Securing Non-Volatile Main Memory

Non-volatile memories provide energy efficiency, tolerance against power failure, and “instant-on” power-up. These memories are likely to replace traditional volatile memory in next-generation laptops and desktops. However, the move to non-volatile memory introduces new vulnerabilities; sensitive data such as passwords and keys residing in main memory persists across reboots and can be probed during hardware suspension. In this paper, we propose a Memory Encryption Control Unit (MECU) to address the vulnerabilities introduced by non-volatile memories. The MECU encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token. A MECU design is outlined and performance, memory, and security trade-offs considered. We evaluate a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. The performance analysis shows that we can secure non-volatile memories with minimal overhead—the majority of memory accesses are delayed by less than 1 ns, with limited degradation subsiding within 67 µs of a system resume. In effect, we provide zero-cost steady state confidentiality for main memory.

Privacy Preserving Web-Based Email

Abstract. Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum ” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.