Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3317549.3319721acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article
Public Access

Protecting mobile devices from physical memory attacks with targeted encryption

Published: 15 May 2019 Publication History

Abstract

Sensitive data in a process could be scattered over the memory of a computer system for a prolonged period of time. Unfortunately, DRAM chips were proven insecure in previous studies. The problem becomes worse in the mobile environment, in which users' smartphones are easily lost or stolen. The powered-on phones may contain sensitive data in the vulnerable DRAM chips. In this paper, we propose MemVault, a mechanism to protect sensitive data in Android devices against physical memory attacks. MemVault keeps track of the propagation of well-marked sensitive data sources, and selectively encrypts tainted sensitive memory contents in the DRAM chip. When a tainted object is accessed, MemVault redirects the access to the internal RAM (iRAM), where the cipher-text object is decrypted transparently. iRAM is a system-on-chip (SoC) component which is by nature immune to physical memory exploits. We have implemented a MemVault prototype system, and have evaluated it with extensive experiments. Our results validate that MemVault effectively eliminates the occurrences of clear-text sensitive objects in DRAM chips, and imposes acceptable overheads.

References

[1]
Android Developers. 2017. UI/Application Exerciser Monkey. (2017). https://developer.android.com/studio/test/monkey.html.
[2]
ARM Ltd. 2009. Security Technology Building a Secure System Using TrustZone Technology (white paper). (2009).
[3]
ARM Ltd. 2014. ARM Cortex-A57 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0488d/index.html.
[4]
ARM Ltd. 2019. The Arm System Memory Management Units. https://developer.arm.com/products/system-ip/system-controllers/system-memory-management-unit.
[5]
Ahmed M Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In ACM CCS'14, 2014. ACM, 90--102.
[6]
Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. 2004. Understanding data lifetime via whole system simulation. In USENIX Security Symposium.
[7]
Jim Chow, Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum. 2005. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In USENIX Security '05.
[8]
Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2015. Protecting Data on Smartphones and Tablets from Memory Attacks (ASPLOS '15). 177--189.
[9]
Consumer Reports. 2015. Smartphone thefts drop as kill switch usage grows. http://www.consumerreports.org/cro/news/2015/06/smartphone-thefts-on-the-decline/index.htm.
[10]
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones (OSDI'10).
[11]
EPN Solutions. 2017. Analysis tools for DDR1, DDR2, DDR3, embedded DDR and Fully Buffered DIMM modules. http://www.epnsolutions.net/ddr.html.
[12]
FuturePlus System. 2006. DDR2 800 bus analysis probe. http://www.futureplus.com/download/datasheet/fs2334_ds.pdf.
[13]
Google inc. 2017. Dalvik bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode.
[14]
Johannes Götzfried, Tilo Müller, Gabor Drescher, Stefan Nürnberger, and Michael Backes. {n. d.}. RamCrypt: Kernel-based Address Space Encryption for User-mode Processes (ASIA CCS '16). 6.
[15]
Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing, and Jing Wang. 2015. Protecting private keys against memory disclosure attacks using hardware transactional memory. In 2015 IEEE Symposium on Security and Privacy. IEEE, 3--19.
[16]
J. Götzfried and T. Müller. 2013. ARMORED: CPU-Bound Encryption for Android-Driven ARM Devices (ARES '13). 161--168.
[17]
J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J. Appelbaum, and E. Felten. 2008. Lest We Remember: Cold Boot Attacks on Encryption Keys. In 17th USENIX Security Symposium. 45--60.
[18]
Michael Henson and Stephen Taylor. 2013. Beyond full disk encryption: protection on security-enhanced commodity processors (ACNS '14). Springer, 307--321.
[19]
Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. 2015. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In 24th USENIX Security Symposium. USENIX Association, Washington, D.C., 977--992.
[20]
Google inc. 2017. Full-Disk Encryption. https://source.android.com/security/encryption/full-disk.
[21]
David Kaplan. 2016. AMD x86 Memory Encryption Technologies. USENIX Association, Austin, TX.
[22]
Vadim Kolontsov. 1996. Solaris (and others) ftpd core dump bug. http://insecure.org/sploits/ftpd.pasv.html.
[23]
Doug Lea and Wolfram Gloger. 1996. A memory allocator. http://g.oswego.edu/dl/html/malloc.html.
[24]
Lookout. 2014. Phone Theft in America: What really happens when your phone gets grabbed. https://blog.lookout.com/phone-theft-in-america.
[25]
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution (HASP '13). Article 10, 1 pages.
[26]
Tilo Müller and Michael Spreitzenbarth. 2013. FROST: Forensic Recovery of Scrambled Telephones (ACNS '13). 373--388.
[27]
Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, and XiaoFeng Wang. 2015. UIPicker: User-Input Privacy Identification in Mobile Applications. In 24th USENIX Security Symposium. Washington, D.C., 993--1008.
[28]
Panagiotis Papadopoulos, Giorgos Vasiliadis, Giorgos Christou, Evangelos Markatos, and Sotiris Ioannidis. 2017. No Sugar but all the Taste! Memory Encryption without Architectural Support (ESORICS '17). Springer, 362--380.
[29]
P. A. H. Peterson. 2010. Cryptkeeper: Improving security with encrypted RAM. In 2010 IEEE International Conference on Technologies for Homeland Security (HST).
[30]
Mingshen Sun, Tao Wei, and John C.S. Lui. 2016. TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime (CCS '16). 331--342.
[31]
Yang Tang, Phillip Ames, Sravan Bhamidipati, Ashish Bijlani, Roxana Geambasu, and Nikhil Sarda. 2012. CleanOS: Limiting Mobile Data Exposure with Idle Eviction (OSDI '12). USENIX, Hollywood, CA, 77--91.
[32]
Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures. Journal of Cryptology 23, 1 (01 Jan 2010), 37--71.
[33]
Yubin Xia, Yutao Liu, Cheng Tan, Mingyang Ma, Haibing Guan, Binyu Zang, and Haibo Chen. 2015. TinMan: Eliminating Confidential Mobile Data Exposure with Security Oriented Offloading (EuroSys '15). Article 27, 16 pages.
[34]
Z Yang. 2012. Powertutor-a power monitor for android-based mobile platforms. EECS, University of Michigan, retrieved September 2 (2012), 19.
[35]
N. Zhang, K. Sun, W. Lou, and Y. T. Hou. 2016. CaSE: Cache-Assisted Secure Execution on ARM Processors. In 2016 IEEE Symposium on Security and Privacy (SP). 72--90.

Cited By

View all
  • (2023)HuffDuff: Stealing Pruned DNNs from Sparse AcceleratorsProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3575693.3575738(385-399)Online publication date: 27-Jan-2023
  • (2022)Dracon: An Open-Hardware Based Platform for Single-Chip Low-Cost Reconfigurable IoT DevicesElectronics10.3390/electronics1113208011:13(2080)Online publication date: 2-Jul-2022
  • (2020)MemShield: GPU-Assisted Software Memory EncryptionApplied Cryptography and Network Security10.1007/978-3-030-57878-7_16(323-343)Online publication date: 29-Aug-2020

Index Terms

  1. Protecting mobile devices from physical memory attacks with targeted encryption

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks
      May 2019
      359 pages
      ISBN:9781450367264
      DOI:10.1145/3317549
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 15 May 2019

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. memory encryption
      2. physical attack
      3. taint analysis

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      WiSec '19
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 98 of 338 submissions, 29%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)251
      • Downloads (Last 6 weeks)15
      Reflects downloads up to 13 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2023)HuffDuff: Stealing Pruned DNNs from Sparse AcceleratorsProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3575693.3575738(385-399)Online publication date: 27-Jan-2023
      • (2022)Dracon: An Open-Hardware Based Platform for Single-Chip Low-Cost Reconfigurable IoT DevicesElectronics10.3390/electronics1113208011:13(2080)Online publication date: 2-Jul-2022
      • (2020)MemShield: GPU-Assisted Software Memory EncryptionApplied Cryptography and Network Security10.1007/978-3-030-57878-7_16(323-343)Online publication date: 29-Aug-2020

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Login options

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media