Secure memory, located inside an integrated circuit (IC), for code and/or data storage requires dedicated, isolated memory elements which cannot be shared with other resources because of they need to remain secure. Located inside an IC, the memory elements often represent a significant size and cost impact.
Critical executable code generally needs to be validated before execution. To guarantee its integrity, the entire image of the critical executable code is stored within large areas of on-chip memory. Using on-chip memory to store the critical executable code also makes some updates such as patches and enhancements requiring additional memory more difficult.
A known solution is to protect the entire image with one or more Message Authentication Code (MAC) tags. A provably secure smaller code segment, for example, is loadable from an on-chip ROM and is used to validate a code segment stored in external memory before releasing it to the processor. In the external storage case, the image must not be modifiable by an outside entity, for example an attacker, after the validation of the code segment. If the validated code resides in external memory, it is possible for an attacker to modify the image after the MAC validation process has validated the image, thus allowing the processor to execute unvalidated code.
Another solution for securing memory utilizes memory transactions that are secure. This approach requires specialized memory controllers that understand the difference between two types of transactions—secure and insecure as well as peripherals capable of generating these types of transactions. Further, secure memory though it protects memory access transactions, does not address problems relating to attacks by modification of data within external memory.
Another solution to security of critical executable code involves encrypting all the code and related data stored within unsecured memory where the CPU performs decryption when executing the code or accessing the data. However, decryption is computationally expensive and the system performance is often substantially affected by the additional execution of decryption processes. Existing solutions tend to have a coarse-grained MAC, for example the entire image is encrypted or the image is subdivided into several smaller segments—although still relatively large. These are then verified one or more times in external memory. If the code is modified by an attacker after a MAC validation has been completed, the processor executes that code until the next MAC revalidation is performed; thus, tampered code is executed until a further MAC validation occurs. If the code was tampered with, the next validation will fail, but by that time malicious code may have already been executed.
Secure memory cannot be located outside of a processor IC, for example in low cost SDRAM, as the interconnections are externally accessible and can be easily probed by an attacker to observe and possibly modify the data. Therefore the image to be validated needs to be copied to a large protected on-chip location solely under the control of the processor running the validation process. Otherwise, security boundaries have to be physically extended to include the external unsecured memory, which is not practical.
There is a need to efficiently encrypt/decrypt code and/or data located in external memory such that the accessible interconnections can no longer be tampered with to result in insecure code.