Rowhammer attacks – DRAM

The Rowhammer attack could allow malicious parties to create privilege escalation exploits and network-based attacks that would enable them to tamper with data and inject malicious commands in computer systems.

It is a software based fault injection attack.

  • Specially created user mode program(native application/jave script on firefox) could create Rowhammer for privilege escalation(low previlege user application to get elevated access to system resources that are normally protected for user applications-)
  • Refer to Google Project Zero for further information

Some of the Mitigation are

  • ECC – Error correcting code. SEC- Single error correction. DED -Double error detection. Note that flipping three bits prevents the ECC from detecting the error
  • TRR – Target row refresh (TRR) that prevents the row hammer effect without negatively impacting performance or power consumption

Recent development:

Not Even ECC Memory Is Safe Against Rowhammer Attacks (2018.11.26) – The attack is named “ECCPilot”

Store private cryptograpic keys on target

Security is never optional in the connected world!

Private keys and any other confidencial assets shall be stored and operated in a tamper proof environment. These keys and data shall never be exposed to outside world.

Hence it is recomended to store these keys

  • Using dedicated hardware modules like Hardware security module(HSM) , Trusted Platform Module (TPM)
  • Using processor hardware architecture extensions like ARM TrustZone  (ARM TZ), Intel Software Guard Extentions (Intel SGX)