DMA attack
Encyclopedia
In cryptography
, a DMA
attack is a type of side channel attack
whereby cryptographic keys can be stolen by an attacker who has physical access to an operating system.
for their operations. In addition to allowing more efficient use of limited physical memory resources, this architecture forms an integral part of the security of an operating system.
The OHCI 1394
specification allows for devices for performance reasons to bypass the operating system and access physical memory directly without any security restrictions. SBP2
devices can be spoofed, allowing an operating system to be tricked into allowing an attacker to both read and write physical memory.
In addition to the nefarious uses mentioned above, there are some beneficial uses too as the DMA features can be used for kernel
debugging
purposes.
Systems may be vulnerable to a DMA attack by an external device if they have a FireWire
port, or if they have a PCMCIA
or ExpressCard
port that allows an expansion card with a FireWire port to be installed where the operating system supports plug and play. Systems with a Thunderbolt port may also be vulnerable.
IOMMU
and VT-d can be used to secure device and allow it using only part of memory and use virtual memory. It was developed mainly for using in virtualization, but can be also used from preventing DMA attack and other device malfunctions. This technique however isn't used in any systems for preventing DMA attack.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, a DMA
Direct memory access
Direct memory access is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit ....
attack is a type of side channel attack
Side channel attack
In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms...
whereby cryptographic keys can be stolen by an attacker who has physical access to an operating system.
Description
In modern operating systems, applications are obfuscated from the underlying physical memory, instead using virtual memoryVirtual memory
In computing, virtual memory is a memory management technique developed for multitasking kernels. This technique virtualizes a computer architecture's various forms of computer data storage , allowing a program to be designed as though there is only one kind of memory, "virtual" memory, which...
for their operations. In addition to allowing more efficient use of limited physical memory resources, this architecture forms an integral part of the security of an operating system.
The OHCI 1394
IEEE 1394 interface
The IEEE 1394 interface is a serial bus interface standard for high-speed communications and isochronous real-time data transfer, frequently used by personal computers, as well as in digital audio, digital video, automotive, and aeronautics applications. The interface is also known by the brand...
specification allows for devices for performance reasons to bypass the operating system and access physical memory directly without any security restrictions. SBP2
Serial Bus Protocol 2
Serial Bus Protocol 2 standard is a transport protocol within Serial Bus, IEEE Std 1394-1995 , developed by T10....
devices can be spoofed, allowing an operating system to be tricked into allowing an attacker to both read and write physical memory.
In addition to the nefarious uses mentioned above, there are some beneficial uses too as the DMA features can be used for kernel
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...
debugging
Debugger
A debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
purposes.
Systems may be vulnerable to a DMA attack by an external device if they have a FireWire
IEEE 1394 interface
The IEEE 1394 interface is a serial bus interface standard for high-speed communications and isochronous real-time data transfer, frequently used by personal computers, as well as in digital audio, digital video, automotive, and aeronautics applications. The interface is also known by the brand...
port, or if they have a PCMCIA
PC Card
In computing, PC Card is the form factor of a peripheral interface designed for laptop computers. The PC Card standard was defined and developed by the Personal Computer Memory Card International Association which itself was created by a number of computer industry companies in the United States...
or ExpressCard
ExpressCard
ExpressCard is an interface to allow peripheral devices to be connected to a computer, usually a laptop computer. Formerly called NEWCARD, the ExpressCard standard specifies the design of slots built into the computer and of cards which can be inserted into ExpressCard slots. The cards contain...
port that allows an expansion card with a FireWire port to be installed where the operating system supports plug and play. Systems with a Thunderbolt port may also be vulnerable.
IOMMU
IOMMU
In computing, an input/output memory management unit is a memory management unit that connects a DMA-capable I/O bus to the main memory...
and VT-d can be used to secure device and allow it using only part of memory and use virtual memory. It was developed mainly for using in virtualization, but can be also used from preventing DMA attack and other device malfunctions. This technique however isn't used in any systems for preventing DMA attack.