Research And Design Of Security Mechanism For Off-chip Memory Data Protection

With the development of mobile Internet technology, people are using more and more embedded devices for sensitive information interaction. However, the off-chip DRAM memory of embedded systems which carrying sensitive data is vulnerable to threats such as frozen or bus snooping attacks. Data confidentiality and integrity are two aspects of memory protection, confidentiality ensures that the attacker can not steal sensitive data, integrity ensures that the system can detect any modification or destruction of memory data. Moreover, memory protection scheme for embedded systems also need a compromise between security, performance loss, memory overhead and hardware resources cost. Therefore, the study of off-chip memory data confidentiality and integrity protection mechanisms is of great significance.This paper firstly analyzes the principles and characteristics of the system level hardware attack model for off-chip memory and a variety of data confidentiality and integrity protection technology. Then we have proposed an efficient off-chip memory protection mechanism based on GCM(Galois/Counter Mode of Advanced Encryption Standard). In our proposal, GCM hardware engine is running and dynamically switching between two modes, one mode for protecting data and programs(DP mode), the other mode for protecting the integrity of the cryptographic parameter of IV(Initialization Vector) used in DP mode(IV mode). It can efficiently resist various physical attacks and provide data confidentiality and integrity protection for off-chip memory of embedded systems, it's on-chip memory overhead is about 1.56%, and the security is 2-61. In order to minimize on-chip memory overhead, we also combine the principle of GCM algorithm and the PAT(Parallelizable Authentication Tree), and present a more complex integrity checking tree structure called PGAT(Parallelizable GMAC Authentication Tree), which is suitable for large-capacity memory protection.In order to quantify the hardware resources cost, we implemented our memory protection scheme on the Altera FPGA, and constructed a SOPC system based on NIOS II soft-core processor. In order to quantify the performance loss, we conducted a simulation based on SimpleScalar architecture simulator. The simulation results show that the average performance loss is about 9.1%, and the performance of PGAT is higher than the standard Merkle Tree.