Skip to main content
SpringerLink
Log in

Block-Level Added Redundancy Explicit Authentication for Parallelized Encryption and Integrity Checking of Processor-Memory Transactions

  • Chapter
Transactions on Computational Science X

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 6340))

Abstract

The bus between the System on Chip (SoC) and the external memory is one of the weakest points of computer systems: an adversary can easily probe this bus in order to read private data (data confidentiality concern) or to inject data (data integrity concern). The conventional way to protect data against such attacks and to ensure data confidentiality and integrity is to implement two dedicated engines: one performing data encryption and another data authentication. This approach, while secure, prevents parallelizability of the underlying computations. In this paper, we introduce the concept of Block-Level Added Redundancy Explicit Authentication (BL-AREA) and we describe a Parallelized Encryption and Integrity Checking Engine (PE-ICE) based on this concept. BL-AREA and PE-ICE have been designed to provide an effective solution to ensure both security services while allowing for full parallelization on processor read and write operations and optimizing the hardware resources. Compared to standard encryption which ensures only confidentiality, we show that PE-ICE additionally guarantees code and data integrity for less than 4% of run-time performance overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kocher, P., Lee, R.B., McGraw, G., Raghunathan, A., Ravi, S.: Security as a New Dimension in Embedded System Design. In: Proceedings of the Design Automation Conference (DAC), pp. 753–760 (June 2004)

    Google Scholar 

  2. Ravi, S., Raghunathan, A., Chakradhar, S.: Tamper Resistance Mechanisms for Secure Embedded Systems. In: IEEE Intl. Conf. on VLSI Design (January 2004)

    Google Scholar 

  3. Alves, T., Felton, D.: Trustzone: Integrated hardware and software security, ARM white paper (July 2004)

    Google Scholar 

  4. Trusted Computing Group. TCG Specification Architecture Overview Revision 1.2 (April 2004), https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdf

  5. Huang, A.: Keeping secrets in hardware the microsoft xbox case study. MIT AI Memo (2002)

    Google Scholar 

  6. Smith, S.W., Weingart, S.H.: Building a High-Performance, Programmable Secure Coprocessor. Computer Networks (Special Issue on Computer Network Security) 31, 831–860 (1999)

    Google Scholar 

  7. Vaslin, R., Gogniat, G., Diguet, J.P., Wanderley Netto, E., Tessier, R., Burleson, W.P.: A security approach for off-chip memory in embedded microprocessor systems. Microprocessors and Microsystems - Embedded Hardware Design, 37–45 (2009)

    Google Scholar 

  8. Vaslin, R., Gogniat, G., Diguet, J.P., Tessier, R., Burleson, W.: High-efficiency protection solution for off-chip memory in embedded systems. In: ERSA 2007, pp. 117–123 (2007)

    Google Scholar 

  9. Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Proceedings of the 9th Int’l Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pp. 168–177 (November 2000)

    Google Scholar 

  10. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proceedings of the 17th Int’l Conference on Supercomputing (June 2003)

    Google Scholar 

  11. Suh, G.E.: AEGIS: A Single-Chip Secure Processor, PhD thesis, Massachusetts Institute of Technology (September 2005)

    Google Scholar 

  12. Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: Architecture for Protecting Critical Secrets in Microprocessors. In: Proceedings of the 32nd International Symposium on Computer Architecture (ISCA 2005), pp. 2–13 (June 2005)

    Google Scholar 

  13. Elbaz, R., Champagne, D., Gebotys, C.H., Lee, R.B., Potlapally, N.R., Torres, L.: Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines. Transactions on Computational Science 4, 1–22 (2009)

    Google Scholar 

  14. Yan, C., Rogers, B., Englender, D., Solihin, Y., Prvulovic, M.: Improving Cost, Performance, and Security of Memory Encryption and Authentication. In: Proc. of the International Symposium on Computer Architecture (2006)

    Google Scholar 

  15. Rogers, B., Chhabra, S., Solihin, Y., Prvulovic, M.: Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS– and Performance– Friendly. In: Proc. of the 40th IEEE/ACM Symposium on Microarchitecture, MICRO (2007)

    Google Scholar 

  16. Merkle, R.C.: Protocols for Public Key Cryptography. In: IEEE Symp. on Security and Privacy, pp. 122–134 (1980)

    Google Scholar 

  17. Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 95–109. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Duc, G., Keryell, R.: CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection. In: ACSAC 2006, pp. 483–492 (2006)

    Google Scholar 

  19. Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and Merkle Trees for Efficient Memory Integrity Verification. In: Proceedings of Ninth International Symposium on High Performance Computer Architecture (February 2003)

    Google Scholar 

  20. Elbaz, R.: Hardware Mechanisms for Secured Processor Memory Transactions in Embedded Systems, PhD Thesis, University of Montpellier -LIRMM (2006)

    Google Scholar 

  21. Elbaz, R., Champagne, D., Lee, R.B., Torres, L., Sassatelli, G., Guillemin, P.: TEC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 289–302. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  22. Lie, D., Thekkath, C., Horowitz, M.: Implementing an Untrusted Operating System on Trusted Hardware. In: Proc. of the 19th ACM Symposium on Operating Systems Principles (October 2003)

    Google Scholar 

  23. Lie, D.: Architectural Support for Copy and Tamper-Resistant Software, Ph.D Thesis, Stanford University (December 2003)

    Google Scholar 

  24. Yang, J., Gao, L., Zhang, Y.: Improving Memory Encryption Performance in Secure Processors. IEEE Transactions on Computers 54(5), 630–640 (2005)

    Article  Google Scholar 

  25. National Institute of Science and Technology (NIST), FIPS PUB 197: Advanced Encryption Standard (AES) (November 2001)

    Google Scholar 

  26. Daemen, J., Rijmen, V.: AES Proposal: Rijndael (March 1999), http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael-ammended.pdf

  27. http://www.arm.com/pdfs/ARM9E_flyer_063_4.pdf

  28. Hodjat, A., Hwang, D., Lai, B.C., Tiri, K., Verbauwhede, I.: A 3.84 gbits/s AES crypto coprocessor with modes of operation in a 0.18-μm CMOS technology. In: ACM Great Lakes Symposium on VLSI 2005, pp. 60–63 (2005)

    Google Scholar 

  29. http://www.arm.com/products/DevTools/MaxSim.html

  30. ARM PrimeCell MultiPort Memory Controller PL172 - Technical Reference Manual, http://www.nalanda.nitc.ac.in/industry/appnotes/arm/soc/DDI0215B_MPMC_PL172.pdf

  31. Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In: DAC 2006, pp. 506–509 (2006)

    Google Scholar 

  32. The Embedded Microprocessor Benchmark Consortium (EEMBC), http://www.eembc.org/

  33. http://www.arm.com/products/DevTools/MaxSim.html

  34. Shannon, C.: Communication theory of secrecy systems. Bell System Technical Journal 28 (1949)

    Google Scholar 

  35. C S R C (Computer Security Resource Center) - Modes of Operation at, http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/

  36. http://www.gaisler.com/

  37. Fruhwirth, C.: New Methods in Hard Disk Encryption. In: Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology (2005)

    Google Scholar 

  38. Kuhn, M.G.: Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP. IEEE Trans. Comput. 47, 1153–1157 (1998)

    Article  Google Scholar 

  39. Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Construction Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  40. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Book  Google Scholar 

  41. Mitchell, C.J.: Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 560–571. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  42. Hellström, H.: Propagating Cipher Feedback (2001), http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/pcfb/pcfb-spec.pdf

  43. Best, R.M.: Microprocessor for Executing Enciphered programs, U.S. Patent No. 4 168 396, September 18 (1979)

    Google Scholar 

  44. Best, R.M.: Crypto Microprocessor for Executing Enciphered Programs, U.S. Patent No. 4 278 837, July 14 (1981)

    Google Scholar 

  45. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  46. Elbaz, R., Daemen, J., Bertoni, G.: Data parallelized encryption and integrity checking method and device. Patent pending

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Intel Corporation, SeCoE, Security Center of Excellence, 2111 N.E. 25th Avenue, Hillsboro, OR, 97124, USA

    Reouven Elbaz

  2. LIRMM, CNRS, University of Montpellier, 161 rue Ada, 34392, Montpellier, France

    Lionel Torres & Gilles Sassatelli

  3. AST, Advanced System Technology, STMicroelectronics, Rousset, France

    Pierre Guillemin, Michel Bardouillet & Albert Martinez

Authors
  1. Reouven Elbaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lionel Torres
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gilles Sassatelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierre Guillemin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michel Bardouillet
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Albert Martinez
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Exascala Ltd., Unit 9, 97 Rickman Drive, B15 2AL, Birmingham, UK

    C. J. Kenneth Tan

  3. DCOMP/UFS - Federal University of Sergipe, Aracaju, SE, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A. (2010). Block-Level Added Redundancy Explicit Authentication for Parallelized Encryption and Integrity Checking of Processor-Memory Transactions. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science X. Lecture Notes in Computer Science, vol 6340. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17499-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17499-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17498-8

  • Online ISBN: 978-3-642-17499-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation