WO2008059480A1 - Systems and methiods for protection of data integrity of updatable data against unauthorized modification - Google Patents
Systems and methiods for protection of data integrity of updatable data against unauthorized modification Download PDFInfo
- Publication number
- WO2008059480A1 WO2008059480A1 PCT/IL2007/001357 IL2007001357W WO2008059480A1 WO 2008059480 A1 WO2008059480 A1 WO 2008059480A1 IL 2007001357 W IL2007001357 W IL 2007001357W WO 2008059480 A1 WO2008059480 A1 WO 2008059480A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- copy
- transformed
- storage
- transforming
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Definitions
- the present invention relates to systems for protecting data integrity of updatable data against unauthorized modification.
- Data integrity is a well-known requirement for digital storage systems.
- One of the known risks to data integrity is the unauthorized modification of updatable data in storage devices.
- the prior art uses two main methods for protecting the integrity of such data:
- redundant storage i.e. storage of more than one copy of the data
- redundant storage i.e. storage of more than one copy of the data
- redundant storage does not protect the data against truncation to a fixed value that, if applied to both copies of the data, creates a seemingly valid result
- hashed or encrypted storage while being strong enough to detect the changes in data, requires intensive and frequent calculations and may overload the computer when frequent changes to the data are made.
- the term “redundant storage” is used herein to refer to the storage of more than one copy of the same data for the purpose of data security.
- the term “internal-process storage” is used herein to refer to data storage that is internal to a processing system, meaning that there is no direct access control to the reading and writing of data.
- an attacker must apply “remote” means to attack the data.
- Such remote typically attack large areas of the storage, and cannot deterministically change the data at the bit or byte level.
- the term “external-process storage” is used herein to refer to data storage that is external to a processing system, meaning that there is direct access control to the reading and writing of data.
- data integrity is used herein to refer to a condition that exists when stored data is unchanged from the source data of the stored data, and has not been accidentally or maliciously modified, altered, or destroyed.
- updatable data is used herein to refer to stored data that has to be updated while a device is operating.
- fault attack is used herein to refer to an abnormal condition or defect at a component, equipment, or sub-system level, which may lead to a failure, improper functioning, or a change in the data.
- non-deterministic fault attack is used herein to refer to a fault attack wherein an attacker is able to make only random changes to the system or its sub-system.
- limited fault attack is used herein to refer to a fault attack wherein an attacker is limited to making only some specific changes. For example, the attacker cannot specifically set each data value; however, the attacker can force all bits to zero-logic or one-logic values.
- transform comparator transform-comparing
- transform- compare refers to an operation between an original copy and transformed copies of the same data in which the respective values of the copies are compared either by applying the transformation to the original copy, or by applying an inverse transformation to the transformed copies.
- digest is used herein to refer to a unique cryptographic value calculated from data.
- secret key is used herein to refer to a digital key used for data encryption and/or scrambling.
- An essential feature of the present invention is an innovative improvement of the redundant-storage method that overcomes the two deficiencies of the prior art mentioned above.
- Methods of the present invention are similar to the prior art in the sense that the updatable data is kept in redundant copies. However, methods of the present invention maintain a predetermined distinction between the redundant copies. Such a distinction prevents attacks such as the ones mentioned above.
- at least one of the two data copies of the redundant storage is deterministically modified to contain different data values than the other data copy. For example, by performing a XOR logic operation on each byte of the data with the previous byte, starting with the second byte of the data. Such an operation creates a modified version of the data that can be easily checked against the original version by performing the same operation on the original version and comparing the two versions of the data.
- the present invention can also be implemented effectively when many independent and relatively-small portions of data have to be protected. Such a situation is typical for temporal software variables (e.g. memory allocated for a stack of data segments). In such a case, simple non-invertible functions can be applied to the data. Such functions are insurmountable by an attacker. For example:
- Data Copy Data XOR (Data 2 OR C) mod 2 n ; wherein n is the number of bits in a CPU word, and C is a constant.
- the squaring operation is a non-linear operation, and therefore the data copy number will differ from the original number in most of the bits.
- At least one of the two data copies is scrambled with a secret key, so that the attacker cannot create two valid data copies of the updatable information. Any change in one of the data copies is detected by decrypting the encrypted data copy, or encrypting the original data copy, and comparing the two data copies.
- a software variable and its copy are stored in RAM. The copy is modified using a simple transformation such as:
- a storage system for protecting data integrity of updatable data including: (a) a storage memory having program code, wherein the program code is configured: (i) to be executed on a processor operationally connected to a storage device; (ii) to store a data copy of the data in the storage device; (iii) to transform the data copy into at least one transformed copy of the data upon storing the data copy; (iv) to store at least one transformed copy in the storage device; (v) to read the data copy and at least one transformed copy upon a request to read the data; (vi) to transform-compare the data copy and at least one transformed copy; and (vii) to designate the data integrity of the data as verified contingent upon the data copy and at least one transformed copy being identical.
- the transforming includes transforming using an invertible or a non-invertible function.
- the function is linear or non-linear.
- the transforming includes transforming using a secret key.
- the transforming includes scrambling the data copy.
- the transforming includes scrambling external-process storage data for protection against unauthorized reading.
- Figure 1 is a schematic block diagram of the components involved in a datastorage process utilizing the redundant-storage method, according to preferred embodiments of the present invention
- Figure 2 is a schematic block diagram of the components involved in a data- retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention
- Figure 3 is a simplified flowchart of the data-storage process utilizing the redundant-storage method, according to preferred embodiments of the present invention
- Figure 4 is a simplified flowchart of the data-retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention.
- FIG. 1 is a schematic block diagram of the components involved in a data-storage process utilizing the redundant-storage method, according to preferred embodiments of the present invention.
- Original data 10 stored in a storage memory 12 is modified by a CPU/special HW 14 using a transformation function 16 (labeled F(x) in Figure 1), such as performing a XOR logic operation on subsequent bytes, and transformed data 18 (labeled F(Data) in Figure 1) is stored in storage memory 12.
- a transformation function 16 labeled F(x) in Figure 1
- F(Data) transformed data 18
- CPU/special HW 14 is designated as such to include specially-embedded hardware as well as standard CPU processors in preferred embodiments of the present invention. It is noted that transformation function 16 includes scrambling, which is simple form of encryption. While scrambling algorithms are not as strong as other encryption algorithms, and can be easily broken, scrambling algorithms have the advantages of being very small and easily implemented.
- FIG. 2 is a schematic block diagram of the components involved in a data- retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention.
- An inverse-transformation function 20 (labeled F " *(x) in Figure 2), such as performing a XOR logic operation on subsequent bytes in a reverse order, is applied by CPU/special HW 14 to transformed data 18.
- Inversely- transformed data 22 (labeled F 4 (Data) in Figure 2) is compared with original data 10 via a transform comparator 24. If the two inputs (i.e. original data 10 and transformed data 22) to comparator 24 are identical, the data integrity is verified to be intact. Otherwise, a fault is detected.
- FIG. 3 is a simplified flowchart of the data-storage process utilizing the redundant-storage method, according to preferred embodiments of the present invention.
- Original data 10 is transformed by transformation function 16 into transformed data 18 (Step 30). Then, transformed data 18 is stored in storage memory
- FIG 4 is a simplified flowchart of the data-retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention.
- Transformed data 18 is inversely-transformed by inverse-transformation function 20 into inversely-transformed data 22 (Step 34).
- Inversely-transformed data 22 is compared with original data 10 via transform comparator 24 (Step 36).
- the two data copies i.e. inversely-transformed data 22 and original data 10) are checked whether they are identical or not (Step 38). If the two data copies are identical, the data integrity is verified to be intact (Step 40). If the two data copies are not identical, a fault is detected (Step 42).
- components of embedded secure systems include a secure chipset and an external non- volatile area, which is used for storage of program code and data.
- the chipset usually includes a secure internal-process area and a special logical domain where secure data is accessible.
- the secure data is stored in a portion of the memory that is defined as a part of such a secure internal-process area.
- Such a secure internal-process area is usually protected using hardware or software/firmware protection mechanisms (or combinations thereof).
- the secure chipset has restricted resources, and only limited resources for the storage of secure data. As a result, the main part of the secure data has to be stored externally to the chipset in non-volatile external-process memory.
- non-volatile external-process memory can be accessed by an attacker, and data can be replaced using malicious code. Therefore, the data that is stored in the chipset (i.e. in the secure internal-process area) and in the non- volatile external-process memory has to be protected against unauthorized changes. Examples of the data that has to be protected include:
- temporal software variables that are stored in a stack (1) temporal software variables that are stored in a stack; (2) initialization software values (e.g. constant data);
- An obvious protection method is to maintain a duplicate data copy, and compare the two sets of data before use. Such a method is not effective for the storage of data inside the chipset, and has weaknesses (e.g. potential security holes) when used for data storage in the chipset. As the values of the two data copies are written in the same way, it is possible to generate similar faults in multiple chipset areas.
- the present invention proposes a new method for the protection of the data when an attacker has limited ability to modify data. For example, an attacker can make only random changes in the data, or can set the data only to globally-specific values like all zero-logic or all one-logic.
- An essential aspect of the method is to store the first data copy in its original form and the second data copy in a transformed form using a special function.
- the function can be linear or non-linear (e.g. LFSR and T- function).
- the purpose of the transformation is to have a modified data copy in order to thwart the attacker's ability to generate the same fault twice.
- each data copy is different, and yet still not invertible by the attacker.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses systems for protecting data integrity of updatable data against unauthorized modification. A storage system for protecting data integrity of updatable data, the system including: a storage memory having program code, wherein the program code is configured: to be executed on a processor operationally connected to a storage device; to store a data copy of the data in the storage device; to transform the data copy into at least one transformed copy of the data upon storing the data copy; to store at least one transformed copy in the storage device; to read the data copy and at least one transformed copy upon a request to read the data; to transform-compare the data copy and at least one transformed copy; and to designate the data integrity of the data as verified contingent upon the data copy and at least one transformed copy being identical.
Description
SYSTEMS AND METHODS FOR PROTECTION OF DATA INTEGRITY OF UPDATABLE DATA AGAINST UNAUTHORIZED MODIFICATION
FIELD AND BACKGROUND OF THE INVENTION The present invention relates to systems for protecting data integrity of updatable data against unauthorized modification.
Data integrity is a well-known requirement for digital storage systems. One of the known risks to data integrity is the unauthorized modification of updatable data in storage devices. The prior art uses two main methods for protecting the integrity of such data:
(1) redundant storage (i.e. storage of more than one copy of the data), used against non-deterministic and limited fault attacks in which an attacker can cause a random or partial change in the stored data; and
(2) encrypted storage, used against deterministic fault attacks in which an attacker is able to set new values for the stored data.
These prior art methods suffer from deficiencies and limitations in which:
(a) redundant storage does not protect the data against truncation to a fixed value that, if applied to both copies of the data, creates a seemingly valid result; and (b) hashed or encrypted storage, while being strong enough to detect the changes in data, requires intensive and frequent calculations and may overload the computer when frequent changes to the data are made.
Both methods mentioned above do not take advantage of the fact that internal- process storage (i.e. data storage that is internal to a processing system) is typically a "victim" of only limited fault attacks.
It would be desirable to have systems for protecting the integrity of updatable data in internal-process storage devices without suffering from the abovementioned prior-art deficiencies and limitations.
SUMMARY OF THE INVENTION
It is the purpose of the present invention to provide systems for protecting data integrity of updatable data against unauthorized modification.
For the purpose of clarity, several terms which follow are specifically defined for use herein. The term "redundant storage" is used herein to refer to the storage of more than one copy of the same data for the purpose of data security. The term "internal-process storage" is used herein to refer to data storage that is internal to a processing system, meaning that there is no direct access control to the reading and writing of data. For such storage, an attacker must apply "remote" means to attack the data. Such remote means typically attack large areas of the storage, and cannot deterministically change the data at the bit or byte level. Conversely, the term "external-process storage" is used herein to refer to data storage that is external to a processing system, meaning that there is direct access control to the reading and writing of data.
The term "data integrity" is used herein to refer to a condition that exists when stored data is unchanged from the source data of the stored data, and has not been
accidentally or maliciously modified, altered, or destroyed. The term "updatable data" is used herein to refer to stored data that has to be updated while a device is operating.
The term "fault attack" is used herein to refer to an abnormal condition or defect at a component, equipment, or sub-system level, which may lead to a failure, improper functioning, or a change in the data. The term "non-deterministic fault attack" is used herein to refer to a fault attack wherein an attacker is able to make only random changes to the system or its sub-system. The term "limited fault attack" is used herein to refer to a fault attack wherein an attacker is limited to making only some specific changes. For example, the attacker cannot specifically set each data value; however, the attacker can force all bits to zero-logic or one-logic values.
The terms "transform comparator", "transform-comparing", and "transform- compare" are used herein to refer to an operation between an original copy and transformed copies of the same data in which the respective values of the copies are compared either by applying the transformation to the original copy, or by applying an inverse transformation to the transformed copies. The term "digest" is used herein to refer to a unique cryptographic value calculated from data. The term "secret key" is used herein to refer to a digital key used for data encryption and/or scrambling.
An essential feature of the present invention is an innovative improvement of the redundant-storage method that overcomes the two deficiencies of the prior art mentioned above. Methods of the present invention are similar to the prior art in the sense that the updatable data is kept in redundant copies. However, methods of the present invention maintain a predetermined distinction between the redundant copies. Such a distinction prevents attacks such as the ones mentioned above.
In a preferred embodiment of the present invention, at least one of the two data copies of the redundant storage is deterministically modified to contain different data values than the other data copy. For example, by performing a XOR logic operation on each byte of the data with the previous byte, starting with the second byte of the data. Such an operation creates a modified version of the data that can be easily checked against the original version by performing the same operation on the original version and comparing the two versions of the data.
The present invention can also be implemented effectively when many independent and relatively-small portions of data have to be protected. Such a situation is typical for temporal software variables (e.g. memory allocated for a stack of data segments). In such a case, simple non-invertible functions can be applied to the data. Such functions are insurmountable by an attacker. For example:
Data Copy = Data XOR (Data2 OR C) mod 2n; wherein n is the number of bits in a CPU word, and C is a constant. The squaring operation is a non-linear operation, and therefore the data copy number will differ from the original number in most of the bits.
In another preferred embodiment of the present invention, at least one of the two data copies is scrambled with a secret key, so that the attacker cannot create two valid data copies of the updatable information. Any change in one of the data copies is detected by decrypting the encrypted data copy, or encrypting the original data copy, and comparing the two data copies. For example, a software variable and its copy are stored in RAM. The copy is modified using a simple transformation such as:
Copy = Rotate left 5 bit (Data XOR C); wherein C is a secret key.
Further explanations of the present invention can be found in the Appendix.
Therefore, according to the present invention, there is provided for the first time a storage system for protecting data integrity of updatable data, the system including: (a) a storage memory having program code, wherein the program code is configured: (i) to be executed on a processor operationally connected to a storage device; (ii) to store a data copy of the data in the storage device; (iii) to transform the data copy into at least one transformed copy of the data upon storing the data copy; (iv) to store at least one transformed copy in the storage device; (v) to read the data copy and at least one transformed copy upon a request to read the data; (vi) to transform-compare the data copy and at least one transformed copy; and (vii) to designate the data integrity of the data as verified contingent upon the data copy and at least one transformed copy being identical.
Preferably and alternatively, the transforming includes transforming using an invertible or a non-invertible function.
Most preferably and alternatively, the function is linear or non-linear. Preferably, the transforming includes transforming using a secret key.
Preferably, the transforming includes scrambling the data copy. Preferably, the transforming includes scrambling external-process storage data for protection against unauthorized reading.
These and further embodiments will be apparent from the detailed description and examples that follow.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
Figure 1 is a schematic block diagram of the components involved in a datastorage process utilizing the redundant-storage method, according to preferred embodiments of the present invention;
Figure 2 is a schematic block diagram of the components involved in a data- retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention;
Figure 3 is a simplified flowchart of the data-storage process utilizing the redundant-storage method, according to preferred embodiments of the present invention; Figure 4 is a simplified flowchart of the data-retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention relates to systems for protecting data integrity of updatable data against unauthorized modification. The principles and operation for protecting data integrity of updatable data against unauthorized modification, according to the present invention, may be better understood with reference to the accompanying description and the drawings. Referring now to the drawings, Figure 1 is a schematic block diagram of the components involved in a data-storage process utilizing the redundant-storage method, according to preferred embodiments of the present invention. Original data 10, stored in a storage memory 12, is modified by a CPU/special HW 14 using a transformation function 16 (labeled F(x) in Figure 1), such as performing a XOR logic
operation on subsequent bytes, and transformed data 18 (labeled F(Data) in Figure 1) is stored in storage memory 12.
CPU/special HW 14 is designated as such to include specially-embedded hardware as well as standard CPU processors in preferred embodiments of the the present invention. It is noted that transformation function 16 includes scrambling, which is simple form of encryption. While scrambling algorithms are not as strong as other encryption algorithms, and can be easily broken, scrambling algorithms have the advantages of being very small and easily implemented.
Figure 2 is a schematic block diagram of the components involved in a data- retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present invention. An inverse-transformation function 20 (labeled F"*(x) in Figure 2), such as performing a XOR logic operation on subsequent bytes in a reverse order, is applied by CPU/special HW 14 to transformed data 18. Inversely- transformed data 22 (labeled F4(Data) in Figure 2) is compared with original data 10 via a transform comparator 24. If the two inputs (i.e. original data 10 and transformed data 22) to comparator 24 are identical, the data integrity is verified to be intact. Otherwise, a fault is detected.
Figure 3 is a simplified flowchart of the data-storage process utilizing the redundant-storage method, according to preferred embodiments of the present invention. Original data 10 is transformed by transformation function 16 into transformed data 18 (Step 30). Then, transformed data 18 is stored in storage memory
12 (Step 32).
Figure 4 is a simplified flowchart of the data-retrieval process utilizing the redundant-storage method, according to preferred embodiments of the present
invention. Transformed data 18 is inversely-transformed by inverse-transformation function 20 into inversely-transformed data 22 (Step 34). Inversely-transformed data 22 is compared with original data 10 via transform comparator 24 (Step 36). The two data copies (i.e. inversely-transformed data 22 and original data 10) are checked whether they are identical or not (Step 38). If the two data copies are identical, the data integrity is verified to be intact (Step 40). If the two data copies are not identical, a fault is detected (Step 42).
While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications, and other applications of the invention may be made.
APPENDIX: ADDITIONAL EXPLANATION OF THE PRESENT INVENTION
Typically, components of embedded secure systems include a secure chipset and an external non- volatile area, which is used for storage of program code and data. The chipset usually includes a secure internal-process area and a special logical domain where secure data is accessible. The secure data is stored in a portion of the memory that is defined as a part of such a secure internal-process area. Such a secure internal-process area is usually protected using hardware or software/firmware protection mechanisms (or combinations thereof). Typically, the secure chipset has restricted resources, and only limited resources for the storage of secure data. As a result, the main part of the secure data has to be stored externally to the chipset in non-volatile external-process memory. Frequently, such non-volatile external-process memory can be accessed by an attacker, and data can be replaced using malicious code. Therefore, the data that is
stored in the chipset (i.e. in the secure internal-process area) and in the non- volatile external-process memory has to be protected against unauthorized changes. Examples of the data that has to be protected include:
(1) temporal software variables that are stored in a stack; (2) initialization software values (e.g. constant data);
(3) software flags;
(4) secure application data (e.g. counters); and
(5) other internal application data, stored inside the secure internal-process area, that is utilized outside the secure internal-process area as well. A wide range of attacks can be launched on the system. When data is stored in the chipset in internal registers, the attacker may try to cause a fault using a known technique (e.g. by attacking the registers using a laser beam, electron beam, or any other invasive technique).
An obvious protection method is to maintain a duplicate data copy, and compare the two sets of data before use. Such a method is not effective for the storage of data inside the chipset, and has weaknesses (e.g. potential security holes) when used for data storage in the chipset. As the values of the two data copies are written in the same way, it is possible to generate similar faults in multiple chipset areas.
It also ineffective to sign (i.e. to calculate the digest for) stored data because it is not effective to recalculate the signature of a variable each time the variable is updated. Keeping a separate digest for each data part is not effective because of the restrictions on memory in a secure zone.
The present invention proposes a new method for the protection of the data when an attacker has limited ability to modify data. For example, an attacker can
make only random changes in the data, or can set the data only to globally-specific values like all zero-logic or all one-logic. An essential aspect of the method is to store the first data copy in its original form and the second data copy in a transformed form using a special function. The function can be linear or non-linear (e.g. LFSR and T- function).
For the internal-process storage of data, it is enough to store simple invertible functions because the assumption is that an attacker does not have full access to the chipset internals (e.g. chipset HW, RAM, ROM, and non-volatile memory), and is only able to make limited faults. In such a case, the purpose of the transformation is to have a modified data copy in order to thwart the attacker's ability to generate the same fault twice.
It is also possible to store several data copies to improve the detection capabilities and also possibly for data recovery. In such a case, additional memory is required for the storage of the multiple, encrypted data copies. In order to disable the attacker's ability to copy one data copy to another, the transformation function is slightly modified for each data copy. For example:
Data Copyl = F(Data), Data Copy2 = F(Data+l), Data Copy3 = F(Data+2).
With such an encryption scheme, each data copy is different, and yet still not invertible by the attacker.
Claims
1. A storage system for protecting data integrity of updatable data, the system comprising:
(a) a storage memory having program code, wherein said program code is configured: (i) to be executed on a processor operationally connected to a storage device;
(ii) to store a data copy of the data in said storage device; (iii) to transform said data copy into at least one transformed copy of the data upon storing said data copy; (iv) to store said at least one transformed copy in said storage device; (v) to read said data copy and said at least one transformed copy upon a request to read the data; (vi) to transform-compare said data copy and said at least one transformed copy; and (vii) to designate the data integrity of the data as verified contingent upon said data copy and said at least one transformed copy being identical.
2. The system of claim 1, wherein said transforming includes transforming using an invertible function.
3. The system of claim 2, wherein said function is linear.
4. The system of claim 2, wherein said function is non-linear.
5. The system of claim 1, wherein said transforming includes transforming using a non-invertible function.
6. The system of claim 1, wherein said transforming includes transforming using a secret key.
7. The system of claim I5 wherein said transforming includes scrambling said data copy.
8. The system of claim I5 wherein said transforming includes scrambling external-process storage data for protection against unauthorized reading.
9. A method for protecting data integrity of updatable data in a storage system, the method comprising the steps of:
(a) storing a data copy of the data in the storage system;
(b) upon storing said data copy, transforming said data copy into at least one transformed copy of the data;
(c) storing said at least one transformed copy in the storage system;
(d) upon a request to read the data, reading said data copy and said at least one transformed copy;
(e) transform-comparing said data copy and said at least one transformed copy; and (f) designating the data integrity of the data as verified contingent upon said data copy and said at least one transformed copy being identical.
10. The method of claim 9, wherein said step of transforming includes transforming using an invertible function.
11. The method of claim 10, wherein said function is linear.
12. The method of claim 10, wherein said function is non-linear.
13. The method of claim 9, wherein said step of transforming includes transforming using a non-invertible function.
14. The method of claim 9, wherein said step of transforming includes transforming using a secret key.
15. The method of claim 9, wherein said step of transforming includes scrambling said data copy.
16. The method of claim 9, wherein said step of transforming includes scrambling external-process storage data to protect against unauthorized reading.
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US86607306P | 2006-11-16 | 2006-11-16 | |
US60/866,073 | 2006-11-16 | ||
US83754307A | 2007-08-13 | 2007-08-13 | |
US11/837,544 US20080120481A1 (en) | 2006-11-16 | 2007-08-13 | Methods For Protection Of Data Integrity Of Updatable Data Against Unauthorized Modification |
US11/837,544 | 2007-08-13 | ||
US11/837,543 | 2007-08-13 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008059480A1 true WO2008059480A1 (en) | 2008-05-22 |
WO2008059480B1 WO2008059480B1 (en) | 2008-07-03 |
Family
ID=39111763
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IL2007/001357 WO2008059480A1 (en) | 2006-11-16 | 2007-11-07 | Systems and methiods for protection of data integrity of updatable data against unauthorized modification |
Country Status (2)
Country | Link |
---|---|
TW (1) | TW200841212A (en) |
WO (1) | WO2008059480A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2482236A1 (en) * | 2009-09-24 | 2012-08-01 | Terrara Code Research Institute, Inc. | Rfid tag, tag reader/writer, data management system and data management method |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2251813A1 (en) * | 2009-05-13 | 2010-11-17 | Nagravision S.A. | Method for authenticating access to a secured chip by a test device |
FR3001818B1 (en) * | 2013-02-05 | 2016-06-24 | Airbus Operations Sas | SECURE REDUNDANT STORAGE DEVICE AND SECURE WRITE READING METHOD ON SUCH A DEVICE |
CN105468964B (en) * | 2015-12-04 | 2018-09-14 | 上海兆芯集成电路有限公司 | Computer system and computer system operation method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5699509A (en) * | 1995-06-07 | 1997-12-16 | Abbott Laboratories | Method and system for using inverted data to detect corrupt data |
EP1246066A2 (en) * | 2001-03-20 | 2002-10-02 | Conti Temic microelectronic GmbH | Method of operating a processor-controlled system |
US20030126400A1 (en) * | 2001-12-27 | 2003-07-03 | Jacques Debiez | Data integrity check method using cumulative hash function |
-
2007
- 2007-11-07 WO PCT/IL2007/001357 patent/WO2008059480A1/en active Application Filing
- 2007-11-15 TW TW96143288A patent/TW200841212A/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5699509A (en) * | 1995-06-07 | 1997-12-16 | Abbott Laboratories | Method and system for using inverted data to detect corrupt data |
EP1246066A2 (en) * | 2001-03-20 | 2002-10-02 | Conti Temic microelectronic GmbH | Method of operating a processor-controlled system |
US20030126400A1 (en) * | 2001-12-27 | 2003-07-03 | Jacques Debiez | Data integrity check method using cumulative hash function |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2482236A1 (en) * | 2009-09-24 | 2012-08-01 | Terrara Code Research Institute, Inc. | Rfid tag, tag reader/writer, data management system and data management method |
EP2482236A4 (en) * | 2009-09-24 | 2013-10-30 | Terrara Code Res Inst Inc | Rfid tag, tag reader/writer, data management system and data management method |
Also Published As
Publication number | Publication date |
---|---|
TW200841212A (en) | 2008-10-16 |
WO2008059480B1 (en) | 2008-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101577886B1 (en) | Method and apparatus for memory encryption with integrity check and protection against replay attacks | |
US8843767B2 (en) | Secure memory transaction unit | |
Elbaz et al. | Tec-tree: A low-cost, parallelizable tree for efficient defense against memory replay attacks | |
CA2505477C (en) | A system and method to proactively detect software tampering | |
US8839001B2 (en) | Infinite key memory transaction unit | |
TWI567557B (en) | A tweakable encrypion mode for memory encryption with protection against replay attacks | |
US8417963B2 (en) | Secure read-write storage device | |
US20080016127A1 (en) | Utilizing software for backing up and recovering data | |
WO2009057094A1 (en) | Memory randomization for protection against side channel attacks | |
JP2005346182A (en) | Information processor, tamper resistant method, and tamper resistant program | |
CN112395631B (en) | Secure database system, method and medium based on SGX technology | |
WO2008059480A1 (en) | Systems and methiods for protection of data integrity of updatable data against unauthorized modification | |
US20080120481A1 (en) | Methods For Protection Of Data Integrity Of Updatable Data Against Unauthorized Modification | |
CN107861892B (en) | Method and terminal for realizing data processing | |
US20230113906A1 (en) | An apparatus and method of controlling access to data stored in a non-trusted memory | |
Unterluggauer et al. | Securing memory encryption and authentication against side-channel attacks using unprotected primitives | |
CN114547651B (en) | Operating system interrupt context protection method based on chained encryption | |
Broz et al. | Practical cryptographic data integrity protection with full disk encryption extended version | |
US20240080193A1 (en) | Counter integrity tree | |
CN118377734A (en) | Memory data security enhancement method and system based on physical and memory address conversion | |
JP2006279179A (en) | Encryption processing system utilizing data duplication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07827330 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07827330 Country of ref document: EP Kind code of ref document: A1 |