Dataplant: In-DRAM Security Mechanisms for Low-Cost Devices
Low-cost devices are now commonplace and can be found in diverse environments such as home electronics or cars. As such devices are ubiquitous and portable, manufacturers strive to minimize their cost and power consumption by eliminating many features that exist in other computing systems. Unfortunately, this results in a lack of basic security features, even though their ubiquity and ease of physical access make these devices particularly vulnerable to attacks. To address the lack of security mechanisms in low-cost devices that make use of DRAM, we propose Dataplant, a new set of low-cost, high-performance, and reliable security primitives that reside in and make use of commodity DRAM chips. The main idea of Dataplant is to slightly modify the internal DRAM timing signals to expose the inherent process variation found in all DRAM chips for generating unpredictable but reproducible values (e.g., keys, seeds, signatures) within DRAM, without affecting regular DRAM operation. We use Dataplant to build two new security mechanisms: 1) a new Dataplant-based physical unclonable function (PUF) with high throughput and high resiliency to temperature changes, and 2) a new cold boot attack prevention mechanism based on Dataplant that automatically destroys all data within DRAM on every power cycle with zero run-time energy and latency overheads. These mechanisms are very easy to integrate with current DDR memory modules. Using a combination of detailed simulations and experiments with real DRAM devices, we show that our Dataplant-based PUF has 10x higher throughput than state-of-the-art DRAM PUFs while being much more resilient to temperature changes. We also demonstrate that our Dataplant-based cold boot attack protection mechanism is 19.5x faster and consumes 2.54x less energy when compared to existing mechanisms.
READ FULL TEXT