Associate professor in electrical and computer engineering leads $600K NSF research grant
Published: Sep 4, 2024 11:25 AM
By Joe McAdory
Sensitive information stored on computational devices is often eradicated before hardware is discarded. However, that doesn’t mean it isn’t accessible.
A 2022 study, “Beware of Discarding Used SRAMs: Information is Stored Permanently,” demonstrated that data can be recovered from static random-access memory chips, potentially enabling adversaries to recover sensitive information. Building on this research, Ujjwal Guin, the Godbold Associate Professor in the Department of Electrical and Computer Engineering, is exploring means that will identify unexpected vulnerabilities from used SRAM, and his colleague Biswajit Ray from Colorado State University, will develop novel sanitization methods for permanently erasing these types of memories.
Guin is principal investigator on the collaborative research proposal, “Exploring Security Risks Arising from SRAM Data Remanence and Evaluating Innovative Sanitization Techniques,” which earned a three-year, $600,000 award for both universities from the National Science Foundation, effective Oct. 1.
Research emphasis will be placed on real-world scenarios where attackers could exploit these vulnerabilities to gain unauthorized access, manipulate sensitive data, or launch other malicious activities.
“The memory on that laptop you tossed away might appear clean, but the next time the device is activated, it powers up with what appears to be garbage information,” Guin said. “However, that information is not truly garbage. What you're observing is a residual imprint of data that was previously stored in an SRAM.”
Original data can be retrieved from the imprint, putting organizations and private citizens at risk.
“Anybody can be an adversary and want this information for a variety of purposes,” Guin said. “Perhaps it’s a business competitor, or on a larger scale, another country. Some of the desired information can be related to the intellectual property or personal data.”
SRAMs, like other volatile memories, lose their stored data once the power is turned off. This is a key characteristic that distinguishes volatile memory from non-volatile memory, such as flash memory or hard drives, which retain data even after the power is removed. Storing data in SRAMs can give a false sense of security, as people might overlook the risk of adversaries accessing it, underestimating that the data will be erased when the power is turned off.
SRAMs typically reside inside a device’s processor and cannot be taken out, unlike DRAMs, flash memory or hard drives.
Guin’s research is the first exploration into how data can be retrieved from used and discarded SRAM chips extracted from discarded devices. He found that the data on these chips is permanent, highlighting the need for thorough data erasure to prevent unauthorized access.
“There are two aspects in the computer security domain,” Guin said. “One aspect is that the user knows the computer design is vulnerable and can begin building solutions to secure applications. The second aspect is that the user is not aware of these vulnerabilities and fails to act. That’s what my first part of the proposal is about.”
Other than physically destroying memory, the research aims to explore alternative, cost-effective data sanitization techniques tailored for SRAM memories — including the use of high-energy radiation, specifically X-ray, — then experimentally assess the effectiveness and resilience of these techniques against resourceful malicious data recovery efforts across a range of operating conditions.
“Our research will locate vulnerabilities, provide solutions to resolve those vulnerabilities, and furnish added protection,” Guin said. “We look forward to making a positive impact and protecting sensitive information from falling into the wrong hands.”
Media Contact: , jem0040@auburn.edu, 334.844.3447Ujjwal Guin uses an Advantest T2000 ATE for research. The platform adopts a module architecture and can be flexibly reconfigured by rearranging the necessary functional modules according to the application.