Protecting mobile devices from physical memory attacks with targeted encryption

Le Guan, Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, Bo Luo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Sensitive data in a process could be scattered over the memory of a computer system for a prolonged period of time. Unfortunately, DRAM chips were proven insecure in previous studies. The problem becomes worse in the mobile environment, in which users' smartphones are easily lost or stolen. The powered-on phones may contain sensitive data in the vulnerable DRAM chips. In this paper, we propose MemVault, a mechanism to protect sensitive data in Android devices against physical memory attacks. MemVault keeps track of the propagation of well-marked sensitive data sources, and selectively encrypts tainted sensitive memory contents in the DRAM chip. When a tainted object is accessed, MemVault redirects the access to the internal RAM (iRAM), where the cipher-text object is decrypted transparently. iRAM is a system-on-chip (SoC) component which is by nature immune to physical memory exploits. We have implemented a MemVault prototype system, and have evaluated it with extensive experiments. Our results validate that MemVault effectively eliminates the occurrences of clear-text sensitive objects in DRAM chips, and imposes acceptable overheads.

Original languageEnglish (US)
Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages34-44
Number of pages11
ISBN (Electronic)9781450367264
DOIs
StatePublished - May 15 2019
Event12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States
Duration: May 15 2019May 17 2019

Publication series

NameWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
Country/TerritoryUnited States
CityMiami
Period5/15/195/17/19

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Protecting mobile devices from physical memory attacks with targeted encryption'. Together they form a unique fingerprint.

Cite this