Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives

Thomas Unterluggauer, Mario Werner, Stefan Mangard

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present Meas—the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3% for a block size fitting standard disk sectors.
Originalspracheenglisch
TitelACM Asia Conference on Computer and Communications Security - ASIACCS'17
Herausgeber (Verlag)Association of Computing Machinery
Seiten690-702
DOIs
PublikationsstatusVeröffentlicht - 2017
VeranstaltungACM Asia Conference on Computer and Communications Security - Abu Dhabi, Vereinigte Arabische Emirate
Dauer: 2 Apr 20176 Apr 2017

Konferenz

KonferenzACM Asia Conference on Computer and Communications Security
KurztitelASIACCS
LandVereinigte Arabische Emirate
OrtAbu Dhabi
Zeitraum2/04/176/04/17

Fingerprint

Authentication
Cryptography
Data storage equipment
Random access storage
Side channel attack

Schlagwörter

    Dies zitieren

    Unterluggauer, T., Werner, M., & Mangard, S. (2017). Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives. in ACM Asia Conference on Computer and Communications Security - ASIACCS'17 (S. 690-702). Association of Computing Machinery. https://doi.org/10.1145/3052973.3052985

    Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives. / Unterluggauer, Thomas; Werner, Mario; Mangard, Stefan.

    ACM Asia Conference on Computer and Communications Security - ASIACCS'17. Association of Computing Machinery, 2017. S. 690-702.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Unterluggauer, T, Werner, M & Mangard, S 2017, Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives. in ACM Asia Conference on Computer and Communications Security - ASIACCS'17. Association of Computing Machinery, S. 690-702, Abu Dhabi, Vereinigte Arabische Emirate, 2/04/17. https://doi.org/10.1145/3052973.3052985
    Unterluggauer T, Werner M, Mangard S. Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives. in ACM Asia Conference on Computer and Communications Security - ASIACCS'17. Association of Computing Machinery. 2017. S. 690-702 https://doi.org/10.1145/3052973.3052985
    Unterluggauer, Thomas ; Werner, Mario ; Mangard, Stefan. / Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives. ACM Asia Conference on Computer and Communications Security - ASIACCS'17. Association of Computing Machinery, 2017. S. 690-702
    @inproceedings{e37821dddce241199de5662247c11915,
    title = "Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives",
    abstract = "Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present Meas—the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3{\%} for a block size fitting standard disk sectors.",
    keywords = "memory encryption, memory authentication, side-channel attack, DPA",
    author = "Thomas Unterluggauer and Mario Werner and Stefan Mangard",
    year = "2017",
    doi = "10.1145/3052973.3052985",
    language = "English",
    pages = "690--702",
    booktitle = "ACM Asia Conference on Computer and Communications Security - ASIACCS'17",
    publisher = "Association of Computing Machinery",
    address = "United States",

    }

    TY - GEN

    T1 - Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives

    AU - Unterluggauer, Thomas

    AU - Werner, Mario

    AU - Mangard, Stefan

    PY - 2017

    Y1 - 2017

    N2 - Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present Meas—the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3% for a block size fitting standard disk sectors.

    AB - Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present Meas—the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3% for a block size fitting standard disk sectors.

    KW - memory encryption

    KW - memory authentication

    KW - side-channel attack

    KW - DPA

    U2 - 10.1145/3052973.3052985

    DO - 10.1145/3052973.3052985

    M3 - Conference contribution

    SP - 690

    EP - 702

    BT - ACM Asia Conference on Computer and Communications Security - ASIACCS'17

    PB - Association of Computing Machinery

    ER -