Exzess: Hardware-based RAM Encryption against Physical Memory - - PowerPoint PPT Presentation

exzess hardware based ram encryption against physical
SMART_READER_LITE
LIVE PREVIEW

Exzess: Hardware-based RAM Encryption against Physical Memory - - PowerPoint PPT Presentation

May 20, 2023 139 likes •441 views

Exzess: Hardware-based RAM Encryption against Physical Memory Disclosure Alexander Wrstlein Michael Gernoth Johannes Gtzfried Tilo Mller This work was partly supported by the German Research Foundation (DFG) as part of the Transregional

slide-1
SLIDE 1

Exzess: Hardware-based RAM Encryption against Physical Memory Disclosure

Alexander Würstlein Michael Gernoth Johannes Götzfried Tilo Müller

This work was partly supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89).

2016-04-05

slide-2
SLIDE 2

The Problem

slide-3
SLIDE 3

The Problem: Cold Boot Attack

`

`

`

`

`

`

`

slide-4
SLIDE 4

Physical Memory Disclosure

remanence efgect

DRAM contents readable after power-down for a few minutes

RAM modules

  • 1. cooled down
  • 2. physically extracted
  • 3. contents copied

endangers:

in-use cryptographic keys (X.509, ssh) passwords full-disk-encryption keys

  • ther sensitive data

4

`

`

`

slide-5
SLIDE 5

Solutions

software-based attempts

slow:

disable caches expensively encrypt everything

limited:

  • nly protect one 128bit key
  • nly apply to certain types of secrets (e.g. FDE keys)

incompatible:

require extensive software changes

hardware-based attempts

embedded-only limited scope

  • nly for code signed & blessed by third party

5

128 cache cache

!

vendor

slide-6
SLIDE 6

Solutions

software-based attempts

slow:

disable caches expensively encrypt everything

limited:

  • nly protect one 128bit key
  • nly apply to certain types of secrets (e.g. FDE keys)

incompatible:

require extensive software changes

hardware-based attempts

embedded-only limited scope

  • nly for code signed & blessed by third party

5

128 cache cache

!

vendor

slide-7
SLIDE 7

Our Proposed Solution

Goals

work transparently multiple uses be fast hardened hardware

Means

⇒ memory as our interface ⇒ no painful size limitations ⇒ encrypt only important data ⇒ be tamper-proof & simple

6

slide-8
SLIDE 8

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-9
SLIDE 9

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-10
SLIDE 10

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-11
SLIDE 11

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-12
SLIDE 12

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-13
SLIDE 13

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-14
SLIDE 14

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-15
SLIDE 15

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-16
SLIDE 16

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-17
SLIDE 17

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-18
SLIDE 18

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-19
SLIDE 19

How?

CPU MMU RAM

read 0x4711 read 0x2311 data

Exzess PCI Express

read 0x4711 read 0x2311 read 0x9911 ebub

decrypt(ebub)=data

data

7

slide-20
SLIDE 20

The Exzess FPGA

applications

XOR “encryption” AES in CTR mode

  • thers possible

application interface

Wishbone to TLP interface

TLP generator

handles upper layers of PCIe protocol stack

PCI Endpoint

FPGA IP core

PCI Express Bus

PCIe PCIe EP TLP gen app intf app

FPGA RX TX TXN rx tx CFG MRd MWr CplD WishBone 8

slide-21
SLIDE 21

The Exzess FPGA

applications

XOR “encryption” AES in CTR mode

  • thers possible

application interface

Wishbone to TLP interface

TLP generator

handles upper layers of PCIe protocol stack

PCI Endpoint

FPGA IP core

PCI Express Bus

PCIe PCIe EP TLP gen app intf app

FPGA RX TX TXN rx tx CFG MRd MWr CplD WishBone 8

slide-22
SLIDE 22

The Exzess FPGA

applications

XOR “encryption” AES in CTR mode

  • thers possible

application interface

Wishbone to TLP interface

TLP generator

handles upper layers of PCIe protocol stack

PCI Endpoint

FPGA IP core

PCI Express Bus

PCIe PCIe EP TLP gen app intf app

FPGA RX TX TXN rx tx CFG MRd MWr CplD WishBone 8

slide-23
SLIDE 23

Application View

memory proxy

CPU issues write to memory chipset redirects write to device device encrypts data device issues write to memory

usage

mmap the device memory read & write as usual Exzess will transparently ...

encrypt decrypt use normal RAM as encrypted backend storage

9

slide-24
SLIDE 24

Application View

memory proxy

CPU issues write to memory chipset redirects write to device device encrypts data device issues write to memory

usage

mmap the device memory read & write as usual Exzess will transparently ...

encrypt decrypt use normal RAM as encrypted backend storage

9 1

char *p = secure_malloc(6);

2 3

strcpy(p, "stuff");

4

do_anything(p);

5 6

secure_free(p);

slide-25
SLIDE 25

Goals and Attacker Model

data in physical RAM is encrypted

even searching /dev/mem is futile

  • nly some data: non-secured applications without performance loss

large encryptable area: almost your whole RAM RAM extraction useless: also extract & read key from Exzess

improvements upon the prototype

FPGA might have: debug ports, emanations, ... hardening and tamper-proofjng: think HSM (Hardware Security Module)

10

slide-26
SLIDE 26

Performance Measurements of Prototype

XOR seq XOR rnd AES seq AES rnd 5 10 15 20 17.2 17.2 8.6 8.6 1.1 1.1 1.1 1.1 throughput [ MB

s

] write read Measurements on FPGA Prototype, not cached, 4-byte packets

11

slide-27
SLIDE 27

Performance Measurements of Prototype

XOR seq XOR rnd AES seq AES rnd 5 10 15 20 17.2 17.2 8.6 8.6 1.1 1.1 1.1 1.1 throughput [ MB

s

] write read Measurements on FPGA Prototype, not cached, 4-byte packets

11

slide-28
SLIDE 28

Future Work

integrate into LUKS, OpenSSL, SSH,... hardened hardware PCIe fjrewalling beyond encryption: memory proxy application for...

debugging data integrity checking redundancy and healing

12

slide-29
SLIDE 29

Conclusion

Exzess is a working prototype can solve cold-boot problem interesting concept, even beyond encryption encrypting memory proxy source code: https://www4.cs.fau.de/~arw/exzess/

13