Transparent Memory Encryption and Authentication

Mario Werner, Thomas Unterluggauer, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Security features of modern (SoC) FPGAs permit to protect the confidentiality of hard- and software IP when the devices are powered off as well as to validate the authenticity of IP when being loaded at startup. However, these approaches are insufficient since attackers with physical access can also perform attacks during runtime, demanding for additional security measures. In particular, RAM used by modern (SoC) FPGAs is under threat since RAM stores software IP as well as all kinds of other sensitive information during runtime. To solve this issue, we present an open-source framework for building transparent RAM encryption and authentication pipelines, suitable for both FPGAs and ASICs. The framework supports various ciphers and modes of operation as shown by our comprehensive evaluation on a Xilinx Zynq-7020 SoC. For encryption, the ciphers Prince and AES are used in the ECB, CBC and XTS mode. Additionally, the authenticated encryption cipher Ascon is used both standalone and within a TEC tree. Our results show that the data processing of our encryption pipeline is highly efficient with up to 94 % utilization of the read bandwidth that is provided by the FPGA interface. Moreover, the use of a cryptographically strong primitive like Ascon yields highly practical results with 54 % bandwidth utilization.
Original languageEnglish
Title of host publication27th International Conference on Field Programmable Logic and Applications - FPL 2017
PublisherInstitute of Electrical and Electronics Engineers
DOIs
Publication statusPublished - 5 Oct 2017
Event27th International Conference on Field Programmable Logic and Applications - Belgium, Ghent
Duration: 4 Sep 20178 Sep 2017
Conference number: 2017

Conference

Conference27th International Conference on Field Programmable Logic and Applications
Abbreviated titleFPL
CityGhent
Period4/09/178/09/17

Fingerprint

Authentication
Cryptography
Field programmable gate arrays (FPGA)
Random access storage
Data storage equipment
Pipelines
Bandwidth
Application specific integrated circuits
Hardware
System-on-chip

Keywords

  • RAM
  • encryption
  • authentication
  • Zynq
  • FPGA

Cite this

Werner, M., Unterluggauer, T., & Mangard, S. (2017). Transparent Memory Encryption and Authentication. In 27th International Conference on Field Programmable Logic and Applications - FPL 2017 Institute of Electrical and Electronics Engineers. https://doi.org/10.23919/FPL.2017.8056797

Transparent Memory Encryption and Authentication. / Werner, Mario; Unterluggauer, Thomas; Mangard, Stefan.

27th International Conference on Field Programmable Logic and Applications - FPL 2017. Institute of Electrical and Electronics Engineers, 2017.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Werner, M, Unterluggauer, T & Mangard, S 2017, Transparent Memory Encryption and Authentication. in 27th International Conference on Field Programmable Logic and Applications - FPL 2017. Institute of Electrical and Electronics Engineers, 27th International Conference on Field Programmable Logic and Applications, Ghent, 4/09/17. https://doi.org/10.23919/FPL.2017.8056797
Werner M, Unterluggauer T, Mangard S. Transparent Memory Encryption and Authentication. In 27th International Conference on Field Programmable Logic and Applications - FPL 2017. Institute of Electrical and Electronics Engineers. 2017 https://doi.org/10.23919/FPL.2017.8056797
Werner, Mario ; Unterluggauer, Thomas ; Mangard, Stefan. / Transparent Memory Encryption and Authentication. 27th International Conference on Field Programmable Logic and Applications - FPL 2017. Institute of Electrical and Electronics Engineers, 2017.
@inproceedings{e56fb75f19064982b621ec592a4930e5,
title = "Transparent Memory Encryption and Authentication",
abstract = "Security features of modern (SoC) FPGAs permit to protect the confidentiality of hard- and software IP when the devices are powered off as well as to validate the authenticity of IP when being loaded at startup. However, these approaches are insufficient since attackers with physical access can also perform attacks during runtime, demanding for additional security measures. In particular, RAM used by modern (SoC) FPGAs is under threat since RAM stores software IP as well as all kinds of other sensitive information during runtime. To solve this issue, we present an open-source framework for building transparent RAM encryption and authentication pipelines, suitable for both FPGAs and ASICs. The framework supports various ciphers and modes of operation as shown by our comprehensive evaluation on a Xilinx Zynq-7020 SoC. For encryption, the ciphers Prince and AES are used in the ECB, CBC and XTS mode. Additionally, the authenticated encryption cipher Ascon is used both standalone and within a TEC tree. Our results show that the data processing of our encryption pipeline is highly efficient with up to 94 {\%} utilization of the read bandwidth that is provided by the FPGA interface. Moreover, the use of a cryptographically strong primitive like Ascon yields highly practical results with 54 {\%} bandwidth utilization.",
keywords = "RAM, encryption, authentication, Zynq, FPGA",
author = "Mario Werner and Thomas Unterluggauer and Stefan Mangard",
year = "2017",
month = "10",
day = "5",
doi = "10.23919/FPL.2017.8056797",
language = "English",
booktitle = "27th International Conference on Field Programmable Logic and Applications - FPL 2017",
publisher = "Institute of Electrical and Electronics Engineers",
address = "United States",

}

TY - GEN

T1 - Transparent Memory Encryption and Authentication

AU - Werner, Mario

AU - Unterluggauer, Thomas

AU - Mangard, Stefan

PY - 2017/10/5

Y1 - 2017/10/5

N2 - Security features of modern (SoC) FPGAs permit to protect the confidentiality of hard- and software IP when the devices are powered off as well as to validate the authenticity of IP when being loaded at startup. However, these approaches are insufficient since attackers with physical access can also perform attacks during runtime, demanding for additional security measures. In particular, RAM used by modern (SoC) FPGAs is under threat since RAM stores software IP as well as all kinds of other sensitive information during runtime. To solve this issue, we present an open-source framework for building transparent RAM encryption and authentication pipelines, suitable for both FPGAs and ASICs. The framework supports various ciphers and modes of operation as shown by our comprehensive evaluation on a Xilinx Zynq-7020 SoC. For encryption, the ciphers Prince and AES are used in the ECB, CBC and XTS mode. Additionally, the authenticated encryption cipher Ascon is used both standalone and within a TEC tree. Our results show that the data processing of our encryption pipeline is highly efficient with up to 94 % utilization of the read bandwidth that is provided by the FPGA interface. Moreover, the use of a cryptographically strong primitive like Ascon yields highly practical results with 54 % bandwidth utilization.

AB - Security features of modern (SoC) FPGAs permit to protect the confidentiality of hard- and software IP when the devices are powered off as well as to validate the authenticity of IP when being loaded at startup. However, these approaches are insufficient since attackers with physical access can also perform attacks during runtime, demanding for additional security measures. In particular, RAM used by modern (SoC) FPGAs is under threat since RAM stores software IP as well as all kinds of other sensitive information during runtime. To solve this issue, we present an open-source framework for building transparent RAM encryption and authentication pipelines, suitable for both FPGAs and ASICs. The framework supports various ciphers and modes of operation as shown by our comprehensive evaluation on a Xilinx Zynq-7020 SoC. For encryption, the ciphers Prince and AES are used in the ECB, CBC and XTS mode. Additionally, the authenticated encryption cipher Ascon is used both standalone and within a TEC tree. Our results show that the data processing of our encryption pipeline is highly efficient with up to 94 % utilization of the read bandwidth that is provided by the FPGA interface. Moreover, the use of a cryptographically strong primitive like Ascon yields highly practical results with 54 % bandwidth utilization.

KW - RAM

KW - encryption

KW - authentication

KW - Zynq

KW - FPGA

U2 - 10.23919/FPL.2017.8056797

DO - 10.23919/FPL.2017.8056797

M3 - Conference contribution

BT - 27th International Conference on Field Programmable Logic and Applications - FPL 2017

PB - Institute of Electrical and Electronics Engineers

ER -