A security approach for off-chip memory in embedded microprocessor systems

This paper describes a complete off-chip memory security solution for embedded systems. Our security core is based on a one-time pad (OTP) encryption circuit and a CRC-based integrity checking module. These modules safeguard external memory used by embedded processors against a series of well-known attacks, including replay attacks, spoofing attacks and relocation attacks. Our implementation limits on-chip memory space overhead to less than 33% versus memory used by a standard microprocessor and reduces memory latency achieved by previous approaches by at least half. The performance loss for software execution with our solution is only 10% compared with a non-protected implementation. An FPGA prototype of our security core has been completed to validate our findings.

[1]  G. Edward Suh,et al.  Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions , 2005, ISCA 2005.

[2]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[3]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[4]  G. Edward Suh,et al.  Aegis: A Single-Chip Secure Processor , 2007, IEEE Design & Test of Computers.

[5]  Jun Yang,et al.  Fast secure processor for inhibiting software piracy and tampering , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[6]  G. Edward Suh,et al.  Efficient Memory Integrity Verification and Encryption for Secure Processors , 2003, MICRO.

[7]  Lionel Torres,et al.  A parallelized way to provide data encryption and integrity checking on a processor-memory bus , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[8]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[9]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[10]  Tom Martin,et al.  Mobile phones as computing devices: the viruses are coming! , 2004, IEEE Pervasive Computing.

[11]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[12]  Morris J. Dworkin,et al.  SP 800-38A 2001 edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[13]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[14]  Jun Yang,et al.  Fast Secure Processor for Inhibiting Software Piracy and Tampering , 2003, MICRO.

[15]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[16]  Tilman Wolf,et al.  Reconfigurable Security Support for Embedded Systems , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[17]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.