Configurable memory security in embedded systems

System security is an increasingly important design criterion for many embedded systems. These systems are often portable and more easily attacked than traditional desktop and server computing systems. Key requirements for system security include defenses against physical attacks and lightweight support in terms of area and power consumption. Our new approach to embedded system security focuses on the protection of application loading and secure application execution. During secure application loading, an encrypted application is transferred from on-board flash memory to external double data rate synchronous dynamic random access memory (DDR-SDRAM) via a microprocessor. Following application loading, the core-based security technique provides both confidentiality and authentication for data stored in a microprocessor's system memory. The benefits of our low overhead memory protection approaches are demonstrated using four applications implemented in a field-programmable gate array (FPGA) in an embedded system prototyping platform. Each application requires a collection of tasks with varying memory security requirements. The configurable security core implemented on-chip inside the FPGA with the microprocessor allows for different memory security policies for different application tasks. An average memory saving of 63% is achieved for the four applications versus a uniform security approach. The lightweight circuitry included to support application loading from flash memory adds about 10% FPGA area overhead to the processor-based system and main memory security hardware.

[1]  Jean J. Labrosse,et al.  MicroC/OS-II: The Real Time Kernel , 1998 .

[2]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[3]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[4]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[5]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[6]  TessierRussell,et al.  Configurable memory security in embedded systems , 2013 .

[7]  G. Edward Suh,et al.  Efficient Memory Integrity Verification and Encryption for Secure Processors , 2003, MICRO.

[8]  Johannes Winter,et al.  Secure Boot Revisited , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[9]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10]  Jean J. Labrosse MC/OS the Real-Time Kernel , 1992 .

[11]  Edward R. Dougherty,et al.  Hands-on Morphological Image Processing , 2003 .

[12]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[13]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[14]  A Foundation for Secure Mobile DRM Embedded Security , 2006 .

[15]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[16]  Russell Tessier,et al.  Memory security management for reconfigurable embedded systems , 2008, 2008 International Conference on Field-Programmable Technology.

[17]  Lionel Torres,et al.  A parallelized way to provide data encryption and integrity checking on a processor-memory bus , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[18]  G. Edward Suh,et al.  Design and implementation of the AEGIS single-chip secure processor using physical random functions , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[19]  Alex Orailoglu,et al.  Application specific non-volatile primary memory for embedded systems , 2008, CODES+ISSS '08.

[20]  Tim Güneysu,et al.  DSPs, BRAMs, and a Pinch of Logic: Extended Recipes for AES on FPGAs , 2010, TRETS.

[21]  M. Pasotti,et al.  An application specific embeddable flash memory system for non-volatile storage of code, data and bit-streams for embedded FPGA configurations , 2003, 2003 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.03CH37408).

[22]  Lionel Torres,et al.  Secure FPGA configuration architecture preventing system downgrade , 2008, 2008 International Conference on Field Programmable Logic and Applications.