Embedded System Confidentiality Protection by Cryptographic Engine Implemented with Composite Field Arithmetic

Wang, Weike; Wang, Xiang; Du, Pei; Tian, Yuntong; Zhang, Xiaobing; Hao, Qiang; Zhang, Zhun; Xu, Bin

doi:10.1051/matecconf/201821002047

Cited by 2 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The AES engine consumes extra hardware resources when multiple external memory devices are present in the system [ 30 ]. Wang proposed a scheme for encrypting code and storing data using the AES [ 31 ]. However, encryption with fixed-key introduces security risks such as key leakage.…”

Section: Related Workmentioning

confidence: 99%

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

An,

Wang,

et al. 2023

Micromachines

Self Cite

View full text Add to dashboard Cite

The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

show abstract

Section: Related Workmentioning

confidence: 99%

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

An,

Wang,

et al. 2023

Micromachines

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are two ways to encrypt system data by using AES. One is the block encryption method [29], in which the content of the data block is used as the input of the encryption algorithm and the output is the cipher of the data block. The other is OTP based stream encryption, that is, the AES algorithm is used as a key stream generator to generate a series of random numbers, and the data can be encrypted and decrypted by performing the XOR operation with the sequence.…”

Section: Data Confidentiality Protectionmentioning

confidence: 99%

Hardware-Enhanced Protection for the Runtime Data Security in Embedded Systems

et al. 2019

Self Cite

View full text Add to dashboard Cite

At present, the embedded systems are facing various kinds of attacks, especially for the data stored in the external memories. This paper presents a hardware-enhanced protection method to protect the data integrity and confidentiality at runtime, preventing the data from spoofing attack, splicing attack, replay attack, and some malicious analysis. For the integrity protection, the signature is calculated by the hardware implemented Lhash engine before the data sending off the chip, and the signature of the data block is recalculated and compared with the decrypted one at the load time. For the confidentiality protection, an AES encryption engine is used to generate the key stream, the plain data and the cipher data can translate through a simple XOR operation. The hardware cryptographic engines are optimized to work simultaneously with the memory access operation, which reduces the hardware overhead and the performance overhead. We implement the proposed architecture within OR1200 processor on Xilinx Virtex 5 FPGA platform. The experiment results show that the proposed hardware-enhanced protection method can preserve the integrity and confidentiality of the runtime data in the embedded systems with low power consumption and a marginal area footprint. The performance overhead is less than 2.27% according to the selected benchmarks.

show abstract

Embedded System Confidentiality Protection by Cryptographic Engine Implemented with Composite Field Arithmetic

Cited by 2 publications

References 13 publications

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

Hardware-Enhanced Protection for the Runtime Data Security in Embedded Systems

Contact Info

Product

Resources

About