Blinded random corruption attacks

Rodrigo Branco, Shay Gueron

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

An attacker who has physical access to a computing platform, and the means to read and modify the memory contents, can be a serious security threat. The ability to passively read memory compromises secrets that reside thereon, and the ability to actively modify memory can be used for circumventing the platform's policy/security mechanisms. Blocking arbitrary memory access mitigates such risks, but this is not always enforceable or desirable. Memory integrity mechanisms detect active tampering, and memory encryption protects data confidentiality. As a byproduct, encryption also diminishes the precision of active attacks, because it limits the attacker to only Blinded Random Block Corruption (BRBC) attacks. He can modify some unknown value (ciphertext) on the memory in an attempt to leverage the consequences that would occur when the CPU ends up using a randomly corrupted block of (decrypted) data. It is therefore tempting to hope that encryption-only is a practical defense against an active attacker, although it provides no theoretical promise for integrity. This paper argues that an attacker with arbitrary memory capabilities can succeed with BRBC attacks if the memory does not have integrity protection. Under such assumptions, we demonstrate a BRBC attack that gains administrator privileges on a locked system. This articulates the value of protecting memory integrity in cases that the system cannot deny arbitrary memory access from the potential attacker.

Original languageEnglish
Title of host publicationProceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages85-90
Number of pages6
ISBN (Electronic)9781467388252
DOIs
StatePublished - 20 Jun 2016
Event2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016 - McLean, United States
Duration: 3 May 20165 May 2016

Publication series

NameProceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016

Conference

Conference2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
Country/TerritoryUnited States
CityMcLean
Period3/05/165/05/16

Bibliographical note

Publisher Copyright:
© 2016 IEEE.

Keywords

  • Software and hardware security
  • memory encryption
  • physical access attacks

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Blinded random corruption attacks'. Together they form a unique fingerprint.

Cite this