Research On Off-chip Memory Encryption And Integrity Protection

With the extensive application of embedded systems, security issues of embeddedsystems gradually attract people’s attention. In particular, security issues of off-chipmemory are one of the most important security issues in embedded system and cannot beignored. Especially in the System on Chip (SOC), the attacker can easily tamper or theftthe sensitive data in the off-chip memory by monitoring the bus between the SOC chipand off-chip memory. It will obviously result in information leaks, which is a big threat tothe security of embedded systems. There are many existing related findings about off-chipmemory security. A classical way to address the off-chip memory security issues is to adda security protection module between the microprocessor and the external memory.However, adding the extra security hardware brings overheads in system performance,memory cost and the SOC area.This paper first in-depth analyzes the security threat of embedded system, especiallythe threat model considered for off-chip memory authentication. Then, we analyze theoff-chip memory security strategy. To ensure the security of off-chip memory, it needs toprotect the data confidentiality and integrity of off-chip memory simultaneously. We alsointroduce the existing approaches of protecting data confidentiality and integrityrespectively. In this article we propose a novel architecture for off-chip memoryencryption and integrity protection based on Advanced Encryption Standard-Galois/Counter Mode (AES-GCM). The idea relies on a novel dual-layer encryption anddecryption mechanism with one layer in charge of data encryption or decryption and theother layer dedicated for encryption or decryption of the tags generated by the dataencryption/decryption layer. Our approach provides data confidentiality and integrityauthentication at the same time and can safeguard against a series of well-known attacks,including replay attacks, spoofing attacks. With the coordination of the dual-layerencryption and decryption mechanism, we can effectively reduce the on-chip storageoverhead to7.81%with little performance penalty and a high security level.We implemented the off-chip memory encryption and integrity protection mechanismin hardware, put it in the LEON3processor system and construct a functional simulation platform. Simulation results show that the function of our off-chip memory encryption andintegrity protection mechanism is correct. It achieves the purpose of protecting theoff-chip memory security by giving an alarm signal when detecting malicious attacksagainst off-chip memory.