With devices going to be connected for years, securing memory becomes important
TORONTO — Emerging use cases are revealing the many ways memory technologies can be an avenue for threat actors to create havoc, whether for stealing data or sending malicious instructions.
Security features in memory aren’t new, of course. The “s” in SD card initially stood for “secure,” but the SD Association hasn’t really emphasized it for a decade, while electrically erasable programmable read-only memory (EEPROM) has long been used for applications that need embedded security such as credit cards, SIM cards and key-less entry systems, among others.
But as different kinds of memory are put into a wider variety of systems — such as automotive, manufacturing and the Internet of Things (IoT) — the need for security has greatly increased. The question is not only where that security will be integrated, but how it will be managed, especially in embedded memories that are expected to remain in a device for years, possibly decades.
Jim Handy, principal analyst at Objective Analysis, attended an Intel session at last year’s Storage Networking Industry Association (SNIA) Storage Developer Conference outlining firmware upgrade standards for NVDIMMs and how to address vulnerabilities. “Prior to that presentation I hadn’t considered the numerous places that malware could be inserted into a computing environment,” Handy told EE Times.
And it’s not just an issue for all the places in a system that use flash, he said, such as the Unified Extensible Firmware Interface (UEFI) boot and firmware in SSDs, but also processors within the flash chips to control programming algorithms. “And the firmware for those processors is stored alongside the data in the flash, creating yet another vulnerability,” Handy said.
Compromising a particular memory for monetary gain has similar economics to hacking the computers they reside in. Just as Apple computers weren’t given a lot attention by viruses and malware because they represented such a small share of the computing market, there are memory technologies that ship so few units there’s little return on investment for messing with them. Handy said that given how few SRAM chips are sold per year, it means a whole lot more work on the part of the hackers to find vulnerabilities for a lower payoff. However, if there are billions of a particular DRAM out in the world, there’s money to be made with a row hammer attack.
For the most part, said Handy, there’s not much concern about securing DRAMs given the amount of work involved to compromise them. One extreme scenario is stealing a laptop still in sleep mode that’s password protected. A thief could use liquid nitrogen on the DRAM modules, remove them and put them into another system to ready the entire contents before they are lost, he said. “The colder you get a DRAM then the longer the bits stay fresh. It doesn’t need to be refreshed.”
Self-encrypting drives such as those made by made Virtium include dedicated encryption engines using the Advanced Encryption Standard (AES) that do not require software to run on the host.
So what about other memories? Like EEPROM, rerroelectric RAM (FRAM) is used in applications already requiring security, such as transit payment cards, said Handy, while magnetic RAM (MRAM) and resistive RAM (RRAM) don’t have security hooks yet given that they represent such a small market that compromising them hasn’t been worthwhile so far. Flash memory, however, has more security features, he said, particularly NOR flash.
“The automotive guys got into security early on because engine controllers use NOR flash, and there were people who had found that they could tune their engines to be less pollution conscious and deliver more power by changing the contents of the NOR,” Handy said. This would cause the engine to break down well before its warranty expired, leaving the automaker on the hook.
Today, of course, the ramifications of compromised memory in an automotive system could be far worse than hotrodders tweaking their engines. Today’s smart cars and autonomous vehicles are full of sensors, including cameras, radars and lidars transferring mission critical data within the vehicles and outside. Next generation radars, for example, are called cognitive radars with an analog radar controlled by an MCU storing and pull data data in local flash, which has to be authenticated, said Anthony Le, senior director of marketing, ecosystem partnership and North America automotive at Macronix. Otherwise, someone can hack the system and possibly go as far as taking over the vehicle.
One of the challenges of layering security into any system is the performance impact. For automotive flash and other memories, the real issue is bootup time, Le said. “Security doesn’t add anything in terms of power consumption. The flash consumes very little power compared to MCUs and processors,” he said.
Macronix’s solutions address the bootup cycle, when the MCU must do a lot of system checks and authentication, which is handled by encryption capabilities on the flash and helps the processor, according to Le.
Regardless of memory type, any device be made secure, he said. “You just have to put the logic behind it,” he said.
NOR Flash is proven in automotive both in terms of cost and quality. But in the next five to 10 years, memory such as RRAM and FRAM will make their way into niche parts of the automotive — in some cases, replacing EEPROM — but it will take time for them to be proven out. In the meantime, Le said NOR flash continues to been Macronix’s bread and butter, but NAND flash is seeing growth too.
NAND, of course, is more ubiquitous, having quickly gone from a premium storage medium as part of a hybrid storage array to becoming affordable enough that all-flash arrays are commonplace. But security for SSDs is just as much about being able to wipe data by choice as it is about keeping it from being stolen, said Eric Hibbard, chair of the SNIA Security Technical Work Group, and the cause is overprovisioning.
To increase longevity of SSDs, vendors overprovision them to make sure the same cells are not being overwritten too often to reduce wear. “The problem comes into play when you want to make data go away,” he said. A hypothetical 1 TB SSD might be overprovisioned to have 1.3 terabytes of actual storage, but when clearing the drive by overwriting you many only clear the 1 TB, not the extra space, depending on the manufacturer. National Institute of Standards and Technology and ISO standards have been developed to address data erasure.
Users are becoming more comfortable with securing data on SSDs with encryption — something that wasn’t as well understood four years ago, said Hibbard. “We’re seeing increased use of encryption when flash technology is being used because it’s essentially the sure-fire way to make sure that data is going away once it’s written on these SSDs,” he said.
A cryptographic eraser doesn’t rely on overwrites to remove data from an SSD, he said. “You’re basically destroying the data encryption key for that piece of media and you never actually touch the cells. It’s a near instantaneous transaction.”
This cryptographic eraser technique can be used in a storage arrays and handle all the drives inside, or it can be used on the actual self-encrypting media where the encryption is actually done inside, said Hibbard. “The relationship between the controller and the drive is essentially an authentication key.” Without these capabilities, the media must be destroyed because there’s no guarantee data is gone.
Encryption has become a lot easier because it’s implemented in the hardware. “You’re seeing encryption chips that are actually installed on controller boards, or the encryption is actually embedded in this disk drives,” he said.
In addition, it’s not getting in the way of performance — whether the encryption is added to in the drives or the controllers, there almost no IO impact. “The only thing that happens is the key management, which is always the 300-pound gorilla when you’re doing the encryption, is somewhat simplified.”
Advanced Driver Assistance Systems in modern vehicles are just one of many emerging use cases memory technologies need to be especially secure.
Self-encrypting drives such as those made by made Virtium include dedicated encryption engines using the Advanced Encryption Standard (AES) that do not require software to run on the host. Randomized AES encryption keys are generated at product initialization using the controller’s true random number generator and encrypted in the SSD. This could also be implemented by a Trusted Platform Module (TPM) chip. TPM is a standard defined by the Trusted Computing Group as a hardware root of trust for cryptoprocessors, which includes encryption key generation as well as tamper-resistant key storage. Unlike software encryption, all bits are encrypted automatically without any user management. This provides an additional layer of security as the encryption key never leaves the drive.
How security is managed and how devices are updated are changing because of where the memory is located, and automotive and IoT are good examples because their distributed and connected natures. Swissbit AG, which manufactures industrial-grade flash memory, recently demonstrated its concept of a net-policy-server for control and management of memory in the field. By binding two-factor authentications to a single IP address, a boot loader only functions within a defined network. This means there’s no security risk if a device is removed from a manufacturing facility, for example.Managing security and user permissions on memory goes back farther than the set top box, an early example of device where are managed remotely, said Sandeep Krishnegowda, marketing director of Cypress Semiconductor’s Flash Business Unit, but security management is becoming more complex with IoT and automotive devices. “What all OEMs or operators want to do is be able to enable services remotely.” As passwords are become increasingly easy to break, devices need to be connected to the Internet cryptographically, he said. “My prediction five to 10 years from now is that every flash and every external memory will have some cryptographic capabilities built into them.”
What’s also changing is the lifespans of the some the emerging use cases. Devices with memory in them are expected to last as long as a decade or more, whether it’s a sensor out in a field monitoring crops or embedded in an autonomous vehicle. Krishnegowda said memory providers like Cypress need to be able add algorithm over the lifecycle of the product. “You need to provide some type of remote update to be able to manage some of these cryptographic algorithms or upgrades.”
He envisions this device provisioning being done over the air via the cloud. “If you can manage some of these upgrades from the cloud, it’s a new business model.”
— Gary Hilson is a general contributing editor with a focus on memory and flash technologies for EE Times.