Paper 2015/651

Secure Execution Architecture based on PUF-driven Instruction Level Code Encryption

Stephan Kleber, Florian Unterstein, Matthias Matousek, Frank Kargl, Frank Slomka, and Matthias Hiller


A persistent problem with program execution, despite numerous mitigation attempts, is its inherent vulnerability to the injection of malicious code. Equally unsolved is the susceptibility of firmware to reverse engineering, which undermines the manufacturer's code confidentiality. We propose an approach that solves both kinds of security problems employing instruction-level code encryption combined with the use of a physical unclonable function (PUF). Our novel Secure Execution PUF-based Processor (SEPP) architecture is designed to minimize the attack surface, as well as performance impact, and requires no significant changes to the development process. This is possible based on a tight integration of a PUF directly into the processor's instruction pipeline. Furthermore, cloud scenarios and distributed embedded systems alike inherently depend on remote execution; our approach supports this, as the secure execution environment needs not to be locally available at the developers site. We implemented an FPGA-based prototype based on the OpenRISC Reference Platform. To assess our results, we performed a security analysis of the processor and evaluated the performance impact of the encryption. We show that the attack surface is significantly reduced compared to previous approaches while the performance penalty is at a reasonable factor of about 1.5.

Available format(s)
Publication info
Preprint. MAJOR revision.
implementationinstruction-level code encryptionphysical unclonable function (PUF)Secure Execution PUF-based ProcessorOpenRISCcode injection preventioncode confidentialityCPU architecture
Contact author(s)
stephan kleber @ uni-ulm de
2015-07-01: received
Short URL
Creative Commons Attribution-ShareAlike


      author = {Stephan Kleber and Florian Unterstein and Matthias Matousek and Frank Kargl and Frank Slomka and Matthias Hiller},
      title = {Secure Execution Architecture based on PUF-driven Instruction Level Code Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2015/651},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.