Skip to main content
Springer Nature Link
Log in

MAC Precomputation with Applications to Secure Memory

  • Conference paper
Information Security (ISC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Included in the following conference series:

Abstract

We present ShMAC (Shallow MAC), a fixed input length message authentication code that performs most of the computation prior to the availability of the message. Specifically, ShMAC’s message-dependent computation is much faster and smaller in hardware than the evaluation of a pseudorandom permutation (PRP), and can be implemented by a small shallow circuit, while its precomputation consists of one PRP evaluation.

A main building block for ShMAC is the notion of strong differential uniformity (SDU), which we introduce, and which may be of independent interest. We present an efficient SDU construction built from previously considered differentially uniform functions.

Our motivating application is a system where a hardware-secured processor uses memory controlled by an adversary. We present in technical detail a novel, more efficient approach to encrypting and authenticating memory and discuss the associated trade-offs, while paying special attention to minimizing hardware costs and the reduction of DRAM latency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Gonsalves, A.: Hackers report breaking Phone 2.0. InformationWeek (03.12.2008)

    Google Scholar 

  2. ARM: ARM advanced microcontroller bus architecture rev 2.0 (1999)

    Google Scholar 

  3. IBM: IBM 128-bit processor local bus version 4.7 (2007)

    Google Scholar 

  4. Nyberg, K.: Differentially uniform mappings for cryptography. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 55–64. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  5. Minematsu, K., Tsunoo, Y.: Provably secure MACs from differentially-uniform permutations and AES-based implementations. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 226–241. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. J. Comput. System Sci. 22, 265–279 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  7. Krawczyk, H., Bellare, M., Canetti, R.: RFC2104 - HMAC: Keyed-hashing for message authentication, http://www.faqs.org/rfcs/rfc2104.html

  8. Stinson, D.R.: Universal hashing and authentication codes. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 74–85. Springer, Heidelberg (1992)

    Google Scholar 

  9. Brassard, G.: On computationally secure authentication tags requiring short secret shared keys. In: Advances in Cryptology – CRYPTO 1982, pp. 79–86 (1982)

    Google Scholar 

  10. Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)

    Google Scholar 

  11. Weisstein, E.W.: Universal hash function. From MathWorld–a Wolfram web resource, http://mathworld.wolfram.com/UniversalHashFunction.html

  12. Jakimoski, G., Subbalakshmi, K.P.: On efficient message authentication via block cipher design techniques. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 232–248. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Trusted Computing Group: TCG Specification Architecture Overview. Revision 1 edn. (July 2007)

    Google Scholar 

  14. Chevallier-Mames, B., Naccache, D., Paillier, P., Pointcheval, D.: How to disembed a program? Cryptology ePrint Archive, Report 2004/138 (2004)

    Google Scholar 

  15. Lie, D., Thekkath, C.A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J.C., Horowitz, M.: Architectural support for copy and tamper resistant software. In: ASPLOS, pp. 168–177. ACM, New York (2000)

    Google Scholar 

  16. Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 95–109. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Suh, G.E.: AEGIS: A Single-Chip Secure Processor. PhD thesis, MIT (2005)

    Google Scholar 

  18. Suh, G., O’Donnell, C., Devadas, S.: Aegis: A single-chip secure processor. IEEE Design and Test of Computers 24(6), 570–580 (2007)

    Article  Google Scholar 

  19. Duc, G.: Cryptopage. Master’s thesis, ENST, Bretagne (June 2004)

    Google Scholar 

  20. Elbaz, R., Champagne, D., Lee, R.B., Torres, L., Sassatelli, G., Guillemin, P.: Tec-tree: A low-cost, parallelizable tree for efficient defense against memory replay attacks. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 289–302. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Gassend, B., Suh, G.E., Clarke, D., Dijk, M.V., Devadas, S.: Caches and hash trees for efficient memory integrity verification. In: 9th Intl. Symp. on High Performance Computer Architecture (2003)

    Google Scholar 

  22. Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: FOCS 1991, pp. 90–99 (1991)

    Google Scholar 

  23. Dwork, C., Naor, M., Rothblum, G.N., Vaikuntanathan, V.: How efficient can memory checking be? In: TCC 2009 (2009)

    Google Scholar 

  24. Vaslin, R., Gogniat, G., Netto, E.W., Tessier, R., Burleson, W.P.: Low latency solution for confidentiality and integrity checking in embedded systems with off-chip memory. In: ReCoSoC, pp. 146–153 (2007)

    Google Scholar 

  25. Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In: DAC 2006, pp. 506–509 (2006)

    Google Scholar 

  26. Garay, J., Kolesnikov, V., McLellan, R.: MAC precomputation with applications to secure memory. Cryptology ePrint Archive (2009)

    Google Scholar 

  27. Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive, Report 2004/309 (2004), http://eprint.iacr.org/

  28. Keliher, L., Sui, J.: Exact maximum expected differential and linear cryptanalysis for two-round Advanced Encryption Standard. IET Information Security 1(2), 53–57 (2007)

    Article  Google Scholar 

  29. Daemen, J., Rijmen, V.: Understanding two-round differentials in AES. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 78–94. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Daemen, J., Rijmen, V.: AES proposal: Rijndael, http://www.iaik.tugraz.at/Research/krypto/AES/

  31. Daemen, J.: Annex to AES proposal Rijndael. Chapter 5. Propagation and correlation, http://www.iaik.tugraz.at/Research/krypto/AES/

  32. Merkle, R.: Secrecy, authentication, and public key systems. PhD thesis, Stanford Univeristy (1979)

    Google Scholar 

  33. Hunt, G.D.H.: Secure processors for secure devices and secure end-to-end infrastructure, http://www.research.ibm.com/jam/secure-processors5-30-06.pdf

Download references

Author information

Authors and Affiliations

  1. AT&T Labs – Research, 180 Park Ave., Florham Park, NJ, 07932

    Juan Garay

  2. Bell Labs, 600 Mountain Ave., Murray Hill, NJ, 07974, USA

    Vladimir Kolesnikov & Rae McLellan

Authors
  1. Juan Garay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vladimir Kolesnikov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rae McLellan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy

    Pierangela Samarati

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy

    Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Garay, J., Kolesnikov, V., McLellan, R. (2009). MAC Precomputation with Applications to Secure Memory. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04474-8_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04473-1

  • Online ISBN: 978-3-642-04474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics