Added Redundancy Explicit Authentication at the Block Level for Parallelized Encryption and Integrity Checking on Processor-Memory Buses

Abstract : The bus between the System on Chip (SoC) and the external memory is one of the weakest points of computing systems because an adversary can easily probe this bus in order to read private data, to retrieve software code (data confidentiality concern) or to inject data (data integrity concern). The conventional way to provide data confidentiality and integrity is to implement a dedicated hardware engine for each security service. Being secured, this approach prevents parallelizability of the underlying computations. In this paper, we introduce the concept of Added Redundancy Explicit Authentication (AREA) at the block level and we describe a Parallelized Encryption and Integrity Checking Engine (PE-ICE) based on this concept. PE-ICE has been designed to provide an effective solution to ensure both security services while allowing for full parallelization on processor read and write operations and optimizing the hardware resources. Compared to standard encryption which provides only confidentiality, we show that PE-ICE additionally guarantees code and data integrity for less than 4% of run-time performance overhead and at no additional hardware cost.
Type de document :
Autre publication
2007
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00171028
Contributeur : Isabelle Gouat <>
Soumis le : mardi 11 septembre 2007 - 12:00:15
Dernière modification le : jeudi 11 janvier 2018 - 06:27:19
Document(s) archivé(s) le : vendredi 9 avril 2010 - 01:53:51

Identifiants

  • HAL Id : lirmm-00171028, version 1

Collections

Citation

Reouven Elbaz, Lionel Torres, Gilles Sassatelli. Added Redundancy Explicit Authentication at the Block Level for Parallelized Encryption and Integrity Checking on Processor-Memory Buses. 2007. 〈lirmm-00171028〉

Partager

Métriques

Consultations de la notice

192

Téléchargements de fichiers

387