The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November-December (2007 vol.24)
pp: 570-580
Charles W. O'Donnell , Massachusetts Institute of Technology
G. Edward Suh , Cornell University
ABSTRACT
This article presents the Aegis secure processor architecture, which enables physically secure computing platforms with a main processor as the only trusted component. The Aegis architecture ensures private and authentic program execution even in the face of physical attacks, using two new security primitives. First, physical unclonable functions (PUFs) generate cryptographic keys in a highly secure yet inexpensive manner, exploiting random manufacturing variations. Second, off-chip memory protection mechanisms ensure the integrity and privacy of off-chip memory. Aegis, with its new protection mechanisms, has been implemented on an FPGA, and is fully functional. The authors briefly assess the cost of the security mechanisms in the Aegis processor and show that it is reasonable.
INDEX TERMS
Aegis, secure processor, architecture, single chip, FPGA
CITATION
Charles W. O'Donnell, G. Edward Suh, "Aegis: A Single-Chip Secure Processor", IEEE Design & Test of Computers, vol.24, no. 6, pp. 570-580, November-December 2007, doi:10.1109/MDT.2007.179
REFERENCES
1. J. Claessens, B. Preneel, and J. Vandewalle, "(How) Can Mobile Agents Do Secure Electronic Transactions on Untrusted Hosts? A Survey of the Security Issues and the Current Solutions," ACM Trans. Internet Technology, vol. 3, no. 1, Feb. 2003, pp. 28-48.
2. Trusted Computing Group, TCG TPM Specification, v1.2, rev. 103, by Trusted Computing Group, 2003-2006, https://www.trustedcomputinggroup.org/specs TPM.
3. S.W. Smith and S.H. Weingart, "Building a High-Performance, Programmable Secure Coprocessor," Computer Networks, vol. 31, no. 8, Apr. 1999, pp. 831-860.
4. R.J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley and Sons, 2001.
5. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Proc. 19th Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO 99), LNCS 1666, Springer-Verlag, 1999, pp. 388-397.
6. C.S. Petrie and J.A. Connelly, "A Noise-Based IC Random Number Generator for Applications in Cryptography," IEEE Trans. Circuits and Systems I, vol. 47, no. 5, May 2000, pp. 615-621.
7. B. Gassend et al., "Silicon Physical Random Functions," Proc. 9th ACM Conf. Computer and Communication Security, ACM Press, 2002, pp. 148-160.
8. J.-W Lee et al., "A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications," Proc. Symp. VLSI Circuits, IEEE Press, 2004, pp. 176-179.
9. G.E. Suh and S. Devadas, "Physical Unclonable Functions for Device Authentication and Secret Key Generation," Proc. 44th Design Automation Conf. (DAC 07), ACM Press, 2007, pp. 9-14.
10. G.E. Suh et al., "Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions," Proc. 32nd Ann. Int'l Symp. Computer Architecture (ISCA 05), IEEE CS Press, 2005, pp. 25-36.
11. G.E. Suh et al., "Efficient Memory Integrity Verification and Encryption for Secure Processors," Proc. 36th Ann. IEEE/ACM Int'l Symp. Microarchitecture, IEEE CS Press, 2003, pp. 339-350.
12. B. Gassend et al., "Caches and Hash Trees for Efficient Memory Integrity Verification," Proc. 9th Int'l Symp. High-Performance Computer Architecture (HPCA 03), IEEE CS Press, 2003, pp. 295-306.
7 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool