Memories are becoming entry points for cyber attacks, raising concerns about system-level security because memories are nearly ubiquitous in electronics and breaches are difficult to detect.
There is no end in sight with hackers taking aim at almost every consumer, industrial, and commercial segment, and a growing number of those devices connected to the internet and to each other. According to a survey conducted by Splunk, 54% of enterprises experienced at least monthly system/network outages from cyberattacks. It has been reported that about 70% of the vulnerability in Microsoft products is related to memory safety issues.
Memory attacks, vulnerability
Attacks come in all forms — physical, local proximity, and remote. Physical attacks occur when hackers have possession of the computers or devices, as in the case of theft. Even without having the devices, hackers can gain access through side-channel attacks if they are near the targeted devices. But the most common type of cyberattacks are remote. During a remote attack, malware enters the network or systems, including memories. In general, hackers look for design errors and system/memory vulnerabilities.
Bad actors may try to attack the memory in almost any system. “It could be something relatively benign, like installing a new operating system on a device that is owned by the attacker, or it could have substantial consequences in the case of computers handling financial, infrastructure, military, or transportation functions,” said Marc Greenberg, Cadence’s group director for product marketing for DDR, HBM, flash/storage, and MIPI IP. “All types of memory are potential targets for attackers.”
There are two broad classifications of memory attacks. The first involves attacks on storage devices that are used to boot or load an operating system or software for a machine. Greenberg said that often, but not always, these require physical access to the machine to mount an effective attack on the storage, although an already compromised machine may further corrupt the storage such that the machine remains permanently compromised until it is completely erased and restarted. Encryption can help protect these storage devices.
The second involves RAM devices that store temporary data. These devices are more likely to be attacked through the machine itself, including through internet-connected attacks. Physical attacks on RAM are also a possibility.
Most systems’ security comes from physical security combined with built-in memory protection and run-time security provided through the system. “But as new ways of exploiting cybersecurity weaknesses are discovered over time, more advanced memory types tend to contain mitigating features for those methods,” Greenberg said. “For example, DDR5 contains refresh management functions that may help to defend against some rowhammer-type attacks.”
Finding memory attacks
Detecting these attacks is difficult, primarily because the information stored in memories is either data or programs via executable codes. Security defense mechanisms largely focus on networks and connectivity, including security keys, authorization, and authentication. They don’t always check on the instructions run by the BIOS or operating systems. These executable instructions do not have typical file structures. As a result, these fileless scripts are almost impossible to detect. If these instructions have been infected by malware, the attacks can be carried out once the instructions are executed.
Sophisticated hackers make use of memory-based fileless methods to carry out attacks undetectable by conventional host-based defenses, such as the Web Application Firewall (WAF) or the Endpoint Detection and Response (EDR). These fileless attacks can come even from legitimate sources in the form of a word doc embedded with macros or websites running Flash. Unless these sources have good cyber defenses, infected software may be passed along without the users knowing it.
There are a number of ways hackers attack memory devices.
Cold boot attacks
Once a hacker is in possession of the devices, cold boot attacks can be used to extract information from the devices. When a device is being hard shut down, such as holding down the power button for a few seconds, hackers can do a memory dump from DRAMs and RAMs within a few seconds to a minute. During this time, the memory contents are still available. And unless the content is encrypted, hackers can use it to access other networks or servers.
“Many experts pay a great deal of attention to cybersecurity,” said Dana Neustadter, senior product marketing manager for security IP at Synopsys. “But making sure the system or devices are physically secure is equally important. Once hackers are in possession of the devices, they can perform cold boot attacks on RAMs and other memories to steal information including the cryptographic keys. It’s critical to refresh keys frequently and encrypt sensitive memory content to ensure data confidentiality. In this case, even though hackers are able to do a memory dump, they cannot de-cipher the encrypted content.”
Side-channel attacks
Without physical possession of the devices, hackers can still attack if the target devices are within proximity. This is commonly known as a side-channel attack.
Hackers use a sensing device to detect the various energy levels the device is emitting, which is called the power signature. That enables hackers to decode and steal the security keys, and from there to execute system-level or memory attacks.
Direct memory attacks also come in different forms, including boot loader, rowhammer, and RAMBleed (a rowhammer variant).
Boot loader attacks
When a computer or embedded device is being powered up or restarted, the basic input output system (BIOS) — a piece of firmware located in ROM or EPROM that comes with the device — is run. The BIOS then looks for a bootable device in which the boot loader or boot manager codes are located. The function of an OS dependent boot loader is to load the operating system. After that, the OS will take over. Newer systems, such as Windows 11, come with the unified extensible firmware interface (UEFI) BIOS. The UEFI specification determines how firmware accesses hardware. UEFI eventually may replace BIOS.
If BIOS (or UEFI) is infected, the whole system/network will be compromised. The bootloader is a high-value target for hackers.
Vulnerabilities in the GRand Unified Bootloader (GRUB), a popular Unix-based OS boot loader, had serious consequences. In 2020, BleepingComputer reported a major vulnerability known as the BootHole GRUB bootloader bug that interrupts the OS booting process. This affected all Unix-based OSes and some Windows OSes. More alarming, the secure boot verification mechanism could not prevent the attack. This type of malware can be activated during boot up, and is capable of dormancy for a period of time.
Rowhammer attacks
This vulnerability occurs at the DRAM circuit level (including DDR). By means of repeatedly reading (hammering) a DRAM row (transistors), an electrical charge is generated. The charge flips the bits of adjacent or nearby rows, allowing hackers to change or corrupt memory data.
Rowhammer attacks are becoming more pronounced as the density in memory chips increases. Such malware also can obtain information from an adjacent row to acquire a higher privilege.
In response to the attacks, a fix called Target Row Refresh (TRR) was implemented. By detecting the memory rows frequently accessed, the refresh rate of the adjacent rows would be increased before the data leak (tracked as CVE-2021-42114). So far this has been effective in stopping rowhammer attacks, even though more recent attacks attempted to bypass TRR.
Rowhammer varies the attack
Much like the Covid-19 variant, rowhammer variant RAMBleed (CVE-2019-0174) has evolved and become more powerful. In addition to modifying the DRAM bit information, RAMBleed can steal it. Other variants, including GLitch, RAMpage, Throwhammer, Nethammer, and Drammer can do more damage, such as taking control of cell phones and networks using DRAM as the back door.
Stephan Rosner, vice president of systems engineering at Infineon Technologies, said it is helpful to think about security in the context of assets that have properties in need of protection. “One such asset is information in the form of data or code, which has been stored by users. Other assets are keys stored by a vendor, representing a root-of-trust and the device itself. This device, which could be a costly high-reliability automotive part, should not be impersonated by a less-expensive, lower-quality device. Assets can be under various threats, such as from becoming known (confidentiality), modified (integrity), and so on. Secure systems mitigate these threats. Secure memories are part of a secure system. They are intended as a response to threats where use of non-secure memories would require other possibly more costly mitigations, or not be possible at all.”
Consider, for example, a valid transaction in which a read can be replayed at a later time. This could be a case where information has been updated, but a replay attack returns old but valid information. Replay protection requires the memory to make the iterations of the same transaction distinguishable and determine their order. This can be used to detect replayed transactions, but it requires a secure memory such as a RPMC device.
Protecting memory is challenging
Cyberattack techniques are constantly changing. Therefore, it is important to continually upgrade defense mechanisms. Installing vulnerability patches in a timely fashion is the minimum requirement. It is also important to regularly audit memory vulnerabilities.
Even though it is almost impossible to achieve memory security 100% of the time, following advice from the experts can go a long way.
Marc Witteman, CEO of Riscure, said good memory design needs to protect data confidentiality and integrity. “Flash memory suffers from wear, and nowadays includes integrity mechanisms, including a virtual-to-physical mapping to deactivate defective cells. Also rowhammering is a risk that needs to be protected against in DRAM. Sophisticated memory chips will include encryption for internal data storage and potentially for transit.”
In hardware design, whether it is working with ASICs, SoCs, or memories, it is important to make sure that there is a “secure by design” development and validation process in place. “The basic steps in the process should include identifying security requirements and CWEs relevant to the threat model, establishing confidentiality, integrity, and availability objectives as well as security boundaries of the design,” said Mitch Mlinar, vice president of engineering at Cycuity. “Then you need to comprehensively validate security at every step of the development process.”
Memory tamper resistance needs to accompany cryptography
One unaddressed issue of cryptography as a solution for memory security is the concept of tamper resistance. Cryptography alone might present the adversary with an unbreakable front door, but it provides no security at all if access to the keys is as easy as looking under the welcome mat — or if there’s an open window next to the impenetrable front door.
Scott Best, technical director of anti-counterfeiting products at Rambus explained if there are cryptographic keys being used to secure data privacy, a motivated adversary has a menu of attack techniques — side-channel, invasive, semi-invasive — which can be used to reveal the key. “Or, if not the entire key, they will reveal at least sufficient bits of the key so that the remaining key space can be brute-force recovered. If an authentication check is used to secure data authenticity, a comparison of calculated results versus expected results is often performed — in which case, that comparison then becomes the target of malicious modification.”
Stopping that requires a full stack of security.
“The best approach is to use multiple layers of security to defend against known attacks, as well as potentially unknown attacks,” noted Cadence’s Greenberg. “Taking RAM as an example, we might take a number of approaches, depending on the overall security the system requires. Physical security should be implemented to defend against substitution of the physical memory devices, or interposers, or other methods that could be used to extract or inject data. Secure operating systems should be in place to ensure that untrusted code does not run in a privileged way. Error correction can be implemented to prevent certain errors from providing widespread corruption in the system. Making sure there is defense against rowhammer, and similar attacks of the kind where untrusted code can escalate its privileges without express permission of the operating system, is essential. Also, memory encryption can be used such that even if untrusted code was able to escalate privileges, it still wouldn’t be able to read data written by other processes or virtual machines. Memory tagging can be employed to prevent different processes or virtual machines from reading each other’s code or data.”
Infineon’s Rosner said additional ways to strengthen memory security include cryptographic algorithms, such as symmetric, asymmetric, key generation and derivation, certification, signatures. That can be coupled with protection against tampering, such as intrusion sensing, power glitching protection, and side channel protections like constant time operations, and obfuscation of power signatures. Along side of that, there is plenty of literature on common attacks, and there are certifications, such as FIPS 140, Common Criteria, SESIP, etc., that can prevent known attacks.
None of this is perfect, though, and experts advise be ready to recover and respond.
“Every developer attempts to design the most secure circuits possible,” Riscure’s Witteman said. “But they may still have vulnerabilities. Therefore, it’s important to test the circuits to uncover the potential problems. Some of these testing methods include physical probing, prevention of fault injection, and leakage assessment through power consumption or electromagnetic radiation. In the case of fault injection, threat actors can use this vulnerability to achieve data leak, privilege escalation, or key extraction, and the consequences can be serious. To mitigate this, it is important to consider increase fault resistance, recover and respond when attacks occur.”
Conclusion
Designing memory security is a balancing act. Highly secured memory with sophisticated algorithm and multiple layers of protection requires high-performance SoCs, which may consume more power and more costly.
“There is a performance tradeoff concern,” Rambus’ Best noted. “Everyone wants their laptop or smartphone to be functionally immune from malware, but everyone also wants the device to boot within seconds of hitting the power button. Algorithms that ensure data privacy can be hardware-accelerated, such that the cryptographic latency only impacts the most performance-sensitive hardware within a CPU. But the algorithms ensuring data authenticity are often the reason you’re waiting half a minute for a laptop to load its operating system.
Also, when applying encryption to memory content, Synopsys’ Neustadter advised the use of standard cryptographic algorithms like NIST AES-XTS, with largest key sizes whenever possible, to achieve highest security level. “In addition, the performance has to align with the memory bandwidth with minimum impact on latency and area. Most optimal memory encryption solutions, like in the case of secure DDR/LPDDR controllers, are achieved when the encryption engine is inline and integrated with the controller.”
Compared with protecting edge computing and networks, memory security is more difficult and nuanced. In some cases, cyberattacks are more difficult to detect. For these reasons, memories are prime targets for hackers, and attacks come in all forms, including attacks of cold boot, side channel, boot loader, rowhammer, and variants. These attacks will become more numerous and sophisticated, so following advice from experts and using known best practices are essential.
