Hardware-Based Protection for Data Security at Run-Time on Embedded Systems

Abstract

The security of embedded systems has attracted much attention as they are being used in more and more fields. The rapid growth and pervasive use of embedded systems make it easier for a sophisticated attacker to gain physical access to launch physical attacks on insecure off-chip memory and bus. This paper presents a novel hardware-based security mechanism to protect confidentiality and integrity of data, preventing the system data from being stolen or tampered by a malicious attacker. The proposed mechanism protects the confidentiality of data using advanced encryption standard (AES) stream encryption algorithm in parallel with the memory access process. This mechanism provides integrity protection for data by attaching integrity signatures generated using hash algorithm to data stored in external memory. The signature is verified when data is fetched into the chip. The security architecture has been tested and validated on the system on a programmable chip (SoPC) with OR1200(processor based on OpenRISC1000 architecture) processor. The experimental result shows that the proposed security mechanism ensures the integrity and confidentiality of system data, introducing low performance penalties.