Architectural support for securing application data in embedded systems

The rapid growth and pervasive use of embedded systems makes it easier for an adversary to gain physical access to these devices to launch attacks and reverse engineer of the system. Encrypted execution and data (EED) platforms, where instructions and data are stored in encrypted form in memory, while incurring overheads of encryption have proven to be attractive because they offer strong security against information leakage and tampering. However, several attacks are still possible on EED systems when the adversary gains physical access to the system. In this paper we present an architectural approach to address a class of memory spoofing attacks, in which an attacker can control the address bus and spoof memory blocks as they are loaded into the processor. In this paper we focus on the integrity of the application data to prevent the attacker from tampering, injecting or replaying the data. We make use of an on-chip FPGA, an architecture that is now commonly available on many processor chips, to build a secure on-chip hardware component that verifies the integrity of application data at run-time. By implementing all our security primitives on the FPGA we do not require changes to the processor architecture. We present that data protection techniques and a performance analysis is provided through a simulation on a number of bechmarks. Our experimental results show that a high level of security can be achieved with low performance overhead.