Dynamic encryption key design and management for memory data encryption in embedded systems

To effectively encrypt data memory contents of an embedded processor, multiple keys which are dynamically changed are necessary. However, the resources required to store and manage these keys on-chip (so that they are secure) can be extensive. This paper presents a design where each dynamic key is determined by a random number, a counter value, and a memory address, and is unique to the data in a memory location. The counter value, dedicated to a given memory location, controls the duration of the random number for the key associated with the location. The counter table and random number table are used for key storage. We reduce on-chip resources by customizing the counter table and allowing a pool of random numbers to be shared amongst the keys. The random numbers are dynamically updated during the application execution. We propose a key generation and management scheme such that the random number pool is extremely small (hence low memory consumption) yet sufficient for the uniqueness and randomness of each dynamic key. Experiments on a set of applications show that on average, large overhead (90% on chip area and 92% on power consumption) can be saved for a same security level, when compared to the state-of-the-art approach.

[1]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[2]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[3]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[4]  Abraham Bookstein,et al.  Cryptography: A new dimension in computer data security ? and ?. Wiley-Interscience, New York (1982). xxi + 775 pp., $43.95. ISBN 0471-04892-5. , 1985 .

[5]  Tang Ming . Wei Lian. Si Tuo Lin Si,et al.  Cryptography and Network Security - Principles and Practice , 2015 .

[6]  Ross Ihaka,et al.  Cryptographic Randomness from Air Turbulence in Disk Drives , 1994, CRYPTO.

[7]  G. Edward Suh,et al.  Efficient Memory Integrity Verification and Encryption for Secure Processors , 2003, MICRO.

[8]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[9]  Paul C. Kocher,et al.  The intel random number generator , 1999 .

[10]  Bhagirath Narahari,et al.  A compiler-hardware approach to software protection for embedded systems , 2009, Comput. Electr. Eng..

[11]  Helger Lipmaa,et al.  Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption , 2000 .

[12]  Jun Yang,et al.  Improving memory encryption performance in secure processors , 2005, IEEE Transactions on Computers.

[13]  Hsien-Hsin S. Lee,et al.  High Efficiency Counter Mode Security Architecture via Prediction and Precomputation , 2005, ISCA 2005.

[14]  Jean-Didier Legat,et al.  Enhancing security in the memory management unit , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[15]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[16]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[17]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.