How Secure DDR Interfaces Protect DRAM from Memory Attacks

Brett Murdock, Dana Neustadter

Jan 10, 2024 / 7 min read

In 2017, the credit bureau Equifax announced that hackers had breached its system, unleashing the personal information of 147 million people. As a result, the company has settled a class action suit for $425 million to aid those impacted. The damages included identity theft, fraud, financial losses, and the expenses to clean it up. Whether the threat is identity theft, fraud, national security, safety, or some combination, data is at the center of it all and must be protected. While the Equifax hack was executed through a security flaw in a software tool, it’s a cautionary tale about why you need to protect data in your electronic systems. Vulnerabilities exist not only in software but in hardware, too.

The reality is that as systems become more complex, hardware can be a point of entry for those with nefarious intent. Multi-chip designs are gaining traction, and the attack surface is increasing.

Security is taking center stage in the semiconductor industry and securing system-on-chip (SoC) interfaces and the data that moves across them can prevent data from being accessed, deleted, or otherwise manipulated by bad actors. Whether you are protecting data in high-performance computing (HPC), mobile, IoT or automotive SoCs, security implementations need to be optimized to preserve the performance of the interfaces while reducing the impact on latency and area.

High-bandwidth interfaces such as DDR are proliferating, and their speeds continue to grow from generation to generation. If you want to protect your data, one of the key areas to secure is your off-chip dynamic random-access memory (DRAM).

For the better part of a decade, academic researchers warned of the possibility of Rowhammer attacks and Google’s Project Zero uncovered another vulnerability called RAMbleed, both particular to DRAM. DRAM vulnerabilities can be exploited in real-word scenarios, and it’s important to protect against attacks such as Rowhammer, RAMbleed, and cold-boot attacks to keep bad actors from reading or corrupting data, or from retrieving cryptographic keys which are fundamental to security. Since information is moving faster, systems are getting more complex, and the stakes are getting higher all the time, securing data should not be an afterthought but an integral part of hardware design.

Read on to learn about how hackers can corrupt your data and steal information through DRAM devices, and also some strategies to consider for securing DDR/LPDDR interfaces in your SoC.

secure interfaces ddr

How Memory Attacks Work

Here are a few examples of DRAM-specific vulnerabilities:

  • Rowhammer. Attackers who employ a Rowhammer strategy have the intention of modifying or corrupting data. Rowhammer attacks read data in a memory row repeatedly at high speed, causing it to flip the bits (from 1 to 0 or 0 to 1) in the page table entries of adjacent rows. In this way, attackers can gain read-write access to the entire physical memory, according to the Project Zero team at Google. As DRAM chips continue to shrink, they become even more vulnerable to this type of attack because transistors are packed more densely together, increasing the risk of spillover during such an attack.
  • RAMBleed. RAMBleed is used for stealing data as it moves across systems. RAMBleed uses the same principles as the Rowhammer attack but it reads the information instead of modifying it, threatening the confidentiality of the data stored in memory. By using RAMBleed, attackers can extract information from the DRAM.
  • Cold-boot Attacks. Attackers in this case have physical access to your system. They can use their access to do a hard reset on a specific system, access pre-boot physical memory data to retrieve encryption keys, and wreak havoc.

Safeguard Your Memory Interfaces by Design

Memory and storage security protects storage resources and the data stored in them, both in on-premise and external cloud data centers. As the need for higher capacity, faster access, and accelerated processing increases, designers are turning to high-performance, low-latency memory encryption solutions to preserve performance while protecting data over the latest generations of DDR, LPDDR, GDDR, and HBM memory interfaces.

Error correction code (ECC) used to be a popular protection mitigation strategy, but it only provides a limited level of resilience. ECC does not provide security as it leaves more vulnerabilities to undetected corruption, making it a naive approach to integrity protection for memories. Designers would often use ECC as a stop gap before adopting proper cryptographic algorithms.

The best approach to safeguard memory interfaces is to address the confidentiality and integrity of the data by design, with standards-based cryptography. For example, using AES-XTS encryption for data confidentiality, Rowhammer attacks can be prevented. While parity/ECC can catch 1- or 2-bit flips, encryption covers all the bits. With encryption, the data written to memories looks more like random data, and it will be nearly impossible to create Rowhammer patterns. Memory encryption and proper refresh of keys also protect against RAMBleed and cold-boot attacks. In addition to data confidentiality, security can be augmented with data authenticity that can be addressed by using strategies such as cryptographic hashing algorithms to ensure that data has not been modified by malicious actors.

Making security part of your DDR interface design from the get-go is not without its challenges. Security needs to be done right because one weak link can compromise the overall system and its data. For example, it is critical for keys to be generated and managed in a trusted/secure area of the SoC and distributed via dedicated channels to the encryption module. Readback protection of keys and control configuration also need to be part of the overall security architecture.

Another challenge is that memory encryption comes with a cost, including overhead that will impact power, performance, area (PPA), and latency. Your challenge is to make your DDR interface design secure and standards-compliant, but also highly optimal.

We’ve witnessed a rapid adoption of integrity and data encryption (IDE) security for PCI Express® (PCIe®) and Compute Express Link (CXL) interfaces, and now we are seeing a similar trajectory in memory interfaces, such as DDR and LPDDR. Since technology is ever-changing—criminals get smarter in their approaches, as the engineers design smarter solutions—whatever security strategy you choose, should enable ongoing adaptation to an evolving threat ecosystem.

Strategies for Securing DDR Interfaces in Your SoC

Here are some strategies to help you get started to secure the DDR interfaces in your SoC:

  1. Design a secure infrastructure foundation, including the control plane for authentication and key management, and the data plane for data encryption and integrity.
  2. Comply with Standards. For memory, data confidentiality leverages standards-based cryptographic algorithms, like AES-XTS with all key sizes, as defined by NIST SP800-38E.
  3. Implement highly optimal solutions that can scale efficiently to support the latest bandwidths required for memory interfaces. Leverage pipelined architectures, with efficient tweak calculation, key refresh, and low latency. Consider optimization options, such as running multiple AES rounds in a cycle and using specific AES S-box implementations for more optimal area or maximum frequency.
  4. Support per-region encryption/decryption to provide flexibility for various use cases.
  5. Employ key generation and management in a secure environment. Memory encryption solutions require the control plane component for authentication and management. Typically, this is addressed by a secure enclave with root of trust. It needs to be adaptable via firmware updates to help future proof your key management strategy, including potential changes in algorithms.

One solution you might employ to secure DRAM data is to key encrypt the data prior to sending it to the DDR controller, but this is not ideal as the encryption block must manage a lot of actions to ensure that the packets are properly sized. For example, an application writes one byte of memory – the encryption block will need to read that memory location, merge in the newly written byte, and finally write it back to the memory. The farther away the encryption from the memory, the more you must manage. This will not only impact your performance budget—a costly proposition for your memory bandwidth—but you must also watch out for degradation because you are moving the data across the SoC.

The optimal solution is to tightly couple the encryption/decryption inside your DDR or LPDDR controller, allowing for maximum efficiency of the memory and lowest overall latency. The controller is as close to the memory as you can get.

The Complete Synopsys IME Security Module for DDR/LPDDR to Protect Data

The Synopsys Inline Memory Encryption (IME) Security Module for DDR/LPDDR helps ensure confidentiality of data in use through memory interfaces or stored in off-chip memory. It is a standards-compliant, certification-ready, out-of-the-box solution based on the AES-XTS algorithm, enabling highly efficient throughput for memory controllers, including Synopsys Secure DDR5/4, LPDDR5X/5/4X, or LPDDR5/4X/4 Controllers. It supports all key sizes of the AES-XTS, including 128-bit, 256-bit keys with support for scalable 128-bit, 256-bit and 512-bit data paths. The IME Security Module gives you per-region memory protection through per-address or sideband key selection, with very low latency, and can be tuned for particular applications with optimal PPA. Memory encryption is enabled inside our Synopsys Secure DDR5/4 and LPDDR5X/5/4X/4 Controllers, saving your performance budget for better use, and delivering the lowest latency in the industry.

As our world operates ever-more frequently in the cloud, there is greater demand for more virtualization, which will need to be reflected in your memory protection. The Synopsys IME Security Module allows for managing data protection in various regions, initiated from different virtual environments, and is well suited for supporting a variety of cloud computing virtualization environments.

In addition to the Secure DDR/LPDDR interfaces, Synopsys offers complete standards-compliant Secure Interface Solutions for the most widely used protocols, including PCIe, CXL, HDMI, DisplayPort, USB Type-C, and Ethernet. The solutions address the most challenging demands and enable designers to quickly implement the required security in their SoCs with low risk and fast time to market.

Continue Reading