Hardware Level Security
In this week’s lecture, Dr. Stephen Herrod mentioned the importance of cyber-security. Data storage is sensitive, and security of that data is very important. In addition, more and more data is being stored online including health records, etc. Stephen also mentioned how cyber attacks are becoming more sophisticated by using massive public cloud resources, hijacking the internet of things to create bot-nets, and attacking VMs directly. However, to fight these increasingly complex attacks, security teams are getting more creative with solutions including self-protecting applications, isolation and prevention, and user behavioral analysis. However, one unmentioned form of attack is hardware/firmware level attack and the solutions to prevent these low-level attacks we need security at a hardware level.
Row Hammer Attack
One form of hardware level attack is called a row hammer attack in which the physical DRAM chip is subject to unwanted change. In a row hammer attack, certain bits are targeted for multiple writes in order to cause a bit flip in a “victim” location which should not be accessible by the user. Google’s “Project Zero” aimed to bring to light the potential issues that can be caused by row hammer attacks, and also test how susceptible different systems can be. According to Google’s own Project Zero blog, “one exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.” [https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html]. Toggling even one bit can give the attacker access to the entire machine by changing permissions or giving access to physical memory locations that are privileged. The effort taken by Google to determine the extent of possible negative effects and the systems that may be vulnerable is monumental in tackling these complex attacks and finding solutions.
Hardware Solutions
Non-volatile storage is also a target of attacks since malicious code can be embedded into the underlying hardware where critical code is stored. Therefore, monitoring the underlying storage in a device is critical for identifying device health. In an age where IOT is becoming increasingly prevalent, and the amount of devices being connected to the network is increasing exponentially, device security is more important than ever. This is why Micron and Microsoft Azure worked together to embed security features into NAND Flash chips. According to a press release given by both companies, “the new solution utilizes a hardware ‘root of trust’ integrated into Micron’s flash memory in the IoT device along with the Microsoft Azure IoT cloud to establish a strong trusted link between that IoT device and the cloud.” Bot-nets were discussed in lecture this week, and the ability to leverage many connected devices to run distributed code across platforms can have devastating effects. Also, attacking one device can give access to many other devices connected to the same network. An example given in lecture was gaining access to an old router running legacy software could give access to every device connected to it. This is why Microsoft Azure and Micron made it possible to create a secure channel between the cloud and the device, and ensure only trusted hardware can access the cloud. Embedding security solutions into device hardware can allow for smart device monitoring and can deflect potential attacks.
Conclusion
Technology advances rapidly and allows many new challenges to be solved, however, attackers are advancing at the same rate and attacks are becoming increasingly complex. As attackers become more savvy to the underlying hardware architectures, deflection at a software level is not sufficient, and every aspect must be thought of in terms of security. Hardware manufacturers must become savvy to potential attacks and embed security into their new solutions to prevent, detect, and deflect security risks.
4 comments on “Hardware Level Security”
Comments are closed.
MS&E 238A
Thank you for such a thorough analysis of the future of cyber attacks. You had describe the other aspect of cyber attacks – Hardware attacks. I do agree that on the software level, we need a self-adaptive defense mechanism that can learn to defend itself against threats, and on the hardware level, we need to create a more secure communication network and protocol that could fight against incoming threats. As a normal consumer, are there proactive measures that they can protect their machines and computers from these low-level attacks?
Users who have LIKED this comment:
Thanks for your reply Ho! I’m sure there are some methods for consumer level protection, but it is important to note not all systems are susceptible to the same attacks. In Google’s blog post, they also mention some mitigation against row-hammer attacks, and even an increased refresh rate of the DRAM chip will inhibit the attacks!
Great post Ajit, the dynamic nature of software makes it an obvious focal point for both attacks and patches but it does seem to mean that we often overlook the hardware when it comes to security. While unfortunate it seems understandable as the concept to product timeline for hardware when compared to software is so long. Similar to how the infrastructure at AT&T must be planned out well ahead of time, so must any security architecture in the next generation of hardware.
The other issue is that many customers and applications don’t have the same security requirements, and so adding the extra features at the cost of man power and complexity may be enough to push the product into a different price range. I would imagine that this is a large part of what drives software as the main focus of security as it can be tailored and allows hardware to remain more generic and command larger markets.
That said, the current security climate may be enough to change this trend. There are certainly a number of intriguing research projects and as security concerns become more mainstream and safety measures more widely sought after things like the below example of dynamic information flow tracking may become worthwhile to implement in hardware
http://csg.csail.mit.edu/pubs/memos/Memo-467/memo-467.pdf
http://homepages.inf.ed.ac.uk/vnagaraj/papers/interact08.pdf
Users who have LIKED this comment:
Great post, Ajit, and definitely in line with state-of-the-art. One interesting development that supports your observations, perhaps not widely known, is that Apple, when implementing TouchID on iPhone 5s, introduced a hardware-level secure enclave, enabled by their A7 chipset (produced by ARM), to support TouchID, encrypted passcode, and other features. This is been incorporated in subsequent iPhone designs as well as additions in iOS to complement/further utility. The following is a good article about secure enclave and why it matters to users:
https://www.quora.com/What-is-Apple’s-new-Secure-Enclave-and-why-is-it-important.
I thought Dr. Herrod’s comments regarding WiFi routers from ISP’s was also apropos. My experience with most of them is that they are ISP owned and “managed devices” when it comes to firmware and patching, and one is advised to use one’s own access points downstream and employ firewall, port scan and VPN capability as a means of additional protection. Security hygiene is definitely an issue, as an unsophisticated user can still gain access to a home WiFi network easily enough if the homeowner doesn’t clean up manufacturer default passwords for administrative accounts.