TY - GEN
T1 - Fault attacks on encrypted general purpose compute platforms
AU - Buhren, Robert
AU - Gueron, Shay
AU - Nordholz, Jan
AU - Seifert, Jean Pierre
AU - Vetter, Julian
N1 - Publisher Copyright: © 2017 ACM.
PY - 2017/3/22
Y1 - 2017/3/22
N2 - Adversaries with physical access to a target platform can perform cold boot or DMA attacks to extract sensitive data from the RAM. To prevent such attacks, hardware vendors announced respective processor extensions. AMD's extension SME will provide means to encrypt the RAM to protect security-relevant assets that reside there. The encryption will protect the user's content against passive eavesdropping. However, the level of protection it provides in scenarios that involve an adversary who cannot only read from RAM but also change content in RAM is less clear. This paper addresses the open research question whether encryption alone is a dependable protection mechanism in practice when considering an active adversary. To this end, we first build a software based memory encryption solution on a desktop system which mimics AMD's SME. Subsequently, we demonstrate a proof-of-concept fault attack on this system, by which we are able to extract the private RSA key of a GnuPG user. Our work suggests that transparent memory encryption is not enough to prevent active attacks.
AB - Adversaries with physical access to a target platform can perform cold boot or DMA attacks to extract sensitive data from the RAM. To prevent such attacks, hardware vendors announced respective processor extensions. AMD's extension SME will provide means to encrypt the RAM to protect security-relevant assets that reside there. The encryption will protect the user's content against passive eavesdropping. However, the level of protection it provides in scenarios that involve an adversary who cannot only read from RAM but also change content in RAM is less clear. This paper addresses the open research question whether encryption alone is a dependable protection mechanism in practice when considering an active adversary. To this end, we first build a software based memory encryption solution on a desktop system which mimics AMD's SME. Subsequently, we demonstrate a proof-of-concept fault attack on this system, by which we are able to extract the private RSA key of a GnuPG user. Our work suggests that transparent memory encryption is not enough to prevent active attacks.
KW - Fault injection
KW - Main memory encryption
UR - http://www.scopus.com/inward/record.url?scp=85018469200&partnerID=8YFLogxK
U2 - 10.1145/3029806:3029836
DO - 10.1145/3029806:3029836
M3 - Conference contribution
T3 - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
SP - 197
EP - 204
BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
T2 - 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
Y2 - 22 March 2017 through 24 March 2017
ER -