Reouven Elbaz

Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines

Trusted computing platforms aim to provide trust in computations performed by sensitive applications. Verifying the integrity of memory contents is a crucial security service that these platforms must provide since an adversary able to corrupt the memory space can affect the computations performed by the platform. After a description of the active attacks that threaten memory integrity, this paper surveys existing cryptographic techniques --- namely integrity trees --- allowing for memory authentication. The strategies proposed in the literature for implementing such trees on general-purpose computing platforms are presented, along with their complexity. This paper also discusses the effect of a potentially compromised Operating System (OS) on computing platforms requiring memory authentication and describes an architecture recently proposed to provide this security service despite an untrusted OS. Existing techniques for memory authentication that are not based on trees are described and their performance/security trade-off is discussed. While this paper focuses on memory authentication for uniprocessor platforms, we also discuss the security issues that arise when considering data authentication in symmetric multiprocessor (shared memory) systems.

TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks

Replay attacks are often the most costly attacks to thwart when dealing with off-chip memory integrity. With a trusted System-on-Chip, the existing countermeasures against replay require a large amount of on-chip memory to provide tamper-proof storage for metadata such as hash values or nonces. Tree-based strategies can be deployed to reduce this unacceptable overhead; for example, the well-known Merkle tree technique decreases this overhead to a single hash value. However, it comes at the cost of performance-killing characteristics for embedded systems --- e.g. non-parallelizable hash computations on tree updates. In this paper, we propose an alternative solution: the Tamper-Evident Counter Tree (TEC-Tree). It allows for tamper-evident off-chip storage of the nonces involved in a replay countermeasure; TEC-Tree parallelizes the computations involved in both the authentication and tree update processes. Moreover, because our tree relies on block encryption, it provides data confidentiality at no extra cost. TEC-Tree is a deployable solution for memory integrity, with low performance hit and hardware cost.

Hardware Engines for Bus Encryption: A Survey of Existing Techniques

The widening spectrum of applications and services provided by portable and embedded devices brings a new dimension of concerns in security. Most of those embedded systems (pay-TV, PDAs, mobile phones, etc.) make use of external memory. As a result, the main problem is that data and instructions are constantly exchanged between memory (RAM) and CPU in clear form on the bus. This memory may contain confidential data like commercial software or private contents, which either the end-user or the content provider is willing to protect. The paper describes the problem of processor-memory bus communications in this regard and the existing techniques applied to secure the communication channel through encryption. Performance overheads implied by those solutions are discussed extensively.

Secure FPGA configuration architecture preventing system downgrade

In the context of FPGAs, system downgrade consists in preventing the update of the hardware configuration or in replaying an old bitstream. The objective can be to preclude a system designer from fixing security vulnerabilities in a design. Such an attack can be performed over a network when the FPGA-based system is remotely updated or on the bus between the configuration memory and the FPGA chip at power-up. Several security schemes providing encryption and integrity checking of the bitstream have been proposed in the literature. However, as we show in this paper, they do not detect the replay of old FPGA configurations; hence they provide adversaries with the opportunity to downgrade the system. We thus propose a new architecture that, in addition to ensuring bitstream confidentiality and integrity, precludes replay of old bitstreams. We show that the hardware cost of this architecture is negligible.

Efficient fault tolerant SHA-2 hash functions for space applications

Satellites are extensively used by public and private sectors to support a variety of services. Considering the cost and the strategic importance of these spacecrafts, it is fundamental to utilize strong cryptographic primitives to assure their security. However, it is of utmost importance to consider fault tolerance in their designs due to the harsh environment found in space, while keeping low area and power consumption. Therefore, this paper proposes novel fault tolerant schemes for the SHA-2 family of hash functions and analyzes their resistance to SEUs. Results obtained through FPGA implementation show that our best fault tolerant scheme for SHA-512 uses up to 32% less area and consumes up to 43% less power than the commonly used TMR technique. Moreover, its memory and registers are 435 and 175 times more resistant to SEUs than TMR. These results are crucial for supporting low area and low power fault tolerant cryptographic primitives in satellites.

The Reduced Address Space (RAS) for Application Memory Authentication

Memory authentication is the ability to detect unauthorized modification of memory. Existing solutions for memory authentication are based on tree structures computed over either the Physical Address Space (PAS tree) or the Virtual Address Space (VAS tree). We show that the PAS tree is vulnerable to branch splicingattacks when providing memory authentication to an application running on a potentially compromised operating system. We also explain why the VAS tree generates initialization and memory overheads so large as to make it impractical, especially on 64-bit address spaces. To enable secure and efficient application memory authentication, we present a novel Reduced Address Space(RAS) containing only those pages that are useful to a protected application at any point in time. We introduce the Tree Management Unit(TMU) to manage the RAS tree, a dynamically expanding memory integrity tree computed over the RAS. The TMU is scalable, enabling tree schemes to scale up to cover 64-bit address spaces. It dramatically reduces the overheads of application memory authentication without weakening the security properties or degrading runtime performance. For SPEC 2000 benchmarks, the TMU speeds up tree initialization and reduces memory overheads by three orders of magnitude on average.

SARFUM: Security Architecture for Remote FPGA Update and Monitoring

Remote update of hardware platforms or embedded systems is a convenient service enabled by Field Programmable Gate Array (FPGA)-based systems. This service is often essential in applications like space-based FPGA systems or set-top boxes. However, having the source of the update be remote from the FPGA system opens the door to a set of attacks that may challenge the confidentiality and integrity of the FPGA configuration, the bitstream. Existing schemes propose to encrypt and authenticate the bitstream to thwart these attacks. However, we show that they do not prevent the replay of old bitstream versions, and thus give adversaries an opportunity for downgrading the system. In this article, we propose a new architecture called sarfum that, in addition to ensuring bitstream confidentiality and integrity, precludes the replay of old bitstreams. sarfum also includes a protocol for the system designer to remotely monitor the running configuration of the FPGA. Following our presentation and analysis of the security protocols, we propose an example of implementation with the CCM (Counter with CBC-MAC) authenticated encryption standard. We also evaluate the impact of our architecture on the configuration time for different FPGA devices.

Forward-Secure Content Distribution to Reconfigurable Hardware

Confidentiality and integrity of bitstreams and authenticated update of FPGA configurations are fundamental to trusted computing on reconfigurable technology. In this paper, we propose to provide these security services for digital content broadcast to FPGA-based devices. To that end, we introduce a new property we call forward security, which ensures that broadcast content can only be accessed by FPGA chips configured with the latest bitstream version. We describe the hardware architecture and communication protocols supporting this security property, and we evaluate the associated cost.

Block-level added redundancy explicit authentication for parallelized encryption and integrity checking of processor-memory transactions

The bus between the System on Chip (SoC) and the external memory is one of the weakest points of computer systems: an adversary can easily probe this bus in order to read private data (data confidentiality concern) or to inject data (data integrity concern). The conventional way to protect data against such attacks and to ensure data confidentiality and integrity is to implement two dedicated engines: one performing data encryption and another data authentication. This approach, while secure, prevents parallelizability of the underlying computations. In this paper, we introduce the concept of Block-Level Added Redundancy Explicit Authentication (BL-AREA) and we describe a Parallelized Encryption and Integrity Checking Engine (PE-ICE) based on this concept. BL-AREA and PE-ICE have been designed to provide an effective solution to ensure both security services while allowing for full parallelization on processor read and write operations and optimizing the hardware resources. Compared to standard encryption which ensures only confidentiality, we show that PE-ICE additionally guarantees code and data integrity for less than 4% of run-time performance overhead.

Efficient Technique for the FPGA Implementation of the AES MixColumns Transformation

The advanced encryption standard, AES, is commonly used to provide several security services such as data confidentiality or authentication in embedded systems. However designing efficient hardware architectures with small hardware resource usage and short critical path delay is a challenge. In this paper, a new technique for the FPGA implementation of the MixColumns transformation, an important part of AES, is introduced. The proposed MixColumns architecture, targeting 4-input LUTs on an FPGA, uses up to 23% less hardware resources than previous research. Overall, incorporating the proposed technique along with block memories for the SubBytes transformation in the AES encryption reduces usage of hardware resources by up to 10% and 18% in terms of slices and LUTs, respectively. The improvement is obtained by more efficient resource sharing through expansion and rearrangement of the MixColumns equation with respect to the structure of FPGAs. This can be highly advantageous in an FPGA implementation of block cipher modes using AES in many secure embedded systems.