摘要
随着嵌入式系统的广泛应用,嵌入式系统的安全问题逐渐引起人们的重视。其中,片外存储器的安全问题是整个嵌入式系统安全问题中不可忽视的一部分。目前已经存在很多关于片外存储安全方面的研究,这些研究一般是片上微处理器和片外的存储器之间增加安全防御模块(硬件)。但是,在嵌入式系统中增加存储器安全防御模块(硬件)无疑会对整个系统的性能、存储器开销、SOC面积开销等造成一定的负面影响。因此,现在很多方法都是在安全性,性能开销、存储器开销、SOC面积开销等因素之间寻找一个折中的最优方案。论文充分考虑这些因素的影响,提出了一种基于AES-GCM的数据完整性校验方法。该方法对片外存储器同时提供数据机密性和完整性保护,可以防御一系列典型的恶意攻击,如欺骗攻击、重放攻击等。
With the extensive application of embedded systems,security issues of embedded systems gradually attract people's attention.In particular,security issues of off-chip memory are one of the most important security issues in embedded system and cannot be ignored.There are many existing related findings about off-chip memory security.A classical way to address the off-chip memory security issues is to add a security protection module between the microprocessor and the external memory.However,adding the extra security hardware brings overheads in system performance,memory cost and the SOC area.As a result,many methods are now in safety,performance cost,storage cost,SOC area overhead factors such as to find a compromise between the optimal solution.In this article,a novel architecture for off-chip memory encryption and integrity protection is proposed based on Advanced Encryption Standard-Galois/Counter Mode(AES-GCM).Our approach provides data confidentiality and integrity authentication at the same time and can safeguard against a series of well-known attacks,including replay attacks,spoofing attacks.
出处
《计算机与数字工程》
2016年第11期2229-2235,共7页
Computer & Digital Engineering
