|University of New South Wales
|Computer Science & Engineering
|Memory protection; Message authentication; Security
|Full text PDF:
The boom of embedded systems and their wide applications, especially in the area of e-business and -service, have raised increasing concerns about their security. One of the vulnerable components in most embedded systems is memory. Protecting memory data is essential to the embedded system. Many designs for memory data protection are based on the cryptographic primitives that have been systematically analysed and extensively evaluated, and often provide a guaranteed level of security. However, such cryptographic primitives usually come with significant processing and resource costs and may not be suit- able to embedded systems, where resources are extremely restricted. This thesis studies an existing design for protecting the integrity of memory data in an embedded processor system, where tag is used for data authentication. The design is highly cost efficient, consumes small on-chip resources and low off-chip memory, and offers flexibility for good trade-off between the design security and its implementation cost. However, the design assumes that the data to be protected are random and fit the uniform distribution, and the security of the design is mainly focused on the attacks with random data and tag values. Attacks with chosen values have merely been addressed. Nevertheless, the chosen-value attacks can exploit the design weakness, is much stronger than the random attack, and determines the true security level of a design. We have identified three pitfalls in this design: 1) there are some correlations between data and the tag, 2) for a given data, its tag value is not distributed over the whole tag value space; the effective tag space size for a given data is reduced and is less than the half of the tag value space, and 3) the effective tag space size varies for different data. Those weaknesses lead to the low security of the design. To patch the loopholes, we improve the design by implementing a series of random flip functions and non-linear Galois field multiplication on the data blocks. We show, through the theoretical analysis and experimental demonstration, that with the design modifications the tag generated bears no correlation to its data and the tag is uniformly random over the full tag value space. The improved design has the same capability to counter attacks with chosen values as to counter attacks with the random data. Therefore, the design is much secure yet still retaining the cost effective feature of the original design.