Abstract
Trusted computing platforms aim to provide trust in computations performed by sensitive applications. Verifying the integrity of memory contents is a crucial security service that these platforms must provide since an adversary able to corrupt the memory space can affect the computations performed by the platform. After a description of the active attacks that threaten memory integrity, this paper surveys existing cryptographic techniques – namely integrity trees – allowing for memory authentication. The strategies proposed in the literature for implementing such trees on general-purpose computing platforms are presented, along with their complexity. This paper also discusses the effect of a potentially compromised Operating System (OS) on computing platforms requiring memory authentication and describes an architecture recently proposed to provide this security service despite an untrusted OS. Existing techniques for memory authentication that are not based on trees are described and their performance/security trade-off is discussed. While this paper focuses on memory authentication for uniprocessor platforms, we also discuss the security issues that arise when considering data authentication in symmetric multiprocessor (shared memory) systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Int’l. Conf. on Architectural Support for Programming Languages and OS (ASPLOS-IX), pp. 168–177 (2000)
Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proc. of the 17th Int’l. Conf. on Supercomputing (ICS) (2003)
Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: Architecture for Protecting Critical Secrets in Microprocessors. In: Int’l. Symp. on Computer Architecture (ISCA-32), pp. 2–13 (June 2005)
IBM Extends Enhanced Data Security to Consumer Electronics Products, IBM (April 2006), http://www-03.ibm.com/press/us/en/pressrelease/19527.wss
Kuhn, M.G.: Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP. IEEE Trans. Comput. 47, 1153–1157 (1998)
Merkle, R.C.: Protocols for Public Key Cryptography. In: IEEE Symp. on Security and Privacy, pp. 122–134 (1980)
Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 95–109. Springer, Heidelberg (2006)
Elbaz, R., Champagne, D., Lee, R.B., Torres, L., Sassatelli, G., Guillemin, P.: EC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks. In: Cryptographic Hardware and embedded systems (CHES), pp. 289–302 (2007)
Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and Merkle Trees for Efficient Memory Integrity Verification. In: Proceedings of Ninth International Symposium on High Performance Computer Architecture (February 2003)
Suh, G.E.: AEGIS: A Single-Chip Secure Processor, PhD thesis, Massachusetts Institute of Technology (September 2005)
Yan, C., Rogers, B., Englender, D., Solihin, Y., Prvulovic, M.: Improving Cost, Performance, and Security of Memory Encryption and Authentication. In: Proc. of the International Symposium on Computer Architecture (2006)
Rogers, B., Chhabra, S., Solihin, Y., Prvulovic, M.: Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS– and Performance– Friendly. In: Proc. of the 40th IEEE/ACM Symposium on Microarchitecture (MICRO) (December 2007)
Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A Parallelized Way to Provide Data Encryption and Integrity Checking on a Processor-Memory Bus. In: Proceedings of the 43rd Design Automation Conference DAC (July 2006)
Elbaz, R.: Hardware Mechanisms for Secured Processor Memory Transactions in Embedded Systems, PhD Thesis, University of Montpellier (December 2006)
Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: Proc. 32nd IEEE Symposium on Foundations of Computer Science, pp. 90–99 (1991)
National Institute of Science and Technology (NIST), FIPS PUB 180-2: Secure Hash Standard (August 2002)
NIST Special Publication SP800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (November 2007)
Zhang, Y., Gao, L., Yang, J., Zhang, X., Gupta, R.: SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors. In: Proc. of the 11th International Symposium on High-Performance Computer Architecture (2005)
Shi, W., Lee, H.-H., Ghosh, M., Lu, C.: Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems. In: Proc. of the 13th International Conference on Parallel Architectures and Compilation Techniques (2004)
Champagne, D., Elbaz, R., Lee, R.B.: The Reduced Address Space (RAS) for Application Memory Authentication. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 47–63. Springer, Heidelberg (2008)
Fruhwirth, C.: New Methods in Hard Disk Encryption, Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology (2005)
Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: Proceedings of the 36th Annual International Symposium on Microarchitecture (MICRO 36), San Diego, CA, pp. 339–350 (December 2003)
Clarke, D., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Incremental multiset hash functions and their application to memory integrity checking. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 188–207. Springer, Heidelberg (2003)
Duc, G., Keryell, R.: CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol. 4186, pp. 483–492. Springer, Heidelberg (2006)
Rogers, B., Prvulovic, M., Solihin, Y.: Effective Data Protection for Distributed Shared Memory Multiprocessors. In: Proc. of International Conference of Parallel Architecture and Compilation Techniques (PACT) (September 2006)
Lee, M., Ahn, M., Kim, E.J.: I2SEMS: Interconnects-Independent Security Enhanced Shared Memory Multiprocessor Systems. In: Malyshkin, V.E. (ed.) PaCT 2007. LNCS, vol. 4671, pp. 94–103. Springer, Heidelberg (2007)
Rogers, B., Yan, C., Chhabra, S., Prvulovic, M., Solihin, Y.: Single-Level Integrity and Confidentiality Protection for Distributed Shared Memory Multiprocessors. In: Proc. of the 14th International Symposium on High Performance Computer Architecture (HPCA) (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Elbaz, R., Champagne, D., Gebotys, C., Lee, R.B., Potlapally, N., Torres, L. (2009). Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science IV. Lecture Notes in Computer Science, vol 5430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01004-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-01004-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01003-3
Online ISBN: 978-3-642-01004-0
eBook Packages: Computer ScienceComputer Science (R0)