Memory Encryption for Smart Cards

  • Barış Ege
  • Elif Bilge Kavun
  • Tolga Yalçın
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7079)


With the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. Lightweight and low-latency cryptographic modules are a promising solution to this problem. In this study, memory encryption schemes using counter (CTR) and XOR-Encrypt-XOR (XEX) modes of operation are adapted for the target application, and utilized using various implementations of the block ciphers AES and PRESENT. Both schemes are implemented with a block cipher-based address scrambling scheme, as well as a special write counter scheme in order to extend the lifetime of the encryption key in CTR-mode. Using the lightweight cipher PRESENT, it is possible to implement a smart card NVM encryption scheme with less than 6K gate equivalents and zero additional latency.


memory encryption smart card low-latency block cipher AES PRESENT 


  1. 1.
    Duc, G., Keryell, R.: Cryptopage: An efficient secure architecture with memory encryption, integrity and information leakage protection. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 483–492. IEEE Computer Society, Washington, DC, USA (2006) ISBN 0-7695-2716-7Google Scholar
  2. 2.
    Rogers, B., Solihin, Y., Prvulovic, M.: Memory predecryption: hiding the latency overhead of memory encryption. SIGARCH Comput. Archit. News 33, 27–33 (2005)CrossRefGoogle Scholar
  3. 3.
    Shi, W., Lee, H.-H.S., Ghosh, M., Lu, C., Boldyreva, A.: High efficiency counter mode security architecture via prediction and precomputation. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture, ISCA 2005, pp. 14–24. IEEE Computer Society, Washington, DC, USA (2005) ISBN 0-7695-2270-XGoogle Scholar
  4. 4.
    Edward Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, p. 339. IEEE Computer Society, Washington, DC, USA (2003)Google Scholar
  5. 5.
    Yang, J., Zhang, Y., Gao, L.: Fast secure processor for inhibiting software piracy and tampering. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, p. 351. IEEE Computer Society, Washington, DC, USA (2003) ISBN 0-7695-2043-XGoogle Scholar
  6. 6.
    IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. IEEE Std 1619-2007, c1–c32, April 18 (2008)Google Scholar
  7. 7.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004) 10.1007/978-3-540-30539-2_2CrossRefGoogle Scholar
  8. 8.
    Alyanaklan, E., et al.: The smart & secure world in 2020. Technical report, Eurosmart (2007)Google Scholar
  9. 9.
    Daemen, J., Rijmen, V.: The block cipher rijndael. In: Proceedings of the The International Conference on Smart Card Research and Applications, pp. 277–284. Springer, London (2000) ISBN 3-540-67923-5CrossRefGoogle Scholar
  10. 10.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: Present: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007) ISBN 978-3-540-74734-5CrossRefGoogle Scholar
  11. 11.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. J. Cryptology 24(3), 588–613 (2011)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Lie, D.J.: Architectural support for copy and tamper-resistant software. PhD thesis, Stanford, CA, USA (2004) AAI3111747Google Scholar
  13. 13.
    Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In: Proceedings of the 43rd Annual Design Automation Conference, DAC 2006, pp. 506–509. ACM, New York (2006) ISBN 1-59593-381-6CrossRefGoogle Scholar
  14. 14.
    Elbaz, R., Champagne, D., Gebotys, C., Lee, R.B., Potlapally, N., Torres, L.: Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science IV. LNCS, vol. 5430, pp. 1–22. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Leander, G.: Small scale variants of the block cipher present. Cryptology ePrint Archive, Report 2010/143 (2010),
  16. 16.
    Li, H., Friggstad, Z.: An efficient architecture for the aes mix columns operation. ISCAS (5), 4637–4640 (2005)Google Scholar
  17. 17.
    Paar, C.: Efficient VLSI Architectures for Bit-Parallel Computation in Galois Fields. PhD thesis, Institute for Experimental Mathematics, Universität Essen (1994)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Barış Ege
    • 1
  • Elif Bilge Kavun
    • 2
  • Tolga Yalçın
    • 2
  1. 1.Institute of Applied MathematicsMiddle East Technical UniversityTurkey
  2. 2.Embedded Security, HGIRuhr University BochumGermany

Personalised recommendations