Paper 2017/674

Transparent Memory Encryption and Authentication

Mario Werner, Thomas Unterluggauer, Robert Schilling, David Schaffenrath, and Stefan Mangard

Abstract

Security features of modern (SoC) FPAGs permit to protect the confidentiality of hard- and software IP when the devices are powered off as well as to validate the authenticity of IP when being loaded at startup. However, these approaches are insufficient since attackers with physical access can also perform attacks during runtime, demanding for additional security measures. In particular, RAM used by modern (SoC) FPGAs is under threat since RAM stores software IP as well as all kinds of other sensitive information during runtime. To solve this issue, we present an open-source framework for building transparent RAM encryption and authentication pipelines, suitable for both FPGAs and ASICs. The framework supports various ciphers and modes of operation as shown by our comprehensive evaluation on a Xilinx Zynq-7020 SoC. For encryption, the ciphers Prince and AES are used in the ECB, CBC and XTS mode. Additionally, the authenticated encryption cipher Ascon is used both standalone and within a TEC tree. Our results show that the data processing of our encryption pipeline is highly efficient with up to 94% utilization of the read bandwidth that is provided by the FPGA interface. Moreover, the use of a cryptographically strong primitive like Ascon yields highly practical results with 54% bandwidth utilization.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. FPL2017
Keywords
RAMencryptionauthenticationZynqFPGA
Contact author(s)
mario werner @ iaik tugraz at
History
2017-08-24: revised
2017-07-06: received
See all versions
Short URL
https://ia.cr/2017/674
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/674,
      author = {Mario Werner and Thomas Unterluggauer and Robert Schilling and David Schaffenrath and Stefan Mangard},
      title = {Transparent Memory Encryption and Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2017/674},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/674}},
      url = {https://eprint.iacr.org/2017/674}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.