Memory Authentication

1
Memory Authentication
David Champagne, Reouven Elbaz and Ruby Lee
Threat Model

• Corruption of code or data
• Arbitrary modification (spoofing)
• Illegitimate relocation (splicing)
• Overwrite with old value (replay)

Tampering
State of the art
Our integrity tree TEC-Tree 1
TEC-Tree Tamper-Evident Counter Tree
Block-Level AREA Authentication Primitive
Integrity Check Corruption of the ciphertext is
detected by checking the last n bits of the
decrypted text. Probability P of successful
attack P 1/2n Added Redundancy Explicit
Authentication
Benefits of TEC-Tree

• - Parallelizable on read and write operations
• Provides confidentiality at no additional cost

The only existing tree traversal technique
(Static Tree Traversal) imposes that protected
memory be part of a single, monolithic segment.
This leads to huge integrity trees with - Very
large memory capacity overhead - Very large
initialization latencies
The Tree Management Unit (TMU) constructs a tree
only over memory used by the application,
resulting in dramatic overhead reductions w.r.t.
an integrity tree built with the Static Tree
Traversal technique.
1 R.Elbaz, D.Champagne, R.B.Lee, L.Torres,
G.Sassatelli and P.Guillemin, TEC-Tree A Low
Cost and Parallelizable Tree for Efficient
Defense against Memory Replay Attacks,
Cryptographic Hardware and embedded systems
(CHES), pp. 289-302, 2007. 2 D.Champagne, R.
Elbaz and R.B.Lee. TMU Tree Management Unit,
Princeton Technical Report, October 2007