Secure Processor

The concept of a secure processor is fundamentally based on bus encryption proposed by Best [66, 67] in 1979. In his proposal, all data and instructions are encrypted and only decrypted inside the microprocessor chip. Based on this architecture, VLSI technology [68] proposed having an on-chip memory management unit for encrypted instruction and data transfer from an off-chip memory on a page-by-page basis. General Instrument Corporation [69] fur- ther optimized the system using a triple Data Encryption Standard in block chaining mode for encryption and a keyed hash algorithm for authentication. The Maxim DS5250 secure microprocessor [65] is designed to meet the physical security requirements of Federal Information Processing Standards (FIPS) 140 and Common Criteria certifications. In addition to the triple-DES bus encryp- tion, it has a microprobe shield and environmental sensors to trigger a rapid “zeroization” of secure information as a tamper response. All these industrial efforts target standalone embedded processor applications where software is pre-loaded into the system during manufacturing.

Until recently, there are a number of works targeting DRM, in which soft- ware is dynamically and remotely installed into the system requiring similar but more sophisticated architecture. In general, each secure processor is as- sociated with a factory-built private key. To protect the application software, software vendors encrypt their application’s binary using a symmetric-key en- cryption, where the key is distributed to each secure processor using its public- private key pair. Their security goal is to protect application code and data as a whole.

ing systems are untrusted. It provides an isolated memory compartment in hardware for each application. Each compartment has its own session key and this key is used to en-/decrypt the associated instruction and data. At any time there is only one memory compartment active and the corresponding ses- sion key is loaded for on-chip en-/decryption. To manage the session keys and the hardware resources, a XOM Specific Operating System (XOMOS) [70] is also developed. The XOMOS virtualizes the session key table to support as many applications to be run in its own memory compartment as possible.

AEGIS [25], having a similar security model, provides more flexibility of the protection mechanism. Apart from the untrusted operating system solu- tion, AEGIS also develops a scheme which uses a trusted security kernel to handle multi-tasking and provide security features for applications. The secu- rity kernel can be securely booted using the root of trust in the processor chip. It further replaces the root of trust from a factory-installed private key to a Physical Unclonable Function (PUF) [71]. It also uses a One-Time Pad (OTP) encryption scheme proposed by Yang et al. [36] to address the performance overhead in XOM architecture. In XOM, the encryption latency is added di- rectly to the memory access critical path which results in high performance penalty. The proposed OTP encryption yields significant improvement in per- formance because it allows the en-/decryption to be performed in parallel to memory access from off-chip memory.

Secure architecture is also designed to protect sensitive data in portable devices. Relying on a permanent private key inside the processor simply re- stricts the portability of trust from one device to another. Secret-Protected (SP) architecture [26] and Bastion [33] focus on the management of keys. They propose new architectures to bind the critical secret to a user-defined master key instead of a factory-installed private key.

In SP [26] architecture, a user master key is generated by hashing a passphrase from the user’s input via a secure I/O. After the master key is generated, a

hierarchical key chain can be further developed for various cryptographic op- erations. A Trusted Software Module (TSM) is used to manage the key chain, including the user’s master key. The TSM’s functionalities can vary for vari- ous applications depending on the security requirement. The SP architecture supports a concealed execution mode to protect the execution of TSM. In this concealed execution mode, all instructions and data going to the off-chip mem- ory are protected by encryption and hashing. In a new version of SP [72], it extends local trust of a user’s secret on his own device to a remote trust model on multiple devices owned by a single authority.

Bastion [33] architecture, based on SP architecture, provides scalable TSM establishment and individual attestation through a trusted hypervisor. The Bastion architecture first secures the execution of hypervisor, which in turn provides execution protection to the multiple TSMs invoked in the system. Each TSM has its own isolated memory compartment enforced by access rules implemented in TLB. On-chip cryptographic engines are used to protect run- time memory used by the trusted hypervisor and the TSMs.

Iso-X [27], similar to Bastion, provides hardware enforced isolation on TLB and off-chip memory encryption to multiple trusted processes. The major dif- ference between Iso-X and Bastion is that it eliminates the trusted hypervisor and pushes the management of multiple trusted processes into hardware. This is achieved by reserving a memory region for storing management information, where it is only accessible by the Iso-X hardware. The management informa- tion involves a compartment vector and a compartment table. Compartment vector is used to map the physical memory page to each compartment, while compartment table describes each compartment created in the system.

A secure processor provides off-chip memory encryption and an integrity check mechanism for application code and data as a whole. It does not consider an application scenario that the data provider and software provider are from different parties. Also, when the application and data need to be migrated from

one to another secure processor, the data have to be re-encrypted because of the different encryption keys used in different secure processors.