Fangyong Hou

Novel Physically-Embedded Data Encryption for Embedded Device

Data encryption is the most important way to provide security in hostile environment. Nearly all of the existing data encryption techniques require a lot of arithmetic and logical computations, which makes their deployment in embedded devices very difficult. To realize firm data encryption without much computation, a novel scheme of physically-embedded data encryption is proposed in this paper. The physically-embedded data encryption extracts the unique and unclonable values that are possessed by the physical device intrinsically, and produces the secret from these values to accomplish the process of data encryption. Because it does not execute arithmetic and logical operations, it is very appropriate to embedded devices with restricted computing resources and computing abilities. At the same time, it provides high assurance of data protection due to the distinct properties of physical effects. One specific design of physically-embedded data encryption is given in this paper, and real physical instantiation of such design is tested. The experiment results show its validity and feasibility. Hence, the proposed physically-embedded data encryption should become a promising substitution of existing encryption techniques for embedded devices.

Secure Disk with Authenticated Encryption and IV Verification

To protect hard disk data confidentiality and integrity, AEIVV associates one unique IV with each disk sector; then, it applies authenticated encryption of AES-CCM to the protected sector and constructs hash tree upon IV storage. Through assuring IV to be trusted or un-tampered, data can be protected firmly. To make it an available way for disk protection, various optimizing measures are applied to quicken the running speed. With the emphasis of reducing extra latencies caused by protection, IV/MAC storage is allocated using interlaced layout to decrease seek time of disk I/O, IV checking penalty is reduced by buffering the frequently used hash tree nodes and IV/MAC values. Related approaches are elaborated, as well as experimental results. It shows that AEIVV is a practical and available way to build secure disk.

Incremental hash tree for disk authentication

Hash tree is a secure way to authenticate stored data. However, it is difficult to maintain a consistent state between the authentication result and data, which is necessary for permanent data storage of disk. Incremental node updating is proposed to solve such problem, it synchronizes data modification and authentication result with low cost. The reason is that the path from leaf node to root node of the tree can be very short, and each step on the path can be finished quickly as no sibling nodes are required. Thus, it greatly reduce additional disk I/O for authentication synchronization. Together with a low cost logging mechanism implemented by NVRAM, system can make fast recovery to still keep the required consistency after any failures. Related approach is elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way for mass data storage authentication.

Performance and Consistency Improvements of Hash Tree Based Disk Storage Protection

Hash tree based disk storage integrity protection suffers from performance penalty and possible losing of consistency. FI-Tree deploys a fixed-structure tree and applies incremental-hash to tree node updating to solve the difficulties of performance and consistency. The biggest advantage of FI-Tree comes from that: to allow tree nodes to be cached to optimize performance, it can maintain consistency between the tree and the protected data with low cost at the same time. Basing on FI-Tree, TNSD constructs an instance of secure disk. TNSD associates one nonce with each data block to be protected, and applies FI-Tree to ensure the nonce to be un-tampered. In such way, data protection can be fulfilled with resistance against any attacks. Related approaches are elaborated, as well as testing results. Theoretical analysis and experimental simulation show that it is a practical and available way to build secure disk.

Architecture Support for Memory Confidentiality and Integrity in Embedded Systems

CPU or SoC in the embedded system is considered the ‘‘trusted root,’’ and all the other components are unauthentic. Secure engine (SE) is a component in CPU or SoC, whose duty is to provide data encryption and authentication when they go through SE. A novel and efficient SE is proposed in this abstract. It adopts OTP encryption and GCM as working mode when processing cryptographic issues. Each block is assigned a counter which is stored in memory. When the block is replaced out from the cache, its counter is added 1. For example, the ith block is indicated as blocki and its counter counteri. Blocki is divided into for sub-blocks. Using this counter, each block generates a unique seed as address||counter||EIV. By this seed, SE computes pad as Ekey(address||counter||EIV), where ‘‘key’’ indicates the system key which is a system-wide secret. Then, GCM mode will simultaneously output the encrypted block and its MAC. These methods will help to vault the system performance greatly, according to our simulation. Besides the basic architecture, we propose a counter cache structure to SE and an accelerated MAC verification to enhance the system efficiency. Counter cache adopts the locality feature of memory to expedite counter reading. The accelerated MAC helps each block to store its corresponding MAC value in a parallel MAC memory which hides MAC read latency by overlapping by main memory latency.

Bus and memory protection through chain-generated and tree-verified IV for multiprocessors systems

Protecting information against malicious disclosure and tampering is crucial to secure/trusted computing. This paper proposes a method to protect the off-chip data in symmetric shared memory multiprocessors systems. Existing techniques have flaws in either security or performance, which are mainly due to their management of cipher parameter and their deployment of hash tree. The proposed method provides data encryption and authentication through constructing a pair of (data, MAC, IV) for each data block to be protected, which can ensure data unbroken so far as the cryptographic parameter of IV is un-tampered. To solve the problem of IV management, IV is generated through chaining all the history data transferred on the system bus in time sequence; to solve the problem of hash tree deployment, it restricts hash tree into MCH and forwards IV to the processor through a safe channel. As for security, it can resist any attacks, including the intractable message-drop attack on bus and replay attack on memory. As for performance, it connects bus protection with memory protection smoothly by removing any additional data re-encryption/re-authentication from the data path, and it also eliminates additional message traffic caused by synchronizing a hash tree authentication result among processors. The experiment simulations inspect its specific realization, and the performance results show that it is an efficient way to achieve data protection for a shared memory multiprocessor system.

Static, Dynamic and Incremental MAC Combined Approach for Storage Integrity Protection

Storage systems are more distributed and more subject to attacks. One basic security requirement is to authenticate the stored data. This paper describes SDI-MAC, a static, dynamic and incremental MAC combined approach to guarantee end-to-end data integrity to clients in distributed data storage environment. SDI-MAC associates two different integrity codes to different granularities of the stored data, applies incremental conversion between the two different kinds of integrity codes, and enhances the ability of MAC based data authentication to resist against replay attack. At last, SDI-MAC can make balance among performance, cost and security. Related approach and system implementation are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to realize data authentication of network storage system.

Efficient Authenticated Encryption for Hybrid Hard Drives Based on GCM

Hybrid hard drives (HHD) are coming up with potential high viability in mobile computing. Its quite necessary to put forward an efficient secure scheme for hybrid hard drives. NAND Flash of HHD is made full use as a container and a buffer for metadata. We propose an efficient combined scheme based on Galois/Counter Mode (GCM) to protect hard disk data by authenticated encryption, and build a secure architecture for HHD. Our results show that we not only protect the disk data by authenticated encryption, but also gain high performance. According to the simulation results, for the best of our methods, the performance overhead is less than 18%, which is efficient and acceptable practically.

Inter-Chip Authentication through I/O Character

Providing resistance against hardware attacks is important to ensure trusted or secure computing. Approach of inter-chip authentication is proposed, which can be applied to detect malicious tamper to chips/components equipped on the circuit board. The proposed approach is to utilize the I/O physical timing characters to obtain a specified fingerprint for each specified chip on the board, and to check the validity of the chip by matching its fingerprint for later usage. To obtain the required fingerprint, an inner sampling logic is set after the I/O pins to get the timing characters reflected on the lines connected between the master chip and the slave chip to be verified. From the sampling result, the physical character associated with the slave chip is extracted and compared with the valid one. Because tampers will influence the physical character to distort the fingerprint, it has the abilities to detect tamper behaviors like chip replacement and faked signal injection. A logic analyzer and 8051-MCU based evaluation system is constructed. The test result shows that it can effectively identify the valid chip from the faked ones. Hence, the proposed approach can be deployed into the circuit board to protect the chips equipped on the board against hardware attacks.

Board-level authentication through I/O fingerprinter

Providing resistance against hardware attacks is important to ensure computing security. A board-level authentication mechanism can be used to detect tampers to the components of the circuit board. The proposed board-level authentication approach is to utilize the I/O timing characters to obtain a specified fingerprint for each specified component on the board, and to check the validity of the component by matching the fingerprint for later usage. Such fingerprint is extracted from the sampling results between the sampling pulses and the I/O pins data. The proposed approach can be easily built into common chips, because it doesnt need complicated cryptographical logics and it also doesnt need high speed sampling clock circuit. A FPGA based evaluation system is constructed and real 8051-MCU chips are tested. The tested result shows that it can effectively identifies the valid chip from the faked ones. Hence, the proposed approach can be deployed into the circuit board to protect the components equipped on the board against hardware attacks.