Securing computer memory against attacks

High-profile holders of secrets are at risk of losing their data protection to attacks on computer memory. Smartphone, tablets, PCs – all these devices can be hacked. The problem has been known for long, and yet is still acute. The group of Professor Kaveh Razavi offers a design solution for future generations of computer memory modules.

DRAM
DRAM (Dynamic Random Access Memory) modules are the target of Rowhammer attacks.

Are computer manufacturers aware of the security gap?

Razavi: The vulnerable computer memory is the DRAM (Dynamic Random Access Memory). The manufacturers of the DRAM are aware of the attacks on it. So far, the vendor strategy has been security-by-obscurity. This means vendors keep their defense mechanisms secret hoping that by obscuring how their DRAM works, no one may find the weak spot.

We show, however, that the current security solutions implemented by the manufacturers do not withstand sophisticated attacks. Patrick Jattke, my PhD student, wrote “Blacksmith”, a software that finds sophisticated ways of performing the Rowhammer attack (see technical information on Rowhammer below). Patrick successfully compromised all 40 different DRAM modules in our test pool. This is a serious security issue for which the Swiss National Cyber Security Centre (NCSC) has issued a Common Vulnerabilities and Exposures (CVE) number on our findings.

Patrick Jattke
Patrick Jattke at his test-rig which allows him to first reverse-engineer a DRAM chip and then hack into it with his software algorithm “Blacksmith”.

Who are the hackers and who are the targets?

Razavi: Rowhammer attacks are elaborate. The hackers are most likely powerful organisations and the targets are high-profile holders of secrets. So, if bankers or government officials store sensitive information on their smartphones, this information can be at risk despite industry’s best security practices. However, this does not necessarily mean that everyone else is secure. As the DRAM technology moves forward, it becomes even more vulnerable to Rowhammer, because the trend of miniaturization in computer memory plays into the vulnerability that Rowhammer exploits.

Do the hackers need physical access to the device?

Razavi: No. And this makes it the more dangerous. We simulated attacks on computers that are not within our physical reach. We do it all remotely via the Web.

What solution do you offer?

Razavi: Michele Marazzi, another PhD student in the Computer Security Group, has designed an on-chip solution named ProTRR, which protects DRAM from Rowhammer. ProTRR is an extension of the existing DRAM architecture. ETH Zurich applied for a patent on this technology, which is the first step in offering our solution to the market.

Team
Michele Marazzi and Kaveh Razavi are the inventors of a secure in-DRAM Rowhammer mitigation (ProTRR).

The Rowhammer attack

Rowhammer is a well-known security vulnerability affecting dynamic random-access memory (DRAM). In DRAM, each bit of information is stored in a separate memory cell comprising a capacitor and an access transistor. The memory cells are arranged in matrices having rows and columns. The capacitors in DRAM have a natural discharge rate, requiring periodic refreshes of all memory cells to keep stored information intact.

The activation of an “aggressor” memory row can — due to its physical proximity— affect the charge status in neighbouring “victim” rows. If activated (“hammered”) often enough, the aggressor row can flip the stored bit in a neighbouring victim row, thus, compromising its data.

Contact/Links:

Prof. Kaveh Razavi, Computer Security Group

Computer Security Group, “ProTRR: Principled yet Optimal In-DRAM Target Row Refresh”

Computer Security Group, “Blacksmith”

ETH news, “Serious security vulnerabilities in computer memories”

external page Common Vulnerabilities and Exposures

Do you want to get more "News for Industry" stories?

Subscribe to our newsletter

external page Follow us on LinkedIn

Are you looking for research partners at ETH Zurich?

Contact ETH Industry Relations

JavaScript has been disabled in your browser