|
|
|
www.design-reuse-china.com |
|
 |
| D&R中国官方微信公众号, 关注获取最新IP SOC业界资讯 |
Securing Memory will Take More than Cryptography Alone
As advances in memory continue to evolve, so too does cybercrime.
www.eetasia.com/, Mar. 20, 2023 –
Advances in computing, storage and memory pave the way for a variety of innovations, from advanced sensor-fusion to autonomous driving and machine learning (ML). But with new technology comes new threats, and as memory evolves, so does the opportunity for cybercrime.
In traditional compute settings, small, secret algorithms could be confined primarily into on-chip memory within secure processor enclaves. But in state-of-the-art artificial intelligence (AI) and ML algorithms, the large size of the dataset often means most of the data resides in off-chip dynamic random-access memory (DRAM). Unfortunately, this memory is easier for adversaries to attack. Concerns about "data as IP" also extend to multi-tenant environments, where multiple virtual machines (VMs) simultaneously share the same physical memory. So-called "cross-VM attacks" (e.g., rowhammer as a tool for denial-of-service of even privilege escalation) are of increasing concern.
Traditional endpoint security can't defend against memory-based attacks because they can occur invisibly, external to the chip. For example, there are dozens of inline DRAM socket testers and traffic analyzers that could be repurposed for copying DRAM contents, inserting malicious traffic, or even replaying authentic-but-obsolete DRAM traffic.
Tradeoffs and ramifications
Cryptography remains the most effective tool for securing data, but as adversarial attacks advance, it becomes difficult to prioritize security–including data privacy, data authenticity, and data freshness–without compromising performance.
Symmetric protocols, such as the AES encryption protocol, are well suited to achieve data privacy–both for non-volatile "data at rest" and DRAM "data in motion." Data authentication can be achieved using a combination of cryptographic hashing and asymmetric protocols combined with message authentication codes and authentication tags. By adopting data privacy combined with data authentication defenses, attackers are barred from seeing or modifying the data without detection–though the authentication process is often the reason a device's operating system may take a second or two to load after power-on.
Back
成为合作伙伴