TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks

Elbaz, Reouven; Champagne, David; Lee, Ruby B.; Torres, Lionel; Sassatelli, Gilles; Guillemin, Pierre

doi:10.1007/978-3-540-74735-2_20

Cited by 54 publications

(45 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The scheme is suitable for all kinds of memory including random access memory (RAM) and non-volatile memory (NVM). By making use of synergies between fresh re-keying and authentication trees [18,27,40], Meas simultaneously offers security against first-order DPA and random access to all memory blocks. In more detail, Meas uses separate keys for each memory block that are stored in a tree structure and changed on every write access in order to strictly limit the use of each key to the encryption of two different plaintexts at most.…”

Section: Contributionmentioning

confidence: 99%

“…Authentication trees over m memory blocks with arity a have logarithmic height l = log a (m). Three prominent examples of authentication trees are Merkle trees [40], Parallelizable Authentication Trees [27] (PAT), and Tamper Evident Counter [18] (TEC) trees. We give a detailed description of them in Appendix A.…”

Section: Memory Authenticationmentioning

confidence: 99%

“…Hereby, the authenticity is ensured by the diffusion of the block cipher as it makes it hard for the adversary to modify the encrypted nonce n l,i . The nonce n l,i is formed from the memory block address and a counter ctr l,i [18]. The nonce counters are recursively authenticated using AREA codes in a tree structure.…”

Section: A3 Tamper Evident Counter Trees [18]mentioning

confidence: 99%

“…In the following we describe three prominent examples of authentication trees, namely Merkle trees [40], Parallelizable Authentication Trees [27] (PAT), and Tamper Evident Counter [18] (TEC) trees. Note, however, that there are also hybrid variants like Bonsai Merkle trees [49], which use elements from both Merkle trees and PATs.…”

Section: Appendix A: Authentication Treesmentioning

confidence: 99%

“…In these cases, the attacker can, for example, observe and tamper with data in RAM. As a result, memory encryption and tree-based authentication techniques, e.g., Merkle trees [40], Parallelizable Authentication Trees [27] (PAT) and Tamper Evident Counter [18] (TEC) trees, are increasingly deployed to protect data in RAM. As one prominent example, RAM encryption and authentication was only recently adopted in consumer products with Intel SGX [25].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

MEAS: memory encryption and authentication secure against side-channel attacks

2018

View full text Add to dashboard Cite

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using differential power analysis (DPA). In this work, we present Meas-the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM. For RAM, we give two concrete Meas instances based on the lightweight primitives Ascon, PRINCE, and QARMA. We implement and evaluate both instances on a Zynq XC7Z020 FPGA showing that Meas has memory and performance overhead comparable to existing memory authentication techniques without DPA protection.

show abstract

Section: Contributionmentioning

confidence: 99%