- Author:
- Gookwon Edward Suh,
- Adviser:
- Srinivas Devadas
Trust in remote interaction is a fundamental challenge in distributed computing environments. To obtain a remote party's trust, computing systems must be able to guarantee the privacy of intellectual property and the integrity of program execution. Unfortunately, traditional platforms cannot provide such guarantees under physical threats that exist in distributed environments.
The AEGIS secure processor enables a physically secure computing platform to be built with a main processor as the only trusted hardware component. AEGIS empowers a remote party to authenticate the platform and guarantees secure execution even under physical threats. To realize the security features of AEGIS with only a single chip, this thesis presents a secure processor architecture along with its enabling security mechanisms. The architecture suggests a technique called suspended secure processing to allow a secure part of an application to be protected separately from the rest. Physical random functions provide a cheap and secure way of generating a unique secret key on each processor, which enables a remote party to authenticate the processor chip. Memory encryption and integrity verification mechanisms guarantee the privacy and the integrity of off-chip memory content, respectively.
A fully-functional RTL implementation and simulation studies demonstrate that the overheads associated with this single chip approach is reasonable. The security components in AEGIS consumes about 230K logic gates. AEGIS, with its off-chip protection mechanisms, is slower than traditional processors by 26% on average for large applications and by a few percent for embedded applications. This thesis also shows that using AEGIS requires only minor modifications to traditional operating systems and compilers. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)
Cited By
Sepulveda J, Willgerodt F and Pehl M SEPUFSoC Proceedings of the 2018 on Great Lakes Symposium on VLSI, (39-44)- Herder C, Ren L, van Dijk M, Yu M and Devadas S (2017). Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions, IEEE Transactions on Dependable and Secure Computing, 14:1, (65-82), Online publication date: 1-Jan-2017.
- Yu M and Devadas S (2017). Pervasive, dynamic authentication of physical items, Communications of the ACM, 60:4, (32-39), Online publication date: 24-Mar-2017.
- Yu M and Devadas S (2016). Pervasive, Dynamic Authentication of Physical Items, Queue, 14:6, (73-100), Online publication date: 1-Dec-2016.
- Song E, Yang S and Jeong Y (2018). Human-centric visual monitoring of multi-clients system behavior and BiT for trust computing, Security and Communication Networks, 7:10, (1441-1453), Online publication date: 1-Oct-2014.
- Duren M, Walsh J, Aldridge H and Yu M Resilient device authentication system (RDAS) through SIOMETRICS Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, (1-4)
- Hiller M, Weiner M, Rodrigues Lima L, Birkner M and Sigl G Breaking through fixed PUF block limitations with differential sequence coding and convolutional codes Proceedings of the 3rd international workshop on Trustworthy embedded devices, (43-54)
- Geneiatakis D, Portokalidis G, Kemerlis V and Keromytis A Adaptive defenses for commodity software through virtual application partitioning Proceedings of the 2012 ACM conference on Computer and communications security, (133-144)
- Elbaz R, Torres L, Sassatelli G, Guillemin P, Bardouillet M and Martinez A Block-level added redundancy explicit authentication for parallelized encryption and integrity checking of processor-memory transactions Transactions on computational science X, (231-260)
- Elbaz R, Champagne D, Gebotys C, Lee R, Potlapally N and Torres L Hardware Mechanisms for Memory Authentication Transactions on Computational Science IV, (1-22)
- Garay J, Kolesnikov V and Mclellan R MAC Precomputation with Applications to Secure Memory Proceedings of the 12th International Conference on Information Security, (427-442)
- Wilson P, Frey A, Mihm T, Kershaw D and Alves T (2007). Implementing Embedded Security on Dual-Virtual-CPU Systems, IEEE Design & Test, 24:6, (582-591), Online publication date: 1-Nov-2007.
- Elbaz R, Champagne D, Lee R, Torres L, Sassatelli G and Guillemin P TEC-Tree Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems, (289-302)
- Platte J, Díaz R and Naroska E A new encryption and hashing scheme for the security architecture for microprocessors Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security, (120-129)
Index Terms
- Aegis: a single-chip secure processor
Recommendations
Aegis: A Single-Chip Secure Processor
This article presents the Aegis secure processor architecture, which enables physically secure computing platforms with a main processor as the only trusted component. The Aegis architecture ensures private and authentic program execution even in the ...
AEGIS: A single-chip secure processor
This article presents the AEGIS secure processor architecture, which enables new applications by ensuring private and authentic program execution even in the face of physical attack. Our architecture uses two new primitives to achieve physical security. ...
AES-GCM and AEGIS: Efficient and High Speed Hardware Implementations
Authenticated Encryption (AE) is a block cipher mode of operation which provides confidentiality and integrity simultaneously. In terms of the hardware implementation, it produces smaller area compared to two separated algorithms. Therefore, it has ...