Abstract

As computing appliances increase in use and handle more critical information and functionalities, the importance of security grows even greater. In cases where the device processes sensitive data or performs important functionality, an attacker may be able to read or manipulate it by accessing the data bus between the processor and memory itself. As it is impossible to provide physical protection to the piece of hardware in use, it is important to provide protection against revealing confidential information and securing the device's intended operation. Defense against bus attacks such as spoofing, splicing, and replay attacks are of particular concern. Traditional memory authentication techniques, such as hashes and message authentication codes, are costly when protecting off-chip memory during run-time. Balanced authentication trees such as the well-known Merkle tree or TEC-Tree are widely used to reduce this cost. While authentication trees are less costly than conventional techniques it still remains expensive. This work proposes a new method of dynamically updating an authentication tree structure based on a processor's memory access pattern. Memory addresses that are more frequently accessed are dynamically shifted to a higher tree level to reduce the number of memory accesses required to authenticate that address. The block-level AREA technique is applied to allow for data confidentiality with no additional cost. An HDL design for use in an FPGA is provided as a transparent and highly customizable AXI-4 memory controller. The memory controller allows for data confidentiality and authentication for random-access memory with different speed or memory size constraints. The design was implemented on a Zynq 7000 system-on-chip using the processor to communicate with the hardware design. The performance of the dynamic tree design is comparable to the TEC-Tree in several memory access patterns. The TEC-Tree performs better than a dynamic design in particular applications; however, speedup over the TEC-Tree is possible to achieve when applied in scenarios that frequently accessed previously processed data.

Library of Congress Subject Headings

Computer storage devices--Security measures; Digital signatures; Data encryption (Computer science)

Publication Date

5-2021

Document Type

Thesis

Student Type

Graduate

Degree Name

Computer Engineering (MS)

Department, Program, or Center

Computer Engineering (KGCOE)

Advisor

Marcin Lukowiak

Advisor/Committee Member

Stanislaw Radziszowski

Advisor/Committee Member

Cory Merkel

Campus

RIT – Main Campus

Plan Codes

CMPE-MS

Share

COinS