Confidential computing promised to guard delicate workloads within the public cloud. But a brand new low-cost {hardware} assault, Battering RAM, demonstrates that even up-to-date memory-encryption schemes on Intel and AMD processors might be defeated with a easy interposer costing underneath 50 {dollars}.
Fashionable servers use DDR4 DRAM with hardware-backed encryption, akin to Intel SGX’s Complete Reminiscence Encryption (TME) and AMD SEV-SNP, to protect non-public information.
Earlier analysis on “BadRAM” exploited false SPD metadata at boot time; in response, distributors carried out stricter boot-time alias checks.
Constructing Battering RAM on $50 Price range
Battering RAM Assault
Battering RAM operates dynamically, the place a customized interposer sits between the CPU and DIMM, clear throughout POST, and evades SPD spoofing checks.
As soon as the system is on-line, an analog change flips, redirecting encrypted site visitors from sufferer addresses to an attacker-controlled alias buffer.
Captured ciphertext is then replayed right into a managed enclave, yielding arbitrary plaintext entry. This assault totally compromises each SGX and SEV-SNP attestation on patched cloud platforms, enabling learn/write of enclave reminiscence.
The interposer design, shared on GitHub, makes use of two SPDT analog switches and a microcontroller to toggle aliasing at runtime.
This code fragment illustrates the two-phase capture-and-replay course of that yields decrypted enclave information.
Battering RAM Assault
Implications for Cloud Safety
Battering RAM exposes elementary flaws in static memory-encryption engines, which lack cryptographic freshness checks.
As a result of TME and SEV-SNP derive ciphertext solely from a set key and bodily tackle, replayed information decrypts predictably, nullifying passive-attack defenses like cold-boot mitigation.
Key implications embrace:
Bodily-layer adversaries rogue cloud employees or supply-chain attackers require solely transient entry to put in the interposer.
Software program or firmware patches can not detect on-the-fly tackle remapping. True mitigation calls for per-page nonce or integrity checks built-in into the DRAM encryption engine.
At underneath $50, Battering RAM democratizes a category of assaults previously restricted to high-end DRAM interposers (> $100,000).
Tutorial groups at KU Leuven, College of Birmingham, and Durham College carried out the analysis and have printed schematics, firmware, and proof-of-concept code underneath CC0.
Each Intel and AMD have issued safety advisories acknowledging the findings, however notice that bodily interposer assaults are past the present product scope.
As public cloud adoption of SGX and SEV-SNP grows, overlaying providers on AWS, Azure, Google Cloud, and IBM Cloud, organizations should reassess the bodily safety of datacenter infrastructure.
With out vital enhancements to reminiscence encryption protocols, Battling RAM underscores that confidential computing isn’t indestructible.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
