Albert Martinez

A parallelized way to provide data encryption and integrity checking on a processor-memory bus

This paper describes a novel engine, called PE-ICE (parallelized encryption and integrity checking engine), enabling to guarantee confidentiality and integrity of data exchanged between a SoC (system on chip) and its external memory. The PE-ICE approach is based on an existing block-encryption algorithm to which the integrity checking capability is added. Simulation results show that the performance overhead of PE-ICE remains low (below 4%) compared to block-encryption-only systems (which provide data confidentiality only)

Block-level added redundancy explicit authentication for parallelized encryption and integrity checking of processor-memory transactions

The bus between the System on Chip (SoC) and the external memory is one of the weakest points of computer systems: an adversary can easily probe this bus in order to read private data (data confidentiality concern) or to inject data (data integrity concern). The conventional way to protect data against such attacks and to ensure data confidentiality and integrity is to implement two dedicated engines: one performing data encryption and another data authentication. This approach, while secure, prevents parallelizability of the underlying computations. In this paper, we introduce the concept of Block-Level Added Redundancy Explicit Authentication (BL-AREA) and we describe a Parallelized Encryption and Integrity Checking Engine (PE-ICE) based on this concept. BL-AREA and PE-ICE have been designed to provide an effective solution to ensure both security services while allowing for full parallelization on processor read and write operations and optimizing the hardware resources. Compared to standard encryption which ensures only confidentiality, we show that PE-ICE additionally guarantees code and data integrity for less than 4% of run-time performance overhead.

IP-XACT Extensions for Cryptographic IP

This chapter aims at explaining the implementation of security attributes in the IP-XACT (IEEE1685) standard. First, the state of the art usage of IP-XACT in the current design flow of industry will be introduced. In a second part, considering the stakes of security domain in System-on-Chip, we will demonstrate how IP-XACT improves the design flow. Finally we will detail the extensions of the IP-XACT standard that allow the coverage of security aspects in System-on-Chip design.