Exzess: Hardware-Based RAM Encryption Against Physical Memory Disclosure
The main memory of today’s computers contains lots of sensitive data, in particular from applications that have been used recently. As data within RAM is stored in cleartext, it is exposed to attackers with physical access to a system. In this paper we introduce Exzess, a hardware-based mitigation against physical memory disclosure attacks such as, for example, cold boot and DMA attacks. Our FPGA-based prototype with accompanying software components demonstrates the viability, security and performance of our novel approach for partial main memory encryption via memory proxies. The memory proxy approach will be compared to other existing mitigation techniques and possible further uses beyond encryption will be discussed, as well. Exzess effectively protects against physical attacks on main memory while being transparent to applications and the operating system after initialization.
KeywordsMemory encryption Memory disclosure Physical attacks
This work was partly supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89).
- 1.Becher, M., Dornseif, M., Klein, C.N.: FireWire - all your memory are belong to us. In: Proceedings of the Annual CanSecWest Applied Security Conference. Laboratory for Dependable Distributed Systems, RWTH Aachen University, Vancouver, British Columbia, Canada (2005)Google Scholar
- 3.Duc, G., Keryell, R.: Cryptopage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In: 22nd Annual Computer Security Applications Conference ACSAC 2006, Miami Beach, Florida, USA, 11–15 December, pp. 483–492 (2006)Google Scholar
- 4.Enterpoint Ltd.: Raggedstone 2 - Xilinx Spartan 6 FPGA Development Board, Manufacturer Website. http://www.enterpoint.co.uk/products/spartan-6-development-boards/raggedstone-2/
- 5.Gruhn, M., Müller, T.: On the practicability of cold boot attacks. In: 2013 International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 2–6 September, pp. 390–397 (2013)Google Scholar
- 6.Gutmann, P.: Data remanence in semiconductor devices. In: 10th USENIX Security Symposium, Washington, D.C., USA, 13–17 August 2001 (2001)Google Scholar
- 7.Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryptions keys. In: Proceedings of the 17th USENIX Security Symposium. Princeton University, USENIX Association, San Jose, CA, August 2008Google Scholar
- 10.Peterson, P.: Cryptkeeper: Improving security with encrypted RAM. In: Technologies for Homeland Security (HST), pp. 120–126. IEEE, November 2010Google Scholar
- 11.Provos, N.: Encrypting virtual memory. In: 9th USENIX Security Symposium, Denver, Colorado, USA, 14–17 August 2000 (2000)Google Scholar
- 12.Satyanarayana, H.: AES128 Crypto Core in VHDL, licensed under LGPL (2004). http://opencores.org/project,aes_crypto_core