Skip to main content
SpringerLink
Log in

Exzess: Hardware-Based RAM Encryption Against Physical Memory Disclosure

  • Conference paper
Architecture of Computing Systems – ARCS 2016 (ARCS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9637))

Included in the following conference series:

Abstract

The main memory of today’s computers contains lots of sensitive data, in particular from applications that have been used recently. As data within RAM is stored in cleartext, it is exposed to attackers with physical access to a system. In this paper we introduce Exzess, a hardware-based mitigation against physical memory disclosure attacks such as, for example, cold boot and DMA attacks. Our FPGA-based prototype with accompanying software components demonstrates the viability, security and performance of our novel approach for partial main memory encryption via memory proxies. The memory proxy approach will be compared to other existing mitigation techniques and possible further uses beyond encryption will be discussed, as well. Exzess effectively protects against physical attacks on main memory while being transparent to applications and the operating system after initialization.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Becher, M., Dornseif, M., Klein, C.N.: FireWire - all your memory are belong to us. In: Proceedings of the Annual CanSecWest Applied Security Conference. Laboratory for Dependable Distributed Systems, RWTH Aachen University, Vancouver, British Columbia, Canada (2005)

    Google Scholar 

  2. Carrier, B.D., Grand, J.: A hardware-based memory acquisition procedure for digital investigations. Digit. Investig. 1(1), 50–60 (2004)

    Article  Google Scholar 

  3. Duc, G., Keryell, R.: Cryptopage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In: 22nd Annual Computer Security Applications Conference ACSAC 2006, Miami Beach, Florida, USA, 11–15 December, pp. 483–492 (2006)

    Google Scholar 

  4. Enterpoint Ltd.: Raggedstone 2 - Xilinx Spartan 6 FPGA Development Board, Manufacturer Website. http://www.enterpoint.co.uk/products/spartan-6-development-boards/raggedstone-2/

  5. Gruhn, M., Müller, T.: On the practicability of cold boot attacks. In: 2013 International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 2–6 September, pp. 390–397 (2013)

    Google Scholar 

  6. Gutmann, P.: Data remanence in semiconductor devices. In: 10th USENIX Security Symposium, Washington, D.C., USA, 13–17 August 2001 (2001)

    Google Scholar 

  7. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryptions keys. In: Proceedings of the 17th USENIX Security Symposium. Princeton University, USENIX Association, San Jose, CA, August 2008

    Google Scholar 

  8. Henson, M., Taylor, S.: Beyond full disk encryption: protection on security-enhanced commodity processors. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 307–321. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  9. Kurdziel, M., Lukowiak, M., Sanfilippo, M.: Minimizing performance overhead in memory encryption. J. Cryptographic Eng. 3(2), 129–138 (2013). http://dx.doi.org/10.1007/s13389-013-0047-5

    Article  Google Scholar 

  10. Peterson, P.: Cryptkeeper: Improving security with encrypted RAM. In: Technologies for Homeland Security (HST), pp. 120–126. IEEE, November 2010

    Google Scholar 

  11. Provos, N.: Encrypting virtual memory. In: 9th USENIX Security Symposium, Denver, Colorado, USA, 14–17 August 2000 (2000)

    Google Scholar 

  12. Satyanarayana, H.: AES128 Crypto Core in VHDL, licensed under LGPL (2004). http://opencores.org/project,aes_crypto_core

  13. Skorobogatov, S.: Data remanence in flash memory devices. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 339–353. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Acknowledgment

This work was partly supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89).

Author information

Authors and Affiliations

  1. Department of Computer Science, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), Erlangen, Germany

    Alexander Würstlein, Michael Gernoth, Johannes Götzfried & Tilo Müller

Authors
  1. Alexander Würstlein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Gernoth
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Johannes Götzfried
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tilo Müller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexander Würstlein .

Editor information

Editors and Affiliations

  1. Friedrich-Alexander University Erlangen-Nürnberg, Erlangen, Germany

    Frank Hannig

  2. Faculty of Engineering (FEUP), University of Porto, Porto, Portugal

    João M. P. Cardoso

  3. Universität zu Lübeck, Lübeck, Germany

    Thilo Pionteck

  4. Friedrich-Alexander University Erlangen-Nürnberg, Erlangen, Germany

    Dietmar Fey

  5. Friedrich-Alexander University Erlangen-Nürnberg, Erlangen, Germany

    Wolfgang Schröder-Preikschat

  6. Friedrich-Alexander University Erlangen-Nürnberg, Erlangen, Germany

    Jürgen Teich

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Würstlein, A., Gernoth, M., Götzfried, J., Müller, T. (2016). Exzess: Hardware-Based RAM Encryption Against Physical Memory Disclosure. In: Hannig, F., Cardoso, J.M.P., Pionteck, T., Fey, D., Schröder-Preikschat, W., Teich, J. (eds) Architecture of Computing Systems – ARCS 2016. ARCS 2016. Lecture Notes in Computer Science(), vol 9637. Springer, Cham. https://doi.org/10.1007/978-3-319-30695-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30695-7_5

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30694-0

  • Online ISBN: 978-3-319-30695-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation