protecting mobile devices from physical memory attacks
play

Protecting Mobile Devices from Physical Memory Attacks with - PowerPoint PPT Presentation

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, and Bo Luo Why do Physical-space Threats Concern for SmartPhones? Why do Physical-space Threats


  1. Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, and Bo Luo

  2. Why do Physical-space Threats Concern for SmartPhones?

  3. Why do Physical-space Threats Concern for SmartPhones? • Smartphones are easy to be lost or stolen • Powered-on smartphones run hundreds of background apps • Once stolen/lost, attackers physically possess the smartphones and sensitive data retain on the phone • Password, bank account, health data, etc. https://patriotpower.ogsd.net/2650/news/the-lost-phone-retriever/

  4. Why do Physical-space Threats Concern for SmartPhones? • Smartphones are easy to be lost or stolen • Powered-on smartphones run hundreds of background apps • Once stolen/lost, attackers physically possess the smartphones and sensitive data retain on the phone • Password, bank account, health data, etc. https://www.theexplode.com/stolen-phone-by-imei-number/

  5. Why do Physical-space Threats Concern for SmartPhones? • Smartphones are easy to be lost or stolen • Powered-on smartphones run hundreds of background apps • Once stolen/lost, attackers physically possess the smartphones and sensitive data retain on the phone • Password, bank account, health data, etc.

  6. Why do Physical-space Threats Concern for SmartPhones? • Smartphones are easy to be lost or stolen • Powered-on smartphones run hundreds of background apps • Once stolen/lost, attackers physically possess the smartphones and sensitive data retain on the phone • Password, bank account, health data, etc.

  7. Why do Physical-space Threats Concern for SmartPhones? • Smartphones are easy to be lost or stolen • Powered-on smartphones run hundreds of background apps • Once stolen/lost, attackers physically possess the smartphones and sensitive data retain on the phone • Password, bank account, health data, etc.

  8. DRAM is a Low-hanging Fruit for Attackers Processor Core Logic Instruction Data Cache Cache Bus On-Chip External RAM Controller RAM/iRAM Off-Chip Off-Chip ROM DRAM

  9. DRAM is a Low-hanging Fruit for Attackers Processor Core Logic Instruction Data Cache Cache Bus On-Chip External RAM Controller RAM/iRAM Off-Chip Off-Chip ROM DRAM

  10. DRAM is a Low-hanging Fruit for Attackers Processor Core Logic Instruction Data Cache Cache Bus On-Chip External RAM Controller RAM/iRAM Off-Chip Off-Chip ROM DRAM

  11. DRAM is a Low-hanging Fruit for Attackers Processor Core Logic Instruction Data Cache Cache Bus On-Chip External RAM Controller RAM/iRAM Off-Chip Off-Chip ROM DRAM

  12. DRAM is a Low-hanging Fruit for Attackers • When the smartphone is locked, Processor how can an attacker extract Core Logic sensitive data? Instruction • Modern smartphones enforce Data Cache Cache full disk encryption Bus • Off-chip DRAM is problematic! On-Chip External RAM Controller RAM/iRAM Off-Chip Off-Chip ROM DRAM

  13. DRAM is a Low-hanging Fruit for Attackers • When the smartphone is locked, Processor how can an attacker extract Core Logic sensitive data? Instruction • Modern smartphones enforce Data Cache Cache full disk encryption Bus • Off-chip DRAM is problematic! On-Chip External RAM Controller RAM/iRAM Off-Chip Off-Chip ROM DRAM

  14. Attacks to DRAM

  15. Attacks to DRAM

  16. Attacks to DRAM • DDR bus monitoring • Cold boot attack

  17. Attacks to DRAM • DDR bus monitoring • Cold boot attack https://www.futureplus.com

  18. Attacks to DRAM • DDR bus monitoring • Cold boot attack https://www1.informatik.uni-erlangen.de/frost

  19. MemVault – Memory Vault • Avoid using DRAM to store cleartext Processor sensitive data Core Logic Instruction Data Cache Cache Immunity to Capacity Controllability Intrusiveness Physical Attacks ✓ OCRAM ~ 128 - 256 KB Memory Not in used On-Chip External RAM /iRAM Mapped after booting RAM/iRAM Controller ✓ Cache ~ 1 MB Transparent Always in used Off-Chip Off-Chip ROM DRAM

  20. Why OCRAM/iRAM is immune to Physical Attacks? • DDR bus monitoring • No external pins • Cold boot attack • Attacker cannot remove OCRAM/iRAM and install it to another machine • SoC bootup code is mandatory for SoC to reboot • The code clears OCRAM/iRAM automatically

  21. Questions to Answer • iRAM has limited size • Encrypt data on DRAM • Leave “hot” data in cleartext in iRAM • Performance overhead • Only encrypt sensitive data • How to determine sensitive data? • Let developers tell us • Developers cannot tell if intermediate results are sensitive • Taint analysis based on TaintDroid • Developers only determine the taint source

  22. MemVault – Overview Stack Tainted Dummy Frames Object Stack Frame DRAM DRAM iRAM Vault T1 T1 S S S T2 T2 T2 Untainted Taint Encrypted Source Object Object

  23. MemVault – Stack Protection • Local variables on the 0xFFFFFFFF interpreter stack Grow Downwards Stack Frame 0 Stack Frame 1 • If a variable is tainted, the stack frame is moved to iRAM • No tainted value is ever written Stack Frame 1 to the original stack frame • New stack frame in iRAM has a Current Frame Pointer (FP) 0x00000000 pointer to track the origin stack frame for stack maintenance

  24. MemVault – Object Protection • A trampoline for each object • If pointer to trampoline is NULL, the object is never tainted • If the trampoline pointer is non- NULL, the object might be tainted and the object is encrypted • If iramObj is null, the encrypted object is decrypted to iRAM • If iramObj is non-null, the cleartext object is directly addressable • Next and previous for LRU Object in the DRAM Trampoline Object in the iRAM • iRAM has limited space • Cleartext references for GC

  25. Key Management • Key is randomly generated per app • AES in CTR mode • Virtual address of the object is used as IV • Key and key schedules are also kept in iRAM • Key is discarded when the app terminates

  26. Implementation • On top of TaintDroid (port to Android 4.4.3) • Encryption/decryption is implemented as a redirection layer of the interpreter Instruction Format Instruction Semantics Instrumentation move-op-R vA vA ← R S_DS & S_IS iget-op vA vB fC vA ← vB(fC) R & S_DS & S_IS … … … S_IS: Switch to iRAM stack, if working on DRAM stack and the resulting stack is tainted S_DS: Switch to DRAM stack, if working on iRAM stack and the resulting stack is untainted R: Redirect object access if necessary

  27. Evaluation • WordPress • Password • BankDroid private synchronized void loadAccount(Preferences preferences) { • Account Number Storage storage = preferences.getStorage(); • Password mStoreUri = Base64.decode(storage.getString(mUuid + • KeePass ".storeUri", null)); + MemVault.addTaintArray(mStoreUri); • MasterKey ... • Password } • K-9 email client Code snippet of K-9 email client • Password • Email

  28. Net CPU LCD Evaluation - Performance 600 Power Consumption (Joules/hour) 500 400 300 WordPress BankDroid KeePass K-9 200 Android 985 239 79 269 100 TaintDroid 1001 247 82 277 0 MemVault 1008 248 83 277 d d t d d t d d t d d t l l l l i i u i i u i i u i i u o o o o o o o o a a a a r r r r r r r r V V V V d D d D d D d D n n n n t m t m t m t m A n A n A n A n i e i e i e i e a a a a M M M M T T T T App Start Time (in ms) KeePass K-9 WordPress BankDroid TaintDroid + 18.8% MemVault + 37.2 % Additional Power Consumption

  29. Comparison with Existing Memory Encryption Solutions Architecture Software Granularity Code Memory Overhead Environment Modification Limitation ✓ Cryptkeeper x86 Linux 4 KB None 1.09x ∼ 9.00x ✓ RamCrypt x86 Linux 4 KB None 1.25x ∼ 2.70x ✓ Bear ARM Micro-Kernel 16B ~ 128 KB Significant 1.50x ∼ 3.40x ✓ Esorics’17 x86 Linux 16 B None/Significa 1.17x ∼ 10.00x+ nt Case ARM Slef-contained Whole app Significant 32 KB 1.03x ✓ Sentry ARM Android 4 KB None 1.48x ∼ 2.74x ✓ MemVault ARM Android Object Trivial 1.37x

  30. Conclusion • MemVault is able to minimize the exposure of sensitive data in DRAM • MemVault only needs minor modifications to the source code • MemVault selectively encrypts sensitive data to improve performance • Limitations • MemVault only protects data within Dalvik virtual machine • E.g., the buffer of the touchscreen driver cannot be protected • TaintDroid has false negative • Future direction • Chip level full memory encryption (like Intel SGX or AMD SME)

  31. Thanks! leguan@cs.uga.edu

Recommend


More recommend