Bus and memory protection through chain-generated and tree-verified IV for multiprocessors systems

Protecting information against malicious disclosure and tampering is crucial to secure/trusted computing. This paper proposes a method to protect the off-chip data in symmetric shared memory multiprocessors systems. Existing techniques have flaws in either security or performance, which are mainly due to their management of cipher parameter and their deployment of hash tree. The proposed method provides data encryption and authentication through constructing a pair of (data, MAC, IV) for each data block to be protected, which can ensure data unbroken so far as the cryptographic parameter of IV is un-tampered. To solve the problem of IV management, IV is generated through chaining all the history data transferred on the system bus in time sequence; to solve the problem of hash tree deployment, it restricts hash tree into MCH and forwards IV to the processor through a safe channel. As for security, it can resist any attacks, including the intractable message-drop attack on bus and replay attack on memory. As for performance, it connects bus protection with memory protection smoothly by removing any additional data re-encryption/re-authentication from the data path, and it also eliminates additional message traffic caused by synchronizing a hash tree authentication result among processors. The experiment simulations inspect its specific realization, and the performance results show that it is an efficient way to achieve data protection for a shared memory multiprocessor system.

► It protects memory and bus data through the associated pairs of (data, MAC, IV). ► It generates each new IV through data history chain to ensure bus security. ► It verifies all of the stored IV through hash tree to ensure memory security. ► Cryptographic operations and message traffics caused by protection are much reduced.