WO2015157842A1 - Système de mémoire sécurisée et procédé associé - Google Patents
Système de mémoire sécurisée et procédé associé Download PDFInfo
- Publication number
- WO2015157842A1 WO2015157842A1 PCT/CA2014/050382 CA2014050382W WO2015157842A1 WO 2015157842 A1 WO2015157842 A1 WO 2015157842A1 CA 2014050382 W CA2014050382 W CA 2014050382W WO 2015157842 A1 WO2015157842 A1 WO 2015157842A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- cache
- memory
- circuit
- processor
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Definitions
- the invention relates to the field of data security and more specificall to the field of secure memory.
- Secure memory located inside an integrated circuit (IC), for code and/or data storage requires dedicated, isolated memory elements which cannot be shared with other resources because of they need to remain secure. Located inside an IC, the memory elements often represent a significant size and cost impact.
- Critical executable code generally needs to be validated before execution. To guarantee its integrity, the entire image of the critical executable code is stored within large areas of on-chip memory. Using on-chip memory to store the critical executable code also makes some updates such as patches and enhancements requiring additional memory more difficult.
- a known solution is to protect the entire image with one or more Message Authentication Code (MAC) tags.
- MAC Message Authentication Code
- a provably secure smaller code segment for example, is loadable from an on-chip ROM and is used to validate a code segment stored in external memory before releasing it to the processor.
- the image In the external storage case, the image must not be modifiable by an outside entity, for example an attaceker, after the validation of the code segment. If the validated code resides in external memory, it is possible for an attacker to modify the image after the MAC validation process has validated the image, thus allowing the processor to execute unvalidated code.
- Another solution for securing memory utilizes memory transactions that are secure. This approach requires specialized memory controllers that understand the difference between two types of transactions - secure and insecure - as well as peripherals capable of generating these types of transactions. Further, secure memory though it protects memory access tnasactions, does not address problems relating to attacks by modification of data within external memory.
- Another solution to security of critical executable code invovles encrypting all the code and related data stored wtihin unsecured memory where the CPU performs decryption when executing the code or accessing the data.
- decryption is computationally expensive and the system performance is often substantially affected by the additional execution of decryption processes.
- Existing solutions tend to have a coarse-grained MAC, for example the entire image is encrypted or the image is subdivided into several smaller segments - although still relatively large. These are then verified one or more times in external memory. If the code is modified by an attacker after a MAC validation has been completed, the processor executes that code until the next MAC revalidation is performed; thus, tampered code is executed until a further MAC validation occurs. If the code was tampered with, the next validation will fail, but by that time malicious code may have already been executed.
- Secure memory cannot be located outside of a processor IC, for example in low cost SDRAM, as the interconnections are externally accessible and can be easily probed by an attacker to observe and possibly modify the data. Therefore the image to be validated needs to be copied to a large protected on-chip location solely under the control of the processor running the validation process. Otherwise, security boundaries have to be physically extended to include the extemal unsecured memory, which is not practical.
- a circuit comprising: a cache memory having memory therein secured against tampering; a first memory; and, a cache controller having a first circuit for storing in a form secure from tampering and within the first memory second data corresponding to first data stored within the cache memory in plain text for use by a processor associated with the cache controller.
- a circuit comprising: a cache memory having memory therein secured against tampering; a first memory; and, a cache controller having a first circuit for validating first data within the first memory prior to caching said first data within the cache memory, the entire first data validated and stored within the cache memory in plain text, the entire first data sized for use with the caching process of the cache controller, wherein each secured first data is sized as a block of data within a process of the cache controller.
- a method comprising: caching data from unsecure storage comprising: validating the first data within the unsecure storage; storing an unsecured version of the first data within cache memory in correspondence with the first data; and when the cache is flushed, securing the cached unsecure data against tampering and updating the first data with the secured cached unsecured data.
- a method comprising: storing cache data within a cache; when the cache is flushed, ciphering the cache data to form hash data; storing first data comprising the cache data within an external memory in association with the cache data; and storing the hash data in association with the first data for use in validating the first data against tampering.
- FIG. 1 illustrates a prior art system where encryption/decryption is done externally from the processor
- FIG. 2 illustrates a prior art system where the secured memory is located on the processor chip
- FIG. 3 illustrates one embodiment of the system applied to a typical computing system architecture.
- Fig. 4 illustrates the flow of information for code transfer.
- Fig. 5 illustrates the flow of information for read/write of data to memory.
- Fig. 1 illustrates a prior art method of securing external memory storage.
- all data written to external memory is encrypted when it leaves the processor(s) or prior to leaving the processor and all data is decrypted when read by the processor(s).
- Fig. 2 illustrates another prior art method of securing memory.
- the secure memory is internal to the processing circuit - integrated therewith. All data is brought into the internal storage where it is used.
- FIG. 3 illustrates one embodiment of an efficient on-chip secure memory access, in which a secure cache is attached to a peripheral.
- AIC Advanced Integrity Controller
- FIG. 3 illustrates one embodiment of an efficient on-chip secure memory access, in which a secure cache is attached to a peripheral.
- AIC Advanced Integrity Controller
- FIG. 3 illustrates one embodiment of an efficient on-chip secure memory access, in which a secure cache is attached to a peripheral.
- AIC Advanced Integrity Controller
- the cache 302 is generally a small fast memory integrated with the processor 101.
- the AIC 301 is also useful for caching other types of data such as blocks of video from a Graphics Processing Unit (GPU) or from a display controller thereby obviating secure versions of those and other memory utilising peripherals or integrated circuit blocks.
- the cache 302 of AIC 301 is combined with an authentication processor (AP) 304 to ensure that the processor 101 only executes valid code - code that has been and is known to be validated.
- the code is stored in the unsecured memory 105 with a plurality of MAC tags which are used for validation.
- the code is optionally encrypted for example with an AES process. Alternatively another encryption process or technology is used wherein an encryption key is shared with the AP 304.
- a cache line and associated MAC tag fetch is performed by the AP 304 from the unsecured memory 105 over a bus 103.
- the AP relies upon the MAC tag to validate the retrieved cache line and once validated stores it in the secured cache 302 which is local.
- the processor 101 is held using wait states or an equivalent mechanism.
- the processor executes another thread or another process until the cache line fetch operation is completed.
- the AP 304 performs MAC validation, and when necessary decryption, on the retreived cache line fetched from external memory.
- the process also supports processing of other code or data stored, for example code or data that does not require validation in the unsecured memory 105, by the processor 101.
- only validated code/data is stored in the internal cache memory 302 and subsequently accessible to the processor 101.
- the AP 304 recalculates the MAC for the cache line and compares it to the retrieved MAC tag. If the recomputed MAC does not match the corresponding MAC fetched with the cache line, the process is halted, for example processor 101 is halted. For example a STOP instruction executed. Altematively, the processor 101 is looped in place or placed in a wait state. Further altematively, the processor is cleared and reset. If the retrieved and recomputed MAC match, the processor accesses the data from the cache 302.
- the processor 101 is limited to executing validated code.
- the fetched cache line is stored in temporary memory for validation and is only stored in the cache if and when validated.
- the processor remains unable to continue execution, it was paused during the cache miss, as the cache line is not retrieved successfully.
- the image and its associated MAC tags form a data source that can be validated and the secure caching of data from the data source supports relatively efficient and fast processing of an application and its data.
- the validatable data is formed in the present embodiment from known data.
- an executable image is secured by a trusted party with a separate cryptographic tool which uses keys to validate the image.
- the executable image is stored in secure read only memory such that it is known to be tamper proof. Further alternatively, it is retrieved from a trusted source. Since a copy of the keys used for MAC tag generation are stored securely on-chip, the keys remain secret from an attacker. Thus, when the keys are never exported from the integrated processing chip, compromising the code which will be internally validated by the invention and subsequently released to the processor for execution.
- Fig. 4 illustrates an example of the information flow for a cache miss.
- the processor 101 performs an instruction lookup in the AIC cache 302. If a cache miss is detected, the AP 304 fetches the instruction line from the unsecured memory 105. The instruction line, along with validating data in the form of a MAC tag is returned to the AP 304. The AP 304 validates the instruction line and stores it in the AIC cache 302. The processor 101 then executes the validated instruction line. Alternatively, two or more instruction lines are grouped together within a same block of data for being validated and cached together.
- Fig. 5 illustrates an example of a read operation (5a) and a write operation (5b) to unsecured memory.
- the processor 101 performs a read data request for reading data from the AIC cache 302 and a cache miss occurs, the AP 304 fetches the data line in the unsecured memory 105. Alternatively, the AP 304 fetches several data lines in a block. The retrieved data is returned with a MAC tag to the AP 304.
- the AP 304 performs validation of the retrieved data and stores it in the AIC cache 302 once validated.
- the processor 101 can then access the validated data from the AIC cache 302.
- the data is stored within the AIC cache, but when validation fails, the processing is halted or reset. In other embodiments, data is only stored within the AIC cache 302 once validated, providing a secure and validated cache.
- the processor When the processor writes data in the AIC cache 302, the data is treated analogously to prior art cached data.
- a store line request is sent to the AP 304.
- the AP 304 calculates the MAC tag and stores it along with the data in unsecured memory 105.
- a smart phone executes several applications.
- One application is a weather forecast application which does not require security; another application is a payment application which requires security.
- the system selectively defines which application executes securely. For example, the unsecure applications rely on a first cache memory and the secure applications rely on another cache memory.
- the cache controller ensures that there is no contamination between secure and insecure data within the cache. Further alternatively, the cache is divided into a secure portion and an insecure portion.
- the payment application software is stored in an encrypted form allowing authentication. For example, it is digitally signed allowing for verification of both the origin and the content of the software.
- it is stored on the phone, it is validated using a key that is accessible, for example, to the AIC located within the phone CPU.
- the application is executed, it is validated and optionally decrypted by the AIC as the lines of code to be executed are retrieved and stored within the secured cache 302 for processing 101.
- the weather application is not secured and therefore does not get validated. It is retrieved and provided to the CPU for execution.
- the AIC cache system is associated with processor 101, which needs to read/write secure data.
- the data is validated by the AP 304, optionally decrypted, and stored in the AIC cache 302 for use by the processor 101.
- the processor 101 stores data within the AIC cache 302, which then causes the data to be copied into the external memory.
- the AP 304 is called to compute a cache line MAC and to store the cache line within external storage, optionally encrypting it.
- the AP 304 stores corresponding MAC in association with the cache line.
- the MAC is stored in the external storage.
- the MAC is stored within an indexed table separate from the external storage, for example within internal storage. In yet other embodiments the MAC is stored within an indexed table within separate storage. In a different embodiment the AIC Cache 302 defers requesting AP 304 to store the cache line within external memory until a later point in time, for example in accordance with a cache controller process in execution, instead of storing the cache lines with every processor 101 write request. [0034] Numerous other embodiments may be envisaged without departing from the spirit or scope of the invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
L'invention concerne un contrôleur d'antémémoire pour stocker des données d'antémémoire dans une antémémoire, les données d'antémémoire comprenant une version de données non sécurisées par rapport à des premières données sécurisées.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2014/050382 WO2015157842A1 (fr) | 2014-04-16 | 2014-04-16 | Système de mémoire sécurisée et procédé associé |
CN201480078079.8A CN106233266A (zh) | 2014-04-16 | 2014-04-16 | 安全的存储器系统及其方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2014/050382 WO2015157842A1 (fr) | 2014-04-16 | 2014-04-16 | Système de mémoire sécurisée et procédé associé |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015157842A1 true WO2015157842A1 (fr) | 2015-10-22 |
Family
ID=54323301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2014/050382 WO2015157842A1 (fr) | 2014-04-16 | 2014-04-16 | Système de mémoire sécurisée et procédé associé |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106233266A (fr) |
WO (1) | WO2015157842A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3509003B1 (fr) * | 2018-01-04 | 2021-04-21 | Shenzhen Goodix Technology Co., Ltd. | Procédé et appareil pour protéger contre la modification un code traité par un microprocesseur intégré |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080109660A1 (en) * | 2006-11-06 | 2008-05-08 | Cisco Technology, Inc. | Crpto envelope around a cpu with dram for image protection |
US20090089337A1 (en) * | 2007-10-01 | 2009-04-02 | Microsoft Corporation | Efficient file hash identifier computation |
US7523319B2 (en) * | 2005-11-16 | 2009-04-21 | Lenovo (Singapore) Pte. Ltd. | System and method for tracking changed LBAs on disk drive |
US20110293097A1 (en) * | 2010-05-27 | 2011-12-01 | Maino Fabio R | Virtual machine memory compartmentalization in multi-core architectures |
US20130067245A1 (en) * | 2011-09-13 | 2013-03-14 | Oded Horovitz | Software cryptoprocessor |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7392384B2 (en) * | 2002-06-28 | 2008-06-24 | Hewlett-Packard Development Company, L.P. | Method and system for secure storage, transmission and control of cryptographic keys |
JP2006203564A (ja) * | 2005-01-20 | 2006-08-03 | Nara Institute Of Science & Technology | マイクロプロセッサ、ノード端末、コンピュータシステム及びプログラム実行証明方法 |
JP4496266B1 (ja) * | 2008-12-25 | 2010-07-07 | 株式会社東芝 | 暗号化プログラム運用管理システムおよびプログラム |
US8762642B2 (en) * | 2009-01-30 | 2014-06-24 | Twinstrata Inc | System and method for secure and reliable multi-cloud data replication |
US20110153944A1 (en) * | 2009-12-22 | 2011-06-23 | Klaus Kursawe | Secure Cache Memory Architecture |
-
2014
- 2014-04-16 WO PCT/CA2014/050382 patent/WO2015157842A1/fr active Application Filing
- 2014-04-16 CN CN201480078079.8A patent/CN106233266A/zh active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7523319B2 (en) * | 2005-11-16 | 2009-04-21 | Lenovo (Singapore) Pte. Ltd. | System and method for tracking changed LBAs on disk drive |
US20080109660A1 (en) * | 2006-11-06 | 2008-05-08 | Cisco Technology, Inc. | Crpto envelope around a cpu with dram for image protection |
US20090089337A1 (en) * | 2007-10-01 | 2009-04-02 | Microsoft Corporation | Efficient file hash identifier computation |
US20110293097A1 (en) * | 2010-05-27 | 2011-12-01 | Maino Fabio R | Virtual machine memory compartmentalization in multi-core architectures |
US20130067245A1 (en) * | 2011-09-13 | 2013-03-14 | Oded Horovitz | Software cryptoprocessor |
Also Published As
Publication number | Publication date |
---|---|
CN106233266A (zh) | 2016-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10019603B2 (en) | Secured memory system and method therefor | |
TWI715619B (zh) | 用於硬體強制單向密碼學的處理器、方法及系統 | |
US10097349B2 (en) | Systems and methods for protecting symmetric encryption keys | |
Suh et al. | AEGIS: A single-chip secure processor | |
KR20210097021A (ko) | 컴퓨터 시스템의 추측적 사이드 채널 분석에 대항하는 방어 | |
US8473754B2 (en) | Hardware-facilitated secure software execution environment | |
JP4738068B2 (ja) | プロセッサ及びシステム | |
US11250165B2 (en) | Binding of cryptographic operations to context or speculative execution restrictions | |
JP4876053B2 (ja) | トラステッド・デバイス集積回路 | |
US10237059B2 (en) | Diversified instruction set processing to enhance security | |
US10223289B2 (en) | Secure handling of memory caches and cached software module identities for a method to isolate software modules by means of controlled encryption key management | |
US20090187771A1 (en) | Secure data storage with key update to prevent replay attacks | |
KR20050008847A (ko) | 휴면 보호 | |
EP3262515B1 (fr) | Initialisation à base cryptographique d'un contenu de mémoire | |
US8745407B2 (en) | Virtual machine or hardware processor for IC-card portable electronic devices | |
US20170046280A1 (en) | Data processing device and method for protecting a data processing device against attacks | |
US20060015753A1 (en) | Internal RAM for integrity check values | |
US11748493B2 (en) | Secure asset management system | |
EP2990953B1 (fr) | Rafraîchissement de mémoire périodique dans un système informatique sécurisé | |
JP2022512051A (ja) | メモリ完全性チェックのための完全性ツリー | |
US20230269076A1 (en) | Creating, using, and managing protected cryptography keys | |
JP2017526220A (ja) | 順不同(out of order)データに対する推論的暗号処理 | |
WO2015157842A1 (fr) | Système de mémoire sécurisée et procédé associé | |
US9740837B2 (en) | Apparatus and method for preventing cloning of code | |
US9202075B2 (en) | System and method for executing code securely in general purpose computer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14889616 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14889616 Country of ref document: EP Kind code of ref document: A1 |