[content] => 
    [params] => Array
            [0] => /forum/index.php?threads/secure-ddr-dram-against-rowhammer-rambleed-and-cold-boot-attacks.17986/

    [addOns] => Array
            [DL6/MLTP] => 13
            [Hampel/TimeZoneDebug] => 1000070
            [SV/ChangePostDate] => 2010200
            [SemiWiki/Newsletter] => 1000010
            [SemiWiki/WPMenu] => 1000010
            [SemiWiki/XPressExtend] => 1000010
            [ThemeHouse/XLink] => 1000970
            [ThemeHouse/XPress] => 1010570
            [XF] => 2021370
            [XFI] => 1050270

    [wordpress] => /var/www/html

Secure DDR DRAM Against Rowhammer, RAMBleed, and Cold-Boot Attacks

By: Dana Neustadter, Synopsys Director of Product Management for Security Solutions

High-bandwidth interfaces such as DDR are proliferating, and their speeds continue to grow from generation to generation. If you want to protect your data, one of the key areas to secure is your off-chip dynamic random-access memory (DRAM).
DRAM vulnerabilities can be exploited in real-world scenarios, and it’s important to protect against attacks such as Rowhammer, RAMbleed, and cold-boot attacks to keep bad actors from reading or corrupting data, or from retrieving cryptographic keys, which are fundamental to security. Since information is moving faster, systems are getting more complex, and the stakes are getting higher all the time, securing data should not be an afterthought but an integral part of hardware design.

Here are a few examples of DRAM-specific vulnerabilities:
  1. 1. Rowhammer: Attackers who employ a Rowhammer strategy have the intention of modifying or corrupting data. Rowhammer attacks read data in a memory row repeatedly at high speed, causing it to flip the bits (from 1 to 0 or 0 to 1) in the page table entries of adjacent rows. In this way, attackers can gain read-write access to the entire physical memory, according to the Project Zero team at Google. As DRAM chips continue to shrink, they become even more vulnerable to this type of attack because transistors are packed more densely together, increasing the risk of spillover during such an attack.
  2. 2. RAMBleed: RAMBleed is used for stealing data as it moves across systems. RAMBleed uses the same principles as the Rowhammer attack but it reads the information instead of modifying it, threatening the confidentiality of the data stored in memory. By using RAMBleed, attackers can extract information from the DRAM.
  3. 3. Cold-boot attacks: Attackers in this case have physical access to your system. They can use their access to do a hard reset on a specific system, access pre-boot physical memory data to retrieve encryption keys, and wreak havoc.
Safeguard Your Memory Interfaces by Design
Memory and storage security protects storage resources and their stored data, both in on-premise and external cloud data centers. As the need for higher capacity, faster access, and accelerated processing increases, designers are turning to high-performance, low-latency memory encryption solutions to preserve performance while protecting data over the latest generations of DDR, LPDDR, GDDR, and HBM memory interfaces.

Error correction code (ECC) used to be a popular protection mitigation strategy, but it only provides a limited level of resilience. ECC does not provide security as it leaves more vulnerabilities to undetected corruption, making it a naive approach to integrity protection for memories. Designers would often use ECC as a stopgap before adopting proper cryptographic algorithms.

The best approach to safeguard memory interfaces is to address the confidentiality and integrity of the data by design, with standards-based cryptography. For example, by using AES-XTS encryption for data confidentiality, Rowhammer attacks can be prevented. While parity/ECC can catch 1- or 2-bit flips, encryption covers all the bits. With encryption, the data written to memories looks more like random data, and it will be nearly impossible to create Rowhammer patterns. Memory encryption and proper refresh of keys also protect against RAMBleed and cold-boot attacks. In addition to data confidentiality, security can be augmented with data authenticity that can be addressed by using strategies such as cryptographic hashing algorithms to ensure that data has not been modified by malicious actors.

Making security part of your DDR interface design from the get-go is not without its challenges. Security must be done right because one weak link can compromise the system and data. For example, it is critical for keys to be generated and managed in a trusted/secure area of the SoC and distributed via dedicated channels to the encryption module. Readback protection of keys and control configuration also need to be part of the overall security architecture.

Another challenge is that memory encryption comes with a cost, including overhead that will impact power, performance, area (PPA), and latency. Your challenge is making your DDR interface design secure, standards-compliant, and highly optimal.

We’ve witnessed rapid adoption of integrity and data encryption (IDE) security for PCI Express® (PCIe®) and Compute Express Link (CXL) interfaces, and now we are seeing a similar trajectory in memory interfaces, such as DDR and LPDDR. Since technology is ever-changing—criminals get smarter in their approaches, as the engineers design smarter solutions—whatever security strategy you choose, should enable ongoing adaptation to an evolving threat ecosystem.

Here are some strategies to help you get started to secure the DDR interfaces in your SoC:
  1. 1. Design a secure infrastructure foundation, including the control plane for authentication and key management, and the data plane for data encryption and integrity.
  2. 2. Comply with standards. For memory, data confidentiality leverages standards-based cryptographic algorithms, like AES-XTS with all key sizes, as defined by NIST SP800-38E.
  3. 3. Implement highly optimal solutions that can scale efficiently to support the latest bandwidths required for memory interfaces. Leverage pipelined architectures, with efficient tweak calculation, key refresh, and low latency. Consider optimization options, such as running multiple AES rounds in a cycle and using specific AES S-box implementations for more optimal area or maximum frequency.
  4. 4. Support per-region encryption/decryption to provide flexibility for various use cases.
  5. 5. Employ key generation and management in a secure environment. Memory encryption solutions require the control plane component for authentication and management. Typically, this is addressed by a secure enclave with root of trust. It needs to be adaptable via firmware updates to help future-proof your key management strategy, including potential algorithm changes.
One solution you might employ to secure DRAM data is to key encrypt the data before sending it to the DDR controller. However, this is not ideal as the encryption block must manage many actions to ensure that the packets are properly sized. For example, an application writes one byte of memory – the encryption block will need to read that memory location, merge in the newly written byte, and finally write it back to the memory. The farther away the encryption is from the memory, the more you must manage. This will impact your performance budget—a costly proposition for your memory bandwidth—and you must watch out for degradation because you are moving the data across the SoC.
The optimal solution is to tightly couple the encryption/decryption inside your DDR or LPDDR controller, allowing for maximum efficiency of the memory and the lowest overall latency. The controller is as close to the memory as you can get.

The Complete Synopsys IME Security Module for DDR/LPDDR to Protect Data
The Synopsys Inline Memory Encryption (IME) Security Module for DDR/LPDDR helps ensure the confidentiality of data in use through memory interfaces or stored in off-chip memory. It is a standards-compliant, certification-ready, out-of-the-box solution based on the AES-XTS algorithm, enabling highly efficient throughput for memory controllers, including Synopsys DDR5 or LPDDR5 Controllers. It supports all key sizes of the AES-XTS, including 128-bit, 256-bit keys with support for scalable 128-bit, 256-bit, and 512-bit data paths. The IME Security Module gives you per-region memory protection through per-address or sideband key selection, with very low latency, and can be tuned for particular applications with optimal PPA. Memory encryption is enabled inside our Synopsys DDR5 and LPDDR5 Controllers, saving your performance budget for better use, and delivering the lowest latency in the industry. As our world operates ever more frequently in the cloud, there is greater demand for more virtualization, which must be reflected in your memory protection. The Synopsys IME Security Module allows for managing data protection in various regions, initiated from different virtual environments. It is well suited for supporting a variety of cloud computing virtualization environments.

For more information visit Security Solutions for Interfaces