CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer

Juffinger, Jonas; Lamster, Lukas; Kogler, Andreas; Eichlseder, Maria; Lipp, Moritz; Gruss, Daniel

doi:10.1109/sp46215.2023.10179390

Cited by 17 publications

(2 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DRAM-based solutions predominantly revolve around additional preventive refreshes for potential rowhammer victim rows [17,21,22,25,[33][34][35]. However, securing adequate non-disruptive time at the DRAM interface for these refreshes is challenging.…”

Section: Dram-based Mitigationsmentioning

confidence: 99%

Rowhammer Attacks in Dynamic Random-Access Memory and Defense Methods

Kim,

Park,

Yeo

et al. 2024

Sensors

View full text Add to dashboard Cite

This paper provides a comprehensive overview of the security vulnerability known as rowhammer in Dynamic Random-Access Memory (DRAM). While DRAM offers many desirable advantages, including low latency, high density, and cost-effectiveness, rowhammer vulnerability, first identified in 2014, poses a significant threat to computing systems. Rowhammer attacks involve repetitive access to specific DRAM rows, which can cause bit flips in neighboring rows, potentially compromising system credentials, integrity, and availability. The paper discusses the various stages of rowhammer attacks, explores existing attack techniques, and examines defense strategies. It also emphasizes the importance of understanding DRAM organization and the associated security challenges.

show abstract

Section: Dram-based Mitigationsmentioning

confidence: 99%

Rowhammer Attacks in Dynamic Random-Access Memory and Defense Methods

Kim,

Park,

Yeo

et al. 2024

Sensors

View full text Add to dashboard Cite

show abstract

“…In the domain of data proliferation, the role of cryptography in maintaining data integrity and confidentiality is increasingly recognized [1]. Cryptography serves as a fundamental component in the architecture of security systems [2], addressing a multitude of threats [3,4]. Traditional cryptographic algorithms have provided a reliable foundation for data protection over many years [5], proving effective in less complex digital environments [6].…”

Section: Introductionmentioning

confidence: 99%

A Holistic Secure Communication Mechanism Using a Multilayered Cryptographic Protocol to Enhanced Security

Wang,

Tabassum

2024

CMC

View full text Add to dashboard Cite

In an era characterized by digital pervasiveness and rapidly expanding datasets, ensuring the integrity and reliability of information is paramount. As cyber threats evolve in complexity, traditional cryptographic methods face increasingly sophisticated challenges. This article initiates an exploration into these challenges, focusing on key exchanges (encompassing their variety and subtleties), scalability, and the time metrics associated with various cryptographic processes. We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering. Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity, foundational pillars of information security. Our method employs a phased strategy, beginning with a detailed examination of traditional cryptographic processes, including Elliptic Curve Diffie-Hellman (ECDH) key exchanges. We also delve into encrypt/decrypt paradigms, signature generation modes, and the hashes used for Message Authentication Codes (MACs). Each process is rigorously evaluated for performance and reliability. To gain a comprehensive understanding, a meticulously designed simulation was conducted, revealing the strengths and potential improvement areas of various techniques. Notably, our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs, marking a significant advancement over existing methods. Furthermore, with integrity metrics at 9.35, the protocol's resilience is further affirmed. These metrics, derived from stringent testing, underscore the protocol's efficacy in enhancing data security.

show abstract

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

Gerlach,

Thomas,

Pietsch

et al. 2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Rowhammer is a hardware vulnerability that can be exploited to induce bit flips in dynamic random access memory (DRAM), compromising the security of a computer system. Multiple ways of exploiting Rowhammer have been shown and even in the presence of mitigations such as target row refresh (TRR), DRAM modules remain partially vulnerable. In this paper, we present a large-scale reproduction study on the Rowhammer vulnerability using the Blacksmith Rowhammer fuzzer. The main focus of our study is the impact of the fuzzing environment. Our study uses a diverse set of 10 DRAM chips from various manufacturers, with different capacities and memory frequencies. We show that the runtime, used seeds, and DRAM coverage of the fuzzer have been underestimated in previous work. Additionally, we study the entire hardware setup's impact on the transferability of Rowhammer by fuzzing the same DRAM on 4 identical machines. The transferability study heavily relates to Rowhammer-based physically unclonable functions (PUFs) which rely on the stability of Rowhammer-induced bit flips. Our results confirm the findings of the Blacksmith fuzzer, showing that even modern DRAM chips are vulnerable to Rowhammer. In addition, we show that PUFs are challenging to achieve on commodity systems due to the high variability of Rowhammer bit flips.

show abstract

CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer

Cited by 17 publications

References 49 publications

Rowhammer Attacks in Dynamic Random-Access Memory and Defense Methods

Rowhammer Attacks in Dynamic Random-Access Memory and Defense Methods

A Holistic Secure Communication Mechanism Using a Multilayered Cryptographic Protocol to Enhanced Security

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

Contact Info

Product

Resources

About