Hardware core for off-chip memory security management in embedded system

We offer a secure hardware architecture for system boot up, secure software execution and on field update. A new scheme is presented to guarantee dat confidentiality and integrity for off-chip memories. The architecture capabilities are extended to support on the fly security level management of data. The goal is to minimize the overhead due to security like logic area, performance, memory footprint and power consumption for the architecture. After careful evaluation through real time applications execution with this secure architecture, the next step was to provide an end to end solution. Toward th solution, a secure boot up mechanism is proposed in order to securely start applications from a flash memory. More techniques are also introduced to allow on field software update for later secure execution with the architecture. A complete set ofresults has been generated in order to underline the fact that the proposed solution matches with the current needs and constraints of embedded systems. For the first time the security cost in area, performance, memory and power has been evaluated for embedded systems with an end to end solution.Nous proposons une architecture matérielle sécurisée du démarrage du système en passant par l'exécution des applications jusqu'à sa mise àjour sur le terrain. Une nouvelle technique afin de garantir la confidentialité et l'intégrité des données en mémoires est présentée et évaluée dans un premier temp L'architecture proposée est alors étendue avec de nouvelles fonctionnalités qui permettent de gérer à la volée le niveau de sécurité spécifique à la donnée. Ceci ayant pour but de minimiser au maximum les coûts engendrés par la sécurité et notamment la surface, la performance, la consommation mémoire et e nergétique de l'architecture. Cette base étant évaluée au traves de différentes applications temps réel s'exécutant sur l'architecture sécurisée, l'étape suivante est la mise en oeuvre complète d'un système. Pour cela une méthode de démarrage sécurisée est également proposée afin de lancer les applications depuis une mémoire flash. D'autre mécanismes sont également introduits afin de permettre une mise à jour des applications contenues dans la flash et leur exécution par la suite sur l'architecture sécurisée. L'ensemble des résultats générés ont pour but de montrer que la solution proposée correspond aux besoins et aux capacités des systèmes embarqués. Pour la première fois le coût de la sécurité a été évalué sur l'ensemble des caractéristiques spécifiques au domaine des systèmes embarqués (surface, performance, consommation mémoire et énergétique) pour une chaine totalement sécurisée.LORIENT-BU (561212106) / SudocSudocFranceF

Secure architecture in embedded systems: an overview

Security issues become more and more important during the development of mobile devices. In this paper we propose first a brief overview of hardware and software attacks related to embedded systems and second a comprehensive study of existing solutions to protect programs and data exchanges within these systems. Security primitives dedicated to the implementation of a secure architecture are also presented. Based on this analysis of existing solutions and requirements an original approach is proposed in order to mitigate the cost of security. Constraints related to embedded systems are strong it is thus mandatory to define new solutions, our proposition is outlined through various security primitives (ciphering and hashing) with features adapted to embedded systems

Hardware implementation of a multi-mode hash architecture for MD5, SHA-1 and SHA-2

International audienc

embedded

protection solution for off-chip memory i

Trusted computing - A new challenge for embedded systems

International audienceSecurity issues become more and more important during the development of mobile devices. In this paper we propose a thorough overview of processor-based solutions to protect programs and data exchanges within embedded systems. A discussion about the limitations of existing solutions is provided and new directions are proposed

A Code Compression Method to Cope with Security Hardware Overheads

International audienc

High Efficiency Protection Solution for Off-Chip Memory in Embedded Systems

This paper proposes a complete hardware solution for embedded systems that fully protects off-chip memory. Our security core is based on one-time pad (OTP) encryption and a CRC32 integrity check module. These modules safeguard external memories for embedded processors against a series of well-known attacks, including replay attacks, spoofing attacks and relocation attacks. The implementation limits memory space overhead to about 18.75% and reduces memory latency from 14 cycles for a alternate approach to 3 clock cycles. A FPGA-based implementation of the security core has been completed to gauge the security overhead and to compare our approach with existing solutions

Low latency solution for confidentiality and integrity checking in embedded systems with off-chip memory

International audienceThis paper proposes a complete hardware solution for embedded systems that fully protects off-chip memory. Our security core is based on one-time pad (OTP) encryption and a CRC integrity check module. These modules safeguard external memories for embedded processors against a series of well-known attacks, including replay attacks, spoofing attacks and relocation attacks. The implementation limits memory space overhead to 18.25 or 32.75%. It also reduces memory latency from 22 cycles for an alternate approach to 11 or 3 clock cycles depending on desired performance. The loss for software execution with our solution is only 10% compared with a non-protected solution. A FPGA-based implementation of the security core has been completed to gauge the security overhead and to compare our approach with existing solutions