Hardware

i-NVMM: Securing non-volatile memory on the fly

Computer memory is a treasure of unencrypted information. Fortunately, power off and it disappears. That's not the case with next-generation memory.

The dynamic in Dynamic Random Access Memory (DRAM) implies electricity is required to maintain the charge of designated capacitors in the memory chip. Shut power off, capacitors discharge, and data vanishes.

In 2008, a group of Princeton researchers discovered by freezing DRAM chips, the charged/discharged state of capacitors was maintained long enough for researchers to snare data stored on the chips. Thankfully, it's not easy, so the crack never became mainstream.

Fast forward to 2011: researchers are trying to replace DRAM with more-efficient and power-friendly Non-Volatile Main Memory (NVMM). Here's what has hardware developers excited:

  • No refresh power is required to maintain stored data.
  • Resumption from sleep or hibernation is instantaneous.
  • NVMM can fit more memory into the same amount of space used by existing technologies.

Remember the saying, "Along with the good, comes the bad"? Well, that applies to NVMM. Not requiring refresh power means data will persist indefinitely on NVMM memory chips when power is removed.

That gives the gang at Princeton, or someone who steals your notebook, plenty of time to extract stored data. My computer could have 4 GB's worth.

There is a solution

I'd like to introduce you to i-NVMM, a potential solution and creation of Dr. Siddhartha Chhabra (Intel) and Dr. Yan Solihin (North Carolina State University). In their paper, "i-NVMM: A Secure Non-Volatile Main Memory System with Incremental Encryption," the researchers describe i-NVMM as:

"A data privacy protection scheme for non-volatile main memory (NVMM). i-NVMM relies on a memory-side encryption engine to support encrypted main memory, hence it does not rely on specific architecture support."

Sounds simple enough, but it's not. I was trying to understand this slide:

Here is their explanation:

"Figure 6 shows hardware components that are added to a non-volatile main memory (NVMM) module. One added component is Page Status Table (PST), an SRAM structure that keeps track of the status of each page:

  • 1-bit that indicates whether a page is currently encrypted or not (Enc-Status).
  • The last time the page was accessed (LastAcc).
  • The number of times the page has been accessed (numAcc).
  • The next page accessed after this one (NextPage).
  • 1-bit that indicates whether a page is pending for encryption/decryption or not (Pending).

LastAcc is used by the Inert Page Prediction (IPP) to predict a page as inert in order to encrypt it. NumAcc is used for tracking how many accesses have been received by a currently-encrypted page in order to decide when it should be queued for decryption."

Did you get that? I didn't. But, I wanted to. So I phoned the researchers. Dr. Chhabra consented to answer my barrage of questions.

Kassner: To begin, I am familiar with Non-Volatile Memory (NVM), but not Non-Volatile Main Memory (NVMM). What is the difference? Chhabra: You can think of NVM as any computer memory that retains stored information even if power is removed-flash drives and hard drives being two examples. NVM is not a new concept. The technology was first developed in the 1960s.

NVMM is a new concept. Consider it to be the entire system needed to replace DRAM. Among other components, NVMM will include NVM technologies, most likely Phase-Change Memory (PCM) or Magnetoresistive RAM (MRAM).

Kassner: The non-volatility of NVM appears to be a double-edged sword, good for computing, bad for security. I'm guessing security was not a major consideration back in 1960.

You and Dr. Solihin do have a solution: i-NVMM. Would you please give us an overview of the technology behind i-NVMM?

Chhabra: We realize that non-volatility is an important property, regardless of the fact that it makes it easier for attackers to scan the main memory. Hence, we propose a solution to bridge the vulnerability and ensure the system retains all the properties afforded by non-volatility.

Here are a few lines from the paper. They best summarize our proposal.

Emerging technologies for building non-volatile main memory (NVMM) systems suffer from a security vulnerability where information lingers on long after the system is powered down, enabling an attacker with physical access to the system to extract sensitive information off the memory. The goal of this study is to find a solution for such security vulnerability.

We introduce i-NVMM, a data privacy protection scheme for NVMM, where the main memory is encrypted incrementally [Kassner: the "i" in i-NVMM], i.e. different data in the main memory is encrypted at different times depending on whether the data is predicted to still be useful to the processor.

The motivation behind incremental encryption is the observation that the working set of an application is much smaller than its resident set. By identifying the working set and encrypting the remaining part of the resident set, i-NVMM can keep the majority of the main memory encrypted at all times without penalizing performance by much.

Our experiments demonstrate promising results. i-NVMM keeps 78% of the main memory encrypted across SPEC2006 benchmarks, yet only incurs 3.7% execution time overhead, and has a negligible impact on the write endurance of NVMM, all achieved with a relatively simple hardware support in the memory module.

Kassner: When you talk about NVMM and i-NVMM, are you suggesting that DRAM be replaced? Chhabra: This is something that is currently under research. There are various possibilities.

Physically, NVM can replace DRAM, but NVM is typically slower than DRAM and has limited write endurance. Those two issues, in all likelihood, will force the replacement memory to be a hybrid system.

Where the main memory system will consist of a small DRAM buffer--to exploit its speed and better write endurance--and a non-volatile memory like PCM to exploit its density properties.

In our work with encryption, we specifically talk about NVMM replacing DRAM totally. However, the solution is equally applicable and needed in a hybrid memory system like the one I described above.

Kassner: In the paper, you refer to a selection process that i-NVMM uses to encrypt and decrypt data. That is fascinating. How is that possible? Chhabra: i-NVMM predicts whether data is useful to the application or not. In essence, applications refer or touch more data than they actually access. The data an application touches is known as the resident set and the data an application uses when in steady state is the working set.

If a scheme blindly encrypts the memory, both the working set and the resident set will be encrypted. That causes the application to suffer high performance overhead, as data needs to be decrypted before it's fed to the application.

By detecting inactive memory pages -- using hardware counters in the memory module -- the memory-side cryptographic engine can predict the pages that are not a part of the resident set -- we call them inert pages. Once a page is identified as inert, it is encrypted by the memory-side cryptographic engine.

Kassner: How do you envision i-NVMM? Is it additional firmware, or is it supplemental hardware attached to the memory module? Chhabra: We envision i-NVMM to be totally implemented inside the memory module, not requiring any additional hardware/software/firmware support outside the memory module. Kassner: Besides encrypting data, does i-NVMM improve security in other ways? I was specifically thinking that the prediction qualities of i-NVMM might prevent buffer overflows. Chhabra: No, i-NVMM is not designed for protecting software attacks like the one you mentioned. It is designed specifically to protect non-volatile data in NVMMs. I might add that not protecting the data can be a showstopper in the adoption of NVMM. Kassner: What happens when the computer is shut off? Is the memory wiped clean? Or does i-NVMM encrypt all of the data stored in memory? That seems like it would be an important consideration. Chhabra: When the system is shutoff, i-NVMM encrypts the pages that are currently not encrypted (these will be the pages that were being used by applications). We do not want to wipe out the entire memory at shut down as then we lose the non-volatility properties of NVMs. That is one thing we don't want.

In an attack scenario, where the attacker steals the memory module of a running system, we ensure the attacker will not gain anything useful. The i-NVMM has a small CMOS battery as reserve on the memory module to ensure that in such a case i-NVMM has enough power to encrypt the pages that are currently in plaintext.

Kassner: What is next on the agenda for i-NVMM? Chhabra: We are seeking industry partners interested in this technology to patent and prototype i-NVMM. Final thoughts

It is nice to see advances being made, particularly with hardware that will improve computer usage. Another thing I like to see is security being part and parcel of the development process. That is so not 1960s.

Finally, I would like to thank Dr. Chhabra for explaining the cutting-edge research around NVMM and i-NVMM.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

27 comments
mhenson73
mhenson73

Interesting thought to include the engine with the RAM...this should enable a similar level of protection to traditional RAM but it does nothing to prevent bus snooping/injecting attacks which happen between RAM and the CPU (and for which most memory encryption schemes are targeted). (caveat: I still need to read the full paper...)

wlramsey
wlramsey

The one thing that kept bugging me when I read this article is that a lot of people depend on their computers to have Volatile memory in their PC's so that they can shutdown / restart to fix flaky memory issues. If everyone starts using NVM, and they purposefully leave the data on memory, I could see this causing problems with not being able to reboot to fix problems with our favorite Windows Operating Systems (said facetiously). There are also time when us computer techs will do the ancient trick of pulling the power cord and hold the power button in to drain the capacitors. How will this be affected?

Craig_B
Craig_B

If security is a concern, could the memory be cleared on power off? Yes that removes the instant on feature however it improves security. Could you have a tamper proof case, that when you try to open it, the memory would be erased?

techrepublic@
techrepublic@

Why not just encrypt all non-volatile RAM (NVRAM) on power off, and decrypt on power on. It would be simpler, no performance cost, lower power consumption, and done very fast on specialized hardware even for many GiB RAM. How will keys be managed for NVRAM encryption/decryption? That is a critical aspect not mentioned in the article. Encryption/decryption of data stored in current non-volatile storage (e.g. HDD, SDD) usually makes use of a password (something the user knows) and possibly data stored in a token (something the user has). Will a similar approach be used for NVRAM?

Michael Kassner
Michael Kassner

In the paper, Dr.Chhabra and Solihin mentioned that DRAM was reaching its limits. And, instant on is a big deal to many people.

Spitfire_Sysop
Spitfire_Sysop

I think they should stop wasting their time with this concept. As DRAM gets faster the NVRAM will always be a step behind. This technology should stay in the SSD where it belongs.

bboyd
bboyd

Not a super capacitor? I thought we moved away from chemical batteries. Sounds like a great idea otherwise. But other than the dynamic encryption, why this instead of normal RAM and a SSD for paging file and cache use only. Is the interface/memory really fast enough to make the difference. I used to set up ram disks to eliminate page file and disk usage but windows fights it. Is there a system for this to not just play middleman to the old page file on disk/SSD?

mhenson73
mhenson73

Ok, looks like they properly scoped the paper...my only question now is how is this any better than simply having a small memory...limiting the size of your ram to the size decrypted in this solution...how would the swapping latency for bringing the inert pages in from disk compare to the decryption latency when keeping them in the nvram...also, it doesn't seem that the benefit of instant on would still be available since there will be some decryption latency when the system is powered up.

Michael Kassner
Michael Kassner

This question more pertains to how NVMs will be used once they replace DRAMs as the main memory technology (I say once as I believe soon enough a hybrid main memory system will be in place for sure). However, I believe these issues can be handled in a straight forward way. The instant on benefit of NVM deals specifically with sleep states like hibernation or standby. To deal with something like this, the NVMM can be cleared on a specific reset signal to allow this sort of ???debugging???

Michael Kassner
Michael Kassner

I use your tricks quite often myself. I will pass the questions along to Dr. Chhabra.

Michael Kassner
Michael Kassner

NVM is quite new and just starting to be product tested. I suspect NVM will evolve to incorporate solutions for these sort of issues. Still, there is a concern that security is not at the forefront.

Michael Kassner
Michael Kassner

That is specifically what we don???t want to, if we encrypt everything at power down, the vulnerability window we discuss in the paper will be too big giving enough time for attackers to extract sensitive information. In addition, encrypting only on power down will not protect against a very feasible attack where the attacker pulls the memory module out from a running system. With iNVMM, most memory will be encrypted even during run time as the systme is mostly idle and most of the pages, if not all, will be predicted inert and hence encrypted and when the attakcer pulls the memory module, the small power supply inside iNVMM will encrypt the remaining pages, if any, in plaintext and protect the memory. As far as the keys go, we have discussed this in the paper in the design section as we acknowledge that it is a very important issue. The option discussed by the reader is one of the possible options that we propose in the design section.

Michael Kassner
Michael Kassner

The memory used is a subset of NVM, and a different technology than NVRAM. In the article I asked the same question of the researchers: "Kassner: What happens when the computer is shut off? Is the memory wiped clean? Or does i-NVMM encrypt all of the data stored in memory? That seems like it would be an important consideration. Chhabra: When the system is shutoff, i-NVMM encrypts the pages that are currently not encrypted (these will be the pages that were being used by applications). We do not want to wipe out the entire memory at shut down as then we lose the non-volatility properties of NVMs. That is one thing we dont want. In an attack scenario, where the attacker steals the memory module of a running system, we ensure the attacker will not gain anything useful. The i-NVMM has a small CMOS battery as reserve on the memory module to ensure that in such a case i-NVMM has enough power to encrypt the pages that are currently in plaintext." Being a self contained system, the user is not involved so they would not have to remember keys. To make sure I answered your questions properly, I have passed your questions on to the researchers as well.

Michael Kassner
Michael Kassner

DRAM is reaching scaling, cost and power limits and its replacement is inevitable coupled with increasing memory requirements.

Michael Kassner
Michael Kassner

It is my understanding that DRAM is reaching its limits. That is why NVM appears to be the future. And, as I mentioned to BBoyd, instant on is a feature with a great deal of merit.

Spitfire_Sysop
Spitfire_Sysop

This is a great case for faster SSDs, not a change in main memory. We already have hibernation states that can pick up where you left off. It just needs to be stored in a really fast SSD. The main memory is faster than the SSD by orders of magnitude. There may be software solutions to this problem as well. For example: instead of going through a boot process and load everything up one by one couldn't we make an image of the memory state once the computer is fully running (like hibernation) and then dump this image rapidly in to the memory from a SSD and be instantly in a fully running state? All you need is a driver like RAMDrive that holds a mirror of your main memory and a kernal that seeks only to load this RAMDrive in order to get the full kernal back. I think the virtualization technology we have is very close to what I am talking about. It's like a vMotion. You could even pick from a list of OS states and "boot" in to a variety of different environments with an extremely lightweight hypervisor that does not act as a host but instead does a hand-off to the new host.

techrepublic@
techrepublic@

As soon as the memory module is powered off, physically disconnected, or just some disturbance in the memory bus trigger a full memory encryption. This will prevent someone from recovering data from the modules, even if it quickly reconnects .the module to another system. As soon as the encryption is complete, discard the key. On power on, the memory modules waits for any ongoing memory encryption to finish, if any, then asks/waits for a key, and then does a full decryption. As for the battery power needs, the worse case scenario for both approaches is to have to encrypt all memory, and seeing that my approach requires less/simpler electronics, I would say that not even battery power is an issue. I have only thought about this for a few minutes so I'm most likely not seeing all issues but the "pulling memory modules" case seems to be covered by my simpler approach.

Wunderbarb
Wunderbarb

>> Being a self-contained system, the user is not involved so they would not have to remember keys. This statement may be wrong. As usual in crypto systems, a critical part is the key management. As it is rightly described in the paper (end of section 5), the decryption,/encryption key cannot be self managed by the chip. It has to be provided by an external principal. Would it be internal to the chip, it would be prone to physical attack and reading. Furthermore, there would be a protocol for enabling the decryption/encryption at power on. Thus, as recommended in the paper, the key comes from outside. it may be independent from the user, for instance by the processor, but then once more it is possible to find it in the system, or better provided by the user through a passphrase (prone to social engineering and all the usual password issues). BTW, this key has to be securely erased inside the chip after having fully encrypted the memory, it is most probably stored in SRAM. This issue may be a serious limiting factor (usability) and may reduce the strength of the system to the usual issues of passphrase. Nevertheless, key management was not in the scope of the paper. The main topic was this strategy of encryption caching.

techrepublic@
techrepublic@

My comment applies to any non-volatile RAM (NVRAM). Does not matter what particular technology it is. I'm much more worried about an attacker that steals the entire computer or has access to the it for enough time to grab data than a attacker that only steals the memory modules.

Spitfire_Sysop
Spitfire_Sysop

I am not expert on the matter but it seems to me that the DDR5 currently used in Video cards is not scheduled for desktop use quite yet. The cost of DRAM seems to go down every day making it quite practical. The power of these chips is often limited by the other components of your system. So I'm not sure what Dr. Chhabra is talking about. The memory is often the fastest part in your computer. What is the problem here? Furthermore if there is a need for a new technology, this isn't it. I believe that other breakthroughs in quantum memory will become viable by the time anyone seriously considers using NVM instead of DRAM. This is why I said it seems like a waste of time.

Michael Kassner
Michael Kassner

I have been mentioning to other members, the existing forms of memory are reaching their physical and electrical limits--new technology is required to move forward. That is why PCM and MRAM are under development.

Michael Kassner
Michael Kassner

I interpreted the paper slightly different. But, your argument is extremely valid and I am not an expert. I will pass this discussion along to Dr. Chhabra and allow him to comment.

Michael Kassner
Michael Kassner

I humbly suggest what the researchers are developing is markedly different and the encryption process is dissimilar enough to make it part of the discussion. Were Dr.Chhabra's responses of benefit?

techrepublic@
techrepublic@

The particular technology behind it is irrelevant to the issue.

Michael Kassner
Michael Kassner

I discussed this case above (similar to attacker stealing memory module off a running system), even in this case most memory will be encrypted due to idling state of the system

Michael Kassner
Michael Kassner

The NVM technologies referred to are PCM and MRAM. They are completely new concepts.