21

I sometimes hear that encryption is used for the RAM, but I don't really understand why this is needed.

Why is RAM needed to be encrypted? And is this done by the hardware, the operating system or the application?

What kind of attacks is it preventing? Is it only useful if people has physical access to the computer or even when people can access the computer over a network?

I thought that the operating system is protecting so that the applications could not access each others memory. Isn't that enough?

Really, what is the benefits with "encrypted RAM"?

forest
  • 65,613
  • 20
  • 208
  • 262
Jonas
  • 5,163
  • 7
  • 33
  • 35
  • Is this just a confused marketing statement? Or can you point us to a product that does this or a use of this notion in the wild? – nealmcb Apr 26 '11 at 17:04

4 Answers4

16

Encrypting RAM is about preventing unauthorized access to the RAM contents.

Under normal operating conditions, the Operating System maintains RAM access permissions and blocks applications from seeing memory from other applications; so we are talking about an attack context where the attacker plugs into the RAM "from the outside". It has been demonstrated in lab conditions. Theoretically, properly applied encryption could thwart such kinds of attack.

If RAM is encrypted, it must be decrypted automatically for usage by the CPU. The CPU does not operate on RAM directly; it loads code and data from the RAM into its internal caches. This loading/unloading process is transparent for both the applications and the operating system. This means that an automatic RAM encryption system is conceivable, but would have to be done in hardware, preferably in the CPU itself (if it was done in the RAM chips, the attacker could just freeze the RAM and then plug it into his own machine; similarly, decryption in an external RAM controller would not prevent active attacks).

Such CPU with RAM encryption exist (but are still pretty rare). This 15 years old article from Anderson and Kuhn cites the Dallas DS5002FP microprocessor, a 8051-compatible CPU, which is still in production today (the article explains that the encryption is actually quite weak).

Note that encrypted RAM (decrypted only in the CPU) cannot work well with DMA -- so disk and network accesses would be quite slow in a PC with encrypted RAM.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • This answer was posted in 2011, but I'd like to note that modern systems _do_ support low-latency memory encryption, e.g. newer Intel CPUs with TME. It also works well with DMA. – forest Apr 07 '19 at 05:00
14

Having the RAM encryted helps against a live forensic analysis.

gbr
  • 2,020
  • 1
  • 17
  • 22
  • Sound like this can be easyli solved by limiting the physical access to the computer. – Jonas Nov 23 '10 at 21:54
  • 12
    @Jonas Usually when your machine is being analyzed by a computer forenser, you are somewhere under arrest. – gbr Nov 29 '10 at 17:54
9

To answer you question about why you'd want to encrypt RAM and the threats posed to it:

Firstly RAM scrapers can read RAM memory for an attacker. Think about the sensitive data that used by computers: encryption keys, personal information, credit cards, and maybe even PIN numbers for Point of Sale devices. That data needs to be unencrypted to be used and if it lingers in RAM unencrypted (or the attacker gets lucky) then it is vulnerable to attack.

Since a RAM scraper is malware then an attacker does not need physical access to the computer if it can be installed remotely and is able send the data back to the attacker via a network.

If an attacker has physical access to your computer (e.g. stolen laptop) then there are other attacks which can take advantage of the time it takes between RAM losing its power supply and actually losing its state (cold boot attack). This can be used to circumvent hard disk encryption as well if the key is held in RAM.

I don't know how far encrypted RAM goes to mitigate these attacks but it probably depends on where the decryption key is kept.

Ventral
  • 299
  • 1
  • 3
2

Unless the OS has special support for it (and probably even then unless there is also hardware support) trying to encrypt RAM is the cryptographic equivalent of trying to make a perpetual motion machine, or trying to fly by pulling on your bootlaces. You can try but you won't get very far.

Where will you store the key? RAM.

Where will you store the data when you're processing it? RAM.

frankodwyer
  • 1,907
  • 12
  • 13