Marten van Dijk
Consultant, Inventor, Researcher, Applied Mathematician, & Computer Scientist
The AEGIS Processor:
Usually security protects the computer owner from attack, but sometimes the computer owner is the potential
"enemy". For example in digital rights management (DRM) the owner of a computer platform is motivated to
break its security to make illegal copies of protected digital content. In mobile agent applications
sensitive electronic transactions are performed at untrusted hosts. In distributed computing (e.g.,
SETI@home) a user who wants to distribute a large computation can not be certain that the computations
have not been tampered with.
It is becoming common to use a multitude of computing devices that are highly interconnected to access
public as well as private or sensitive data. Users desire open systems for ease-of-use and interoperability,
but on the other hand, they require privacy mechanisms that restrict access to sensitive data, and
authentication mechanisms that ensure data integrity. With the proliferation and increasing usage of
embedded, portable and wearable devices, in addition to protecting against attacks from malignant software,
we also have to be concerned with physical attacks that corrupt data, discover private data or violate
copy-protection, as well as combinations of physical and software attacks. Given these trends, computing
systems have to achieve several goals in order to be secure. Systems should provide tamper-evident (TE)
and private and authenticated tamper-resistant (PTR) environments.
In a conventional approach processing systems contain processor and memory elements in a PTR
environment implemented by means of active intrusion detectors (e.g., IBM 4758). These detectors are
costly, the small tamper-proof package limits the amount of secure computation, and the memory and I/O
subsystems cannot be upgraded easily. Our focus is on enabling single-chip secure processors. All other
components including off-chip untrusted memory are verified by the processor. In this setting the
tamper-proof package only contains the processor, this maximizes the secure computing power.
Memory integrity checking (that is checking whether the value the processor loads from a particular address
is the most recent value that it has stored to that address) is essential to enable single-chip secure
processors and turns out to be possible at an acceptable cost [1,2,3]. We show how caching hashes leads to
practical online integrity checking. We also introduce a new crypto primitive, set-collision resistant
multiset hashes, which makes existing offline integrity checking secure.
AEGIS is a high-level architecture of a single-chip secure processor [5]. It uses memory integrity checking,
memory encryption and a secure context manager. In [4] we show how to implement AES encryption and
decryption such that the decryption latency overlaps with the memory access.
[1] B. Gassend, D. Clarke, G.E. Suh, M. van Dijk, and S. Devadas, Caches and hash trees for efficient
memory integrity verification, Proceedings of the Ninth International Symposium on High Performance
Computer Architecture (HPCA-9), 295-306, 2003.
[2] D. Clarke, S. Devadas, M. van Dijk, B. Gassend, and G.E. Suh, Incremental multiset hashes and their
application to integrity checking, Advances in Cryptology - Asiacrypt 2003, LNCS 2894, 188-207, 2003.
[3] D. Clarke, G.E. Suh, B. Gassend, A. Sudan, M. van Dijk, and S. Devadas, Towards constant bandwidth
overhead integrity checking of untrusted data, IEEE Symposium on Privacy and Security 2005.
[4] G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, Efficient memory integrity verification and
encryption for secure processors, Proceedings of the 36th Annual IEEE/ACM International Symposium on
Microarchitecture, 339-351, 2003.
[5] G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, The AEGIS processor architecture for
tamper-evident and tamper-resistant processing, Proceedings of the 17th Annual ACM International
Conference on Supercomputing (ICS'03), June 2003.
© 2009 Marten van Dijk .
All rights reserved.