Efficient, secure, and isolated execution of cryptographic algorithms on a cryptographic unit

摘要

Cryptographic algorithms handle sensitive information and their safe execution plays an essential role in many security applications. When implemented in software on general-purpose computers, cryptographic algorithms are vulnerable to a variety of attacks such as side-channel and cold-boot attacks since they either share hardware resources with other simultaneously executing processes or store sensitive information in easily accessible places (e.g. main memory). In this paper, we demonstrate that secure and isolated execution of cryptographic algorithms is possible on a cryptographic unit that can easily be integrated to all RISC processors. The cryptographic unit is capable of physically isolating the execution of cryptographic algorithms from all other simultaneously executing processes. By specifically providing an AES implementation running in this isolated execution environment we demonstrate that it is possible to provide physical process isolation for cryptographic algorithms without any significant overhead in execution time. Furthermore, the proposed technique protects the cryptographic applications against cold-boot and cache attacks as well as any other threats originated from other processes since the sensitive material never leave the cryptographic unit. We realized a RISC-based embedded processor with five-stage pipeline featuring the cryptographic unit on an FPGA device. We included the implementation results both for FPGA and ASIC realizations.