SecCMP: Enhancing Critical Secrets Protection in Chip-Multiprocessors

Security has been considered as an important issue in processor design. Most of the existing designs of security handling assume the chip as a single secure unit. However, such assumption is vulnerable to exposure resulted from a central failure point. In this article, we propose a secure Chip-Multiprocessor architecture (SecCMP) to handle security related problems such as key protection and core authentication in multi-core systems. Matching the nature of multi-core systems, a distributed threshold secret sharing scheme is employed to protect critical secrets. A critical secret (e.g., encryption key) is divided into multiple shares and distributed among multiple cores instead of being kept a single copy in one core that is sensitive to exposure. The proposed SecCMP can not only enhance the security and fault-tolerance in secret protection but also support core authentication. SecCMP is designed to be an efficient and secure architecture for CMPs.

[1]  Jun Yang,et al.  Fast Secure Processor for Inhibiting Software Piracy and Tampering , 2003, MICRO.

[2]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[3]  H.-H.S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[4]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  H.-H.S. Lee,et al.  An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors , 2006, ISCA 2006.

[8]  Hsien-Hsin S. Lee,et al.  High efficiency counter mode security architecture via prediction and precomputation , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[9]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[10]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[11]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[12]  Lein Harn,et al.  A Generalized Secret Sharing Scheme With Cheater Detection , 1991, ASIACRYPT.

[13]  Marek Chrobak,et al.  A low-cost memory remapping scheme for address bus protection , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[14]  Hsien-Hsin S. Lee,et al.  An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[15]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[16]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[17]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[18]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[19]  Ruby B. Lee,et al.  Architecture for protecting critical secrets in microprocessors , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[20]  Brian Rogers,et al.  Efficient data protection for distributed shared memory multiprocessors , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[21]  Li Yang,et al.  SecCMP: a secure chip-multiprocessor architecture , 2006, ASID '06.