A high security and efficiency protection of confidentiality and integrity for off-chip memory

  • Yang SuEmail author
  • Jun-Wei Shen
  • Min-Qing Zhang
Original Research


Due to the cost, power requirements and capacity, data are mainly stored off-chip rather than on-chip in embedded systems. The data exchanged between the processor and off-chip memory might be sensitive, security and efficiency of off-chip memory is a major concern in embedded systems. However, existing protection solutions often require significant overhead to achieve adequate protection. This paper proposes a security management method which can guarantee stronger data confidentiality and integrity with a reduced overhead in area, memory footprint, and performance cost. To reduce on-chip memory consumption and latency cost, protection scheduling and storage strategy are carefully studied, then our security management architecture is formed. Afterwards, confidentiality and integrity modules are designed respectively. Data confidentiality is protected through a Binary Additive Stream Cipher-AES-Time Stamp based on circuit and addresses scrambling network of Benes, and data integrity is safeguarded through an integrity checking module based on SHA3-TAH and MSet-XOR-Hash tree. Hardware implementation is designed and synthesized in a 0.18 µm process. The experiment area is about 1.1 mm2 while frequency reaches 563 MHz. The attack complexity is more than 2224 while additional storage consumption is limited in about 26.6%.


Memory security Cryptographic algorithm Confidentiality Integrity SHA3 



The authors thank all the reviewers and editors for their valuable comments and works. This paper is supported by the National Natural Science Foundation of China (no. 61772550).


  1. Andrea T, Holger H (2015) Polynomial time decision algorithms for probabilistic automata. Inf Comput 224:134–171MathSciNetzbMATHGoogle Scholar
  2. Damla Y, Heba Y (2018) Power analysis based side-channel attack on visible light communication [online]. Phys Commun. Google Scholar
  3. Duan L, Hongxin ZH, Qiang L et al (2015) Electromagnetic side-channel attack based on PSO directed acyclic graph SVM. J China Univ Posts Telecommun 22(5):10–15CrossRefGoogle Scholar
  4. Elbaz R, Torres L, Sassatelli G et al (2006) A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In: Proceedings of the 43rd annual design automation conference. ACM, pp 506–509Google Scholar
  5. Elbaz R, Champagne D, Lee RB et al (2007) Tec-tree: a low-cost, parallelizable tree for efficient defense against memory replay attacks. In: Cryptographic hardware and embedded systems-CHES 2007. Springer, Berlin Heidelberg, pp 289–302CrossRefGoogle Scholar
  6. Faheem U, Matthew E, Rajiv R (2018) Data exfiltration: A review of external attack vectors and countermeasures. J Netw Comput Appl 101:18–54CrossRefGoogle Scholar
  7. Fangyong H (2005) Research on key techniques of memory system data confidentiality and integrity protection. National University of Defense Technology, ChangshaGoogle Scholar
  8. Hailong ZH, Yongbin ZH (2016) How many interesting points should be used in a template attack. J Syst Softw 120:105–113CrossRefGoogle Scholar
  9. Hojoon L, Minsu K, Yunheung P et al (2018) A dynamic per-context verification of kernel address integrity from external monitors [online]. Comput Secur. Google Scholar
  10. Hong A, Xuebin CH (2018) Research on embedded access control security system and face recognition system [J]. Measurement 123:309–322CrossRefGoogle Scholar
  11. Hu Y, Sunar B (2010) An improved memory integrity protection scheme. Trust and trustworthy computing. Springer, Berlin, pp 273–281CrossRefGoogle Scholar
  12. Jaime AB, Leonel PT, Rolf Fredi M et al (2016) An embedded system approach for energy monitoring and analysis in industrial processes. Energy 115:811–819CrossRefGoogle Scholar
  13. Jie L, Jianliang ZH (2018) Paula Whitlock. Efficient deterministic and non-deterministic pseudorandom number generation. Math Comput Simul 143:114–124CrossRefGoogle Scholar
  14. Kemal B, Devrim U, Nadir A et al (2014) Mobile authentication secure against man-in-the-middle attacks. Procedia Comput Sci 34:323–329CrossRefGoogle Scholar
  15. Liang Y, Lichen SH, Junyan ZH et al (2018) Heterogeneous information network model for equipment standard system. Phys A 490:935–943CrossRefGoogle Scholar
  16. Lie D, Thekkath CA, Horowitz M (2003) Implementing an untrusted operating system on trusted hardware. In ACM SIGOPS operating systems review, ACM, pp 178–192Google Scholar
  17. Mădălin N, Salvador M (2017) Defending cache memory against cold-boot attacks boosted by power or EM radiation analysis. Microelectron J 62:85–98CrossRefGoogle Scholar
  18. Mohsen J, Fathollah B (2015) Improving the reliability of the Benes network for use in large-scale systems. Microelectron Reliab 55(3–4):679–695Google Scholar
  19. Monali M, Krishna A (2017) Modeling and analyses of IP spoofing attack in 6LoWPAN network. Comput Secur 70:95–110CrossRefGoogle Scholar
  20. Musa A, Gonzalez V, Barragan D, Ambient J (2018) A new strategy to optimize the sensors placement in wireless sensor networks [online]. J Ambient Intell Hum Comput. Google Scholar
  21. Riccardo MG, Ferrari, André MH, Teixeira (2017) Detection and isolation of replay attacks through sensor watermarking. IFAC Pap OnLine 50(1):7363–7368CrossRefGoogle Scholar
  22. Ryan H, George L (2018) Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework. Comput Secur 76:101–127CrossRefGoogle Scholar
  23. Santos JCM, Fei Y (2013) Leveraging speculative architectures for runtime program validation. ACM Trans Embedd Comput Syst 13(1):3CrossRefGoogle Scholar
  24. Schraml R, Hofbauer H, Petutschnigg A et al (2015) Tree log identification based on digital cross-section images of log ends using fingerprint and iris recognition methods. In: International conference on computer analysis of images and patterns, CAIP 2015, pp 752–765Google Scholar
  25. Shubhabrata S, Jörn WJ (2017) Aegis: reliable application execution over the mobile cloud. Procedia Comput Sci 109:482–489CrossRefGoogle Scholar
  26. Susil KB, Vashek M (2018) Investigating results and performance of search and construction algorithms for word-based LFSRs, σ-LFSRs. Discret Appl Math 243:90–98MathSciNetCrossRefzbMATHGoogle Scholar
  27. Xiaojun ZH, Amine ASA, Abbes A et al (2017) ECG encryption and identification based security solution on the Zynq SoC for connected health systems. J Parallel Distrib Comput 106:143–152CrossRefGoogle Scholar
  28. Xingyuan W, Xiaoqiang ZH, Xiangjun W et al (2018) Image encryption algorithm based on multiple mixed hash functions and cyclic shift. Opt Lasers Eng 107:370–379CrossRefGoogle Scholar
  29. Xiongwei F, Kenli L, Wangdong Y et al (2016) A secure and efficient file protecting system based on SHA3 and parallel AES. Parallel Comput 52:106–132CrossRefGoogle Scholar
  30. Yuan G, Hong A, Zenghui F et al (2018) Mobile network security and privacy in WSN. Procedia Comput Sci 129:324–330CrossRefGoogle Scholar
  31. Yun RQ, Viktor KP (2016) Compact hash tables for decision-trees. Parallel Comput 54:121–127MathSciNetCrossRefGoogle Scholar
  32. Zhe L, Hwajeong S, Chien-Ning CH et al (2018) Secure GCM implementation on AVR. Discret Appl Math 21:58–66MathSciNetzbMATHGoogle Scholar
  33. Zhongyun H, Shuang Y, Yicong ZH (2018) Medical image encryption using high-speed scrambling and pixel adaptive diffusion. Signal Process 144:134–144CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Engineering University of PAPXi’anChina
  2. 2.State Key Laboratory of CryptologyBeijingChina

Personalised recommendations