Ronan Keryell

CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection

Several secure computing hardware architectures using memory encryption and memory integrity checkers have been proposed during the past few years to provide applications with a tamper resistant environment. Some solutions, such as Hide, have also been proposed to solve the problem of information leakage on the address bus. We propose the CryptoPage architecture which implements memory encryption, memory integrity protection checking and information leakage protection together with a low performance penalty (3% slowdown on average) by combining the counter mode of operation, local authentication values and Merkle trees

CryptoPage : Support matériel pour cryptoprocessus

Computers are widely used and interconnected but are not as secure as we could expect. For example, a secure execution cannot even be achieved or proved against a software (the system administrator) or hardware attacker (a logical analyzer on the computer buses). In this article a strong cryptography-based architecture with an operating system support is presented to reach such security levels without reducing the performance. A cache line cipher and a memory verifier based on MERKLE tree hash function is added to the internal cache in order to resist to various attacks and even replay attacks. Then the impact on the operating system and some applications are described.

Building Secure Resources to Ensure Safe Computations in Distributed and Potentially Corrupted Environments

Security and fault-tolerance is a major issue for intensive parallel computing in pervasive environments with hardware errors or malicious acts that may alter the result. In [1,2] is presented a novel, robust and secure architecture able to offer intensive parallel computing in environments where resources may be corrupted. Some efficient result-checking mechanisms are used to certify the results of an execution. The architecture is based on a limited number of safe resources that host the checkpoint server (used to store the graph) and the verifiers able to securely re-execute piece of tasks in a trusted way. This article focus on the effective construction of strongly secured resources. Our approach combine both software and hardware components to cover the full spectrum of security constraints. The proposed computing platform is validated over a medical application and some experimental results are presented.

Improving virus protection with an efficient secure architecture with memory encryption, integrity and information leakage protection

Malicious software and other attacks are a major concern in the computing ecosystem and there is a need to go beyond the answers based on untrusted software. Trusted and secure computing can add a new hardware dimension to software protection. Several secure computing hardware architectures using memory encryption and memory integrity checkers have been proposed during the past few years to provide applications with a tamper resistant environment. Some solutions, such as HIDE, have also been proposed to solve the problem of information leakage on the address bus. We propose the CRYPTOPAGE architecture which implements memory encryption, memory integrity protection checking and information leakage protection together with a low performance penalty (3% slowdown on average) by combining the Counter Mode of operation, local authentication values and MERKLE trees. It has also several other security features such as attestation, secure storage for applications and program identification. We present some applications of the CRYPTOPAGE architecture in the computer virology field as a proof of concept of improving security in presence of viruses compared to software only solutions.

CryptoPage. Une architecture efficace combinant chiffrement, intégrité mémoire et protection contre les fuites d'informations permettant du calcul distribué sr.

Several secure computing hardware architectures using memory encryption and memory integrity checkers have been proposed during the past few years to provide applications with a tamper resistant environment. Some solutions, such as HIDE, have also been proposed to solve the problem of information leakage on the address bus. We propose the CRYPTOPAGE architecture which implements memory encryption, memory integrity protection checking and information leakage protection together with a low performance penalty (3% slowdown on average) by combining the Counter Mode of operation, local authentication values and Merkle trees.