Abstract
The bus between the System on Chip (SoC) and the external memory is one of the weakest points of computer systems: an adversary can easily probe this bus in order to read private data (data confidentiality concern) or to inject data (data integrity concern). The conventional way to protect data against such attacks and to ensure data confidentiality and integrity is to implement two dedicated engines: one performing data encryption and another data authentication. This approach, while secure, prevents parallelizability of the underlying computations. In this paper, we introduce the concept of Block-Level Added Redundancy Explicit Authentication (BL-AREA) and we describe a Parallelized Encryption and Integrity Checking Engine (PE-ICE) based on this concept. BL-AREA and PE-ICE have been designed to provide an effective solution to ensure both security services while allowing for full parallelization on processor read and write operations and optimizing the hardware resources. Compared to standard encryption which ensures only confidentiality, we show that PE-ICE additionally guarantees code and data integrity for less than 4% of run-time performance overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kocher, P., Lee, R.B., McGraw, G., Raghunathan, A., Ravi, S.: Security as a New Dimension in Embedded System Design. In: Proceedings of the Design Automation Conference (DAC), pp. 753–760 (June 2004)
Ravi, S., Raghunathan, A., Chakradhar, S.: Tamper Resistance Mechanisms for Secure Embedded Systems. In: IEEE Intl. Conf. on VLSI Design (January 2004)
Alves, T., Felton, D.: Trustzone: Integrated hardware and software security, ARM white paper (July 2004)
Trusted Computing Group. TCG Specification Architecture Overview Revision 1.2 (April 2004), https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdf
Huang, A.: Keeping secrets in hardware the microsoft xbox case study. MIT AI Memo (2002)
Smith, S.W., Weingart, S.H.: Building a High-Performance, Programmable Secure Coprocessor. Computer Networks (Special Issue on Computer Network Security) 31, 831–860 (1999)
Vaslin, R., Gogniat, G., Diguet, J.P., Wanderley Netto, E., Tessier, R., Burleson, W.P.: A security approach for off-chip memory in embedded microprocessor systems. Microprocessors and Microsystems - Embedded Hardware Design, 37–45 (2009)
Vaslin, R., Gogniat, G., Diguet, J.P., Tessier, R., Burleson, W.: High-efficiency protection solution for off-chip memory in embedded systems. In: ERSA 2007, pp. 117–123 (2007)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Proceedings of the 9th Int’l Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pp. 168–177 (November 2000)
Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proceedings of the 17th Int’l Conference on Supercomputing (June 2003)
Suh, G.E.: AEGIS: A Single-Chip Secure Processor, PhD thesis, Massachusetts Institute of Technology (September 2005)
Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: Architecture for Protecting Critical Secrets in Microprocessors. In: Proceedings of the 32nd International Symposium on Computer Architecture (ISCA 2005), pp. 2–13 (June 2005)
Elbaz, R., Champagne, D., Gebotys, C.H., Lee, R.B., Potlapally, N.R., Torres, L.: Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines. Transactions on Computational Science 4, 1–22 (2009)
Yan, C., Rogers, B., Englender, D., Solihin, Y., Prvulovic, M.: Improving Cost, Performance, and Security of Memory Encryption and Authentication. In: Proc. of the International Symposium on Computer Architecture (2006)
Rogers, B., Chhabra, S., Solihin, Y., Prvulovic, M.: Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS– and Performance– Friendly. In: Proc. of the 40th IEEE/ACM Symposium on Microarchitecture, MICRO (2007)
Merkle, R.C.: Protocols for Public Key Cryptography. In: IEEE Symp. on Security and Privacy, pp. 122–134 (1980)
Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 95–109. Springer, Heidelberg (2006)
Duc, G., Keryell, R.: CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection. In: ACSAC 2006, pp. 483–492 (2006)
Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and Merkle Trees for Efficient Memory Integrity Verification. In: Proceedings of Ninth International Symposium on High Performance Computer Architecture (February 2003)
Elbaz, R.: Hardware Mechanisms for Secured Processor Memory Transactions in Embedded Systems, PhD Thesis, University of Montpellier -LIRMM (2006)
Elbaz, R., Champagne, D., Lee, R.B., Torres, L., Sassatelli, G., Guillemin, P.: TEC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 289–302. Springer, Heidelberg (2007)
Lie, D., Thekkath, C., Horowitz, M.: Implementing an Untrusted Operating System on Trusted Hardware. In: Proc. of the 19th ACM Symposium on Operating Systems Principles (October 2003)
Lie, D.: Architectural Support for Copy and Tamper-Resistant Software, Ph.D Thesis, Stanford University (December 2003)
Yang, J., Gao, L., Zhang, Y.: Improving Memory Encryption Performance in Secure Processors. IEEE Transactions on Computers 54(5), 630–640 (2005)
National Institute of Science and Technology (NIST), FIPS PUB 197: Advanced Encryption Standard (AES) (November 2001)
Daemen, J., Rijmen, V.: AES Proposal: Rijndael (March 1999), http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael-ammended.pdf
Hodjat, A., Hwang, D., Lai, B.C., Tiri, K., Verbauwhede, I.: A 3.84 gbits/s AES crypto coprocessor with modes of operation in a 0.18-μm CMOS technology. In: ACM Great Lakes Symposium on VLSI 2005, pp. 60–63 (2005)
ARM PrimeCell MultiPort Memory Controller PL172 - Technical Reference Manual, http://www.nalanda.nitc.ac.in/industry/appnotes/arm/soc/DDI0215B_MPMC_PL172.pdf
Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In: DAC 2006, pp. 506–509 (2006)
The Embedded Microprocessor Benchmark Consortium (EEMBC), http://www.eembc.org/
Shannon, C.: Communication theory of secrecy systems. Bell System Technical Journal 28 (1949)
C S R C (Computer Security Resource Center) - Modes of Operation at, http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/
Fruhwirth, C.: New Methods in Hard Disk Encryption. In: Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology (2005)
Kuhn, M.G.: Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP. IEEE Trans. Comput. 47, 1153–1157 (1998)
Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Construction Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Mitchell, C.J.: Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 560–571. Springer, Heidelberg (2005)
Hellström, H.: Propagating Cipher Feedback (2001), http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/pcfb/pcfb-spec.pdf
Best, R.M.: Microprocessor for Executing Enciphered programs, U.S. Patent No. 4 168 396, September 18 (1979)
Best, R.M.: Crypto Microprocessor for Executing Enciphered Programs, U.S. Patent No. 4 278 837, July 14 (1981)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Elbaz, R., Daemen, J., Bertoni, G.: Data parallelized encryption and integrity checking method and device. Patent pending
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A. (2010). Block-Level Added Redundancy Explicit Authentication for Parallelized Encryption and Integrity Checking of Processor-Memory Transactions. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science X. Lecture Notes in Computer Science, vol 6340. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17499-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-17499-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17498-8
Online ISBN: 978-3-642-17499-5
eBook Packages: Computer ScienceComputer Science (R0)