MEAS: memory encryption and authentication secure against side-channel attacks

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using differential power analysis (DPA). In this work, we present Meas —the first Memory Encryption and Authentication Sc...

Full description

Saved in:
Bibliographic Details
Published in:Journal of cryptographic engineering 2019-06, Vol.9 (2), p.137-158
Main Authors: Unterluggauer, Thomas, Werner, Mario, Mangard, Stefan
Format: Article
Language:English
Subjects:
Algorithms
Circuits and Systems
Communications Engineering
Computer Communication Networks
Computer Science
Cryptography
Cryptology
Data Structures and Information Theory
Encryption
Keying
Masking
Memory devices
Networks
Operating Systems
Random access memory
Regular Paper
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using differential power analysis (DPA). In this work, we present Meas —the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM. For RAM, we give two concrete Meas instances based on the lightweight primitives Ascon , PRINCE, and QARMA. We implement and evaluate both instances on a Zynq XC7Z020 FPGA showing that Meas has memory and performance overhead comparable to existing memory authentication techniques without DPA protection.
ISSN:2190-8508
2190-8516
DOI:10.1007/s13389-018-0180-2