Key Highlights

High-level problem addressed

The paper exposes a vulnerability of on-chip volatile memories that stems from the electrical separations, common in modern system-on-chip power distribution networks. It highlights the risks of physical memory disclosure attacks on embedded systems and smart devices.

Main contribution

The paper introduces "Volt Boot," an attack that showcases a vulnerability in on-chip volatile memories. This attack leverages on-chip power gating mechanisms to force SRAM data retention across power cycles, eliminating the need for traditional cold boot attack enablers on on-chip SRAM.

Results

We showed the effectiveness of the Volt Boot attack in caches, registers, and iRAMs of several Cortex-A profile processors. Notably, the attack retrieves data with 100% accuracy from the previous computational state, without requiring complex post-processing.

Significance and industrial relevance

The findings challenge the traditional belief that SRAM protects against cold boot attacks and underscore the need for robust security measures even in fully on-chip computations. With the proliferation of embedded devices in various sectors, understanding such vulnerabilities is crucial. This research provides valuable insights for industries aiming to bolster the security of their systems such that one cannot execute cold boot-style attacks on on-chip SRAM.

Acquired technical skills

Expertise in SoC subsystem power distribution, low-level firmware modification, cache coherency protocols, system initialization procedures, and debugging techniques such as JTAG and ARM SWD.