An official website of the United States government
Rowhammer is a hardware vulnerability in DDR memory by which attackers can perform specific access patterns in their own memory to flip bits in adjacent, uncontrolled rows with- out accessing them. Since its discovery by Kim et. al. (ISCA 2014), Rowhammer attacks have emerged as an alarming threat to numerous security mechanisms. In this paper, we show that Rowhammer attacks can in fact be more effective when combined with bank-level parallelism, a technique in which the attacker hammers multiple memory banks simultaneously. This allows us to increase the amount of Rowhammer-induced flips 7-fold and significantly speed up prior Rowhammer attacks relying on native code execution. Furthermore, we tackle the task of mounting browser-based Rowhammer attacks. Here, we develop a self-evicting ver- sion of multi-bank hammering, allowing us to replace clflush instructions with cache evictions. We then develop a novel method for detecting contiguous physical addresses using memory access timings, thereby obviating the need for trans- parent huge pages. Finally, by combining both techniques, we are the first, to our knowledge, to obtain Rowhammer bit flips on DDR4 memory from the Chrome and Firefox browsers running on default Linux configurations, without enabling transparent huge pages.
more »
« less
Intrinsic Rowhammer PUFs: Leveraging the Rowhammer effect for improved security
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules - the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context - to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.
more »
« less
- Award ID(s):
- 1651945
- PAR ID:
- 10055625
- Date Published:
- Journal Name:
- Hardware Oriented Security and Trust
- Page Range / eLocation ID:
- 1 to 7
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Physical Unclonable Functions (PUFs) leverage manufacturing process imperfections that cause propagation delay discrepancies for the signals traveling along these paths. While PUFs can be used for device authentication and chip-specific key generation, strong PUFs have been shown to be vulnerable to machine learning modeling attacks. Although there is an impression that combinational circuits must be designed without any loops, cyclic combinational circuits have been shown to increase design security against hardware intellectual property theft. In this paper, we introduce feedback signals into traditional delay-based PUF designs such as arbiter PUF, ring oscillator PUF, and butterfly PUF to give them a wider range of possible output behaviors and thus an edge against modeling attacks. Based on our analysis, cyclic PUFs produce responses that can be binary, steady-state, oscillating, or pseudo-random under fixed challenges. The proposed cyclic PUFs are implemented in field programmable gate arrays, and their power and area overhead, in addition to functional metrics, are reported compared with their traditional counterparts. The security gain of the proposed cyclic PUFs is also shown against state-of-the-art attacks.more » « less
-
Physical Unclonable Functions (PUFs) are widely researched in the field of security because of their unique, robust, and reliable nature, PUFs are considered device-specific root keys that are hard to duplicate. There are many variants of PUFs that are being studied and implemented including hardware and software PUFs. Though PUFs are believed to be secure and reliable, they are not without challenges of their own. The efficient performance of PUF depends on various environmental factors, which leads to inefficiency. Bit flipping is one such problem that can bring down the reliability of the PUF. Memory-based PUFs are prone to unavoidable bit flips occurring in the hardware, similarly, sensor-based PUFs are prone to bit flips occurring due to temperature variation. The number of errors in the PUF response must be minimized to improve the reliability of the PUF in security applications. In this research we explore the Machine Learning (ML) model based on K-mer sequencing to detect and correct the bit flips in the PUFs, hence fortifying the PUF-based secure authentication system for authentication and authorization of Edge Data Centers (EDC) in a Collaborative Edge Computing (CEC) Environment.more » « less
-
Over the past decades, the major objectives of computer design have been to improve performance and to reduce cost, energy consumption, and size, while security has remained a secondary concern. Meanwhile, malicious attacks have rapidly grown as the number of Internet-connected devices, ranging from personal smart embedded systems to large cloud servers, have been increasing. Traditional antivirus software cannot keep up with the increasing incidence of these attacks, especially for exploits targeting hardware design vulnerabilities. For example, as DRAM process technology scales down, it becomes easier for DRAM cells to electrically interact with each other. For instance, in Rowhammer attacks, it is possible to corrupt data in nearby rows by reading the same row in DRAM. As Rowhammer exploits a computer hardware weakness, no software patch can completely fix the problem. Similarly, there is no efficient software mitigation to the recently reported attack Spectre. The attack exploits microarchitectural design vulnerabilities to leak protected data through side channels. In general, completely fixing hardware-level vulnerabilities would require a redesign of the hardware which cannot be backported. In this paper, we demonstrate that by monitoring deviations in microarchitectural events such as cache misses, branch mispredictions from existing CPU performance counters, hardware-level attacks such as Rowhammer and Spectre can be efficiently detected during runtime with promising accuracy and reasonable performance overhead using various machine learning classifiers.more » « less
-
Internet of Things (IoT) devices are mostly small and operate wirelessly on limited battery supply, and therefore have stringent constraints on power consumption and hardware resources. Therefore, energy-efficient (low energy) design is paramount for the successful deployment of resource constrained IoT devices. Further, Physical Unclonable Functions (PUFs) have evolved as a popular hardware security primitive for low cost, mass produced IoT devices with very constrained resources. Energy harvesting technologies utilizing solar cells are being used in ultra-low power IoT devices to satisfy the energy requirement. In this paper, we utilize the intrinsic variations in solar cells to design a novel solar cell based PUF. As a proof of concept, we have used the Tiva TM4C123GH6PM microcontroller to build our solar cell based PUF. From our experiments, we found that the proposed solar cell based PUF has the uniformity value of 49.21% which is close to the ideal value of 50%. Further, the proposed solar cell based PUF has worst case reliabilities of 92.97% and 90.62% with variations in temperature and light intensity, respectively.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/HST.2017.7951729
