unfortunately, the use of fixed internal timings limits the types of operations that DRAM can perform and hinders the implementation of new functionalities and custom mechanisms that improve DRAM reliability, performance and energy. To overcome these limitations, we propose enabling programmable DRAM internal timings for controlling in-DRAM components.To this end, we design CODIC, a new low-cost DRAM substrate that enables fine-grained control over four previously fixed internal DRAM timings that are key to many DRAM operations. We implement CODIC with only minimal changes to the DRAM chip and the DDRx interface. To demonstrate the potential of CODIC, we propose two new CODIC-based security mechanisms that outperform state-of-the-art mechanisms in several ways: (1) a new DRAM Physical Unclonable Function (PUF) that is more robust and has significantly higher throughput than state-of-the-art DRAM PUFs, and (2) the first cold boot attack prevention mechanism that does not introduce any performance or energy overheads at runtime.

show abstract

Section: Preventing Cold Boot Attacksmentioning

confidence: 99%

“…Second, we propose a new CODIC-based mechanism to prevent Cold Boot Attacks [17,52,57,65,91,96,104,107,143,160,170]. In a Cold Boot Attack, the attacker physically removes the DRAM module from the victim system and places it in a system under their control to extract secret information.…”

Section: Introductionmentioning

confidence: 99%

CODIC: A Low-Cost Substrate for Enabling Custom In-DRAM Functionalities and Optimizations

Orosa¹,

Wang²,

Sadrosadati³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Apart from these architectural challenges, the DRAM presents a substantial physical attack surface, allowing passive [5,39,60] and active [50] attacks to infer or tamper with secret data stored in memory. To isolate data from physical attacks and ensure its integrity, encrypting and authenticating the DRAM is necessary.…”

Section: Memory Encryptionmentioning

confidence: 99%

“…Anything outside the SoC is untrusted. In particular, the attacker can tamper with the DRAM and mount bus probing or cold-boot attacks [60]. SERVAS effectively removes CPU components involved in the page mapping and address translation from the TCB: unlike SGX, which needs to store trusted metadata in the EPCM [21], SERVAS avoids having an EPCM, thus slightly decreasing the TCB complexity of our SoC.…”

Section: Threat Modelmentioning

confidence: 99%

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Steinegger¹,

Schrammel²,

Weiser³

et al. 2021

Preprint

View full text Add to dashboard Cite

Isolation is a long-standing challenge of software security. Traditional privilege rings and virtual memory are more and more augmented with concepts such as capabilities, protection keys, and powerful enclaves. At the same time, we are evidencing an increased need for physical protection, shifting towards full memory encryption schemes. This results in a complex interplay of various security mechanisms, increasing the burden for system architects and security analysts.In this work, we tackle the isolation challenge with a new isolation primitive called authenticryption shield that unifies both traditional and advanced isolation policies while offering the potential for future extensibility. At the core, we build upon an authenticated memory encryption scheme that gives cryptographic isolation guarantees and, thus, streamlines the security reasoning. We showcase the versatility of our approach by designing and prototyping SERVAS -an innovative enclave architecture for RISC-V. Unlike current enclave systems, SERVAS facilitates efficient and secure enclave memory sharing. While the memory encryption constitutes the main overhead, entering or exiting a SERVAS enclave requires only 3.5x of a simple syscall, instead of 71x for Intel SGX.

show abstract

“…Note that we executed both attacks at a temperature of approximately 20 • C. The results improve when cooling down the phone and its memory modules, as described in [1,10,37].…”

Section: Decay Based On the Cold Boot Attackmentioning

confidence: 99%

A flexible framework for mobile device forensics based on cold boot attacks

Huber

Taubmann

Wessel

et al. 2016

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these devices can provide against digital forensics is of particular interest. A common method to access arbitrary data in main memory is the cold boot attack. The cold boot attack exploits the remanence effect that causes data in DRAM modules not to lose the content immediately in case of a power cut-off. This makes it possible to restart a device and extract the data in main memory. In this paper, we present a novel framework for cold boot-based data acquisition with a minimal bare metal application on a mobile device. In contrast to other cold boot approaches, our forensics tool overwrites only a minimal amount of data in main memory. This tool requires no more than three kilobytes of constant data in the kernel code section. We hence sustain all of the data relevant for the analysis of the previously running system. This makes it possible to analyze the memory with data acquisition tools. For this purpose, we extend the memory forensics tool Volatility in order to request parts of the main memory dynamically from our bare metal application. We show the feasibility of our approach on the Samsung Galaxy S4 and Nexus 5 mobile devices along with an extensive evaluation. First, we compare our framework to a traditional memory dump-based analysis. In the next step, we show the potential of our framework by acquiring sensitive user data.

show abstract

Cold Boot Attacks on DDR2 and DDR3 SDRAM

Cited by 15 publications

References 3 publications

CODIC: A Low-Cost Substrate for Enabling Custom In-DRAM Functionalities and Optimizations

CODIC: A Low-Cost Substrate for Enabling Custom In-DRAM Functionalities and Optimizations

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

A flexible framework for mobile device forensics based on cold boot attacks

Contact Info

Product

Resources

About