| Recently, as the technologies, such as the wireless mobile communication and the internet of things, et al. rapidly develop, embedded systems have been widely applied in people's daily life. These devices not only provide various serves and experiences for users, but also store a lot of users'privacy information. Once the sensitive information in the embedded system is disclosed, it will lead to a great damage. As a result, the security of embedded devices gets more attention. In an embedded device, the embedded processor, linking all the peripherals, manages the data communication and processing. It is the core of the whole system. If a secure run-time mechanism is constructed in the embedded processor, the security of the embedded system will be effectively improved.However, the embedded processor design is limited by performance, cost and power consumption, which makes the prior schemes for desktop computer irrelevant for embedded systems. Thus, it is necessary and urgent to research and implement a new secure run-time mechanism for embedded processor. Two secure run-time mechanisms are designed for embedded processors to deal with the security threatens in terms of the data confidentiality and integrity, and the influences of different implementation structures on the functions, power consumption, and cost are studied as well. Moreover, these mechanisms are applied in the run-time and boot process of the embedded processor to improve the security of the embedded system. The work of this paper starts from the following five fields:Firstly, the security threatens from software, system and chip levels are analyzed. The malicious software attack, the system-level hardware attack, the chip-level invasion attack and the chip-level non-invasion attack are all discussed in detail. The characteristics of these attacks are carefully analyzed. The system-level hardware attack is summarized as the most common and most feasible attack that threats the embedded processor. Then, the secure design rules for the embedded processor are specified to repel this attack.An encryption mechanism of the embedded processor is studied under the secure design rules of the embedded processor. A new memory encryption cache (MEC) structure is proposed. By parallelizing the encryption and memory access operations, this novel structure improves the performance of the encryption. Meanwhile, it manages the key of each program according to the behaviour of the processor. By utilizing this reasonable key management, the MEC structure not only improves the encryption performance, but also minimizes the unnecessary overhead of the power. The security of the system is enhanced. The simulation result shows that the MEC obtains better performance the conventional encryption approach.In order to further evaluate the feasibility, the MEC is applied to a lightweight embedded processor for the wireless sensor network. Various structures of the encryption unit are evaluated to gain the optimal implementation of the MEC for the embedded processor to fulfill the requirements of performance, cost and power. After implementing the MEC, the power simulation further indicates that the MEC has lower power consumption, when the processor writes the data back. The MEC structure is fully appropriate to the embedded environment.On the other hand, the memory integrity verification for the embedded processor is studied. This paper proposes a multi-grained memory hash mechanism (MMH). The MMH is consists of multi-grained Merkle tree and hash cache. In order to optimize the performance the integrity tree in the embedded processor, the MGT hashes the nodes on low levels at a fine granularity; hash the nodes on upper level at a coarse granularity. In this way, the MGT minimized the miss penalty of the low-level nodes, and enhance the hit-rate of the upper-level nodes. Beside, a dedicated hash cache is designed to cache the MGT tree. By optimizing the algorithm-level and circuit-level designs, the MMH gains better performance, lower power consumption and lower initialization latency than the conventional memory authentication approach.Finally, a new fast secure boot mechanism (FSBM) is proposed by applying the MMH to the boot process of the embedded processor. Unlike the prior boot schemes, this new boot mechanism utilizes the MMHs of different granularities to accelerate the boot process, according to different steps. Besides, the FSBM divides the integrity tree into "hot section" and "cold section", based on hash objections, to improve the security of the boot process. It adopts different secure authentication approaches to protect these objections. In addition, the FSBM authenticates the user's information to prevent the internal damage from illegal users. The test of FPGA implementation shows that the FSBM has lower boot latency, and it is feasible to be integrated in the embedded processor.
|
PDF Full Text Request