Memory Protection with Dynamic Authentication Trees

M. Millar, M. Łukowiak, S. Radziszowski (Rochester Inst. of Techn., USA)

As embedded devices increase in use and handle more critical information and functionalities, the importance of security grows even greater. Defense against bus attacks such as spoofing, splicing, and replay attacks is of particular concern. Traditional memory authentication techniques, such as hashes and message authentication codes, require significant amounts of on-chip memory and introduce a large performance impact when protecting off-chip memory during run-time. Balanced authentication trees such as the well-known Merkle tree or TEC-Tree are widely used to reduce this cost. This work proposes a new method of dynamic authentication trees, which update a tree structure based on a processor's memory access pattern. An HDL model for use in an FPGA is developed as a transparent and highly customizable AXI-4 memory controller. The performance of our tree design is comparable to that of the TEC-Tree in several memory access patterns. Speedup over the TEC-Tree is possible to achieve when applied in scenarios that frequently access previously processed data.