Verify Memory Integrity Basing on Hash Tree and MAC Combined Approach

This paper presents a hardware scheme to realize memory integrity verification. Firstly, this paper introduces the general situation of related works; then, brings forward an approach basing on hash tree and MAC combined way to provide memory integrity. This approach integrates the checking principle of hash tree with the authentication ability of MAC, and utilizes their advantages. MAC is used to decrease the space needing to be protected by hash tree. Hash tree is optimized through hot-access-window method, which can reduce the cost of checking process effectively. This paper elaborates how to realize such a hardware memory integrity verification mechanism, also gives some test results. Analysis and experimental simulation show that this approach can provide available memory integrity protection, with significantly good performance.

[1]  G. Edward Suh,et al.  Offline Integrity Checking of Untrusted Storage , 2003 .

[2]  G. Edward Suh,et al.  Caches and Merkle Trees for Efficient Memory Authentication , 2002 .

[3]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[4]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[5]  Dennis Shasha,et al.  Don't trust your file server , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[6]  Fujita Tomonori,et al.  Protecting the integrity of an entire file system , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..