Hardware Security

Security should be intertwined with every part of system; the hardware is no exception. The interaction between hardware and software must be carefully planned. In doing so, the security of the entire system is strengthened.

Trusted Computing

Systems rely on Operating Systems and hardware. This collection of components comprises the core of the Trusted Computing Base (TCB). Systems fundamentally trust all actions that take place within the TCB. As Operating Systems become increasingly more complex, they are prone to faults and vulnerabilities. Hence, researchers seek to shrink the TCB.

Recently, a consortium gathered to create an open trusted framework. The Trusted Computing Group's (TCG) Trusted Platform Module (TPM) has received much attention. While vendors such as Dell have announced the deployment of TPMs, privacy concerns remain. Such concerns must be addressed before wide-spread acceptance occurs.

Our current research efforts aim to discover novel uses for the TPM while maintaining the privacy of users.

Securing Non-Volatile Main Memory

MECU

Non-volatile memories provide energy efficiency, tolerance against power failure, and "instant-on" power-up. These memories are likely to replace traditional volatile memory in next-generation laptops and desktops. However, the move to non-volatile memory introduces new vulnerabilities; sensitive data such as passwords and keys residing in main memory persists across reboots and can be probed during hardware suspension.

We propose a Memory Encryption Control Unit (MECU) to address the vulnerabilities introduced by non-volatile memories. The MECU encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token.

We evaluated a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. The performance analysis shows that we can secure non-volatile memories with minimal overhead---the majority of memory accesses are delayed by less than 1 ns, with limited degradation subsiding within 67 us of a system resume. In effect, we provide zero-cost steady state confidentiality for main memory.

Related Publications

William Enck, Kevin Butler, Thomas Richardson, and Patrick McDaniel, Securing Non-Volatile Main Memory. Technical Report NAS-TR-0029-2006, Network and Security Research Center, February 2006.