Authenticated Encryption Primitives for Size-Constrained Trusted Computing
Trusted execution environments (TEEs) are widely deployed both on mobile devices as well as in personal computers. TEEs typically have a small amount of physically secure memory but they are not enough to realize certain algorithms, such as authenticated encryption modes, in the standard manner. TEEs can however access the much larger but untrusted system memory using which “pipelined” variants of these algorithms can be realized by gradually reading input from, and/or writing output to the untrusted memory. In this paper, we motivate the need for pipelined variants of authenticated encryption modes in TEEs, describe a pipelined version of the EAX mode, and prove that it is as secure as standard, “baseline”, EAX. We point out potential pitfalls in mapping the abstract description of a pipelined variant to concrete implementation and discuss how these can be avoided. We also discuss other algorithms which can be adapted to the pipelined setting and proved correct in a similar fashion.
KeywordsTrusted Computing Platform Security Cryptography
Unable to display preview. Download preview PDF.
- 1.ARM. Trustzone-enabled processor, http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf
- 2.Bellare, M., Rogaway, P.: The game playing technique (2004), http://eprint.iacr.org/2004/331
- 7.GlobalPlatform Device Technology. TEE Internal API Specification. Global Platform, vrtsion 0.27 edition (September 2011), http://www.globalplatform.org/specificationform.asp?fid=7762
- 8.Intel Corporation. Trusted eXecution Technology (TXT) – Measured LaunchedEnvironment Developer’s Guide (December 2009)Google Scholar
- 9.Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 104–115. ACM, New York (2009)Google Scholar
- 11.Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
- 12.Edward Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: MICRO 36: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, p. 339. IEEE Computer Society, Washington, DC (2003)Google Scholar
- 13.Edward Suh, G., O’Donnell, C.W., Sachdev, I., Devadas, S.: Design and implementation of the aegis single-chip secure processor using physical random functions. In: ISCA 2005: Proceedings of the 32nd Annual International Symposium on Computer Architecture, pp. 25–36. IEEE Computer Society, Washington, DC (2005)Google Scholar
- 14.Sundaresan, H.: OMAP platform security features, TI White paper (July 2003), http://focus.ti.com/pdfs/vf/wireless/platformsecuritywp.pdf
- 15.Trusted Platform Module (TPM) Specifications, https://www.trustedcomputinggroup.org/specs/TPM/
- 16.Chenyu, Y., Rogers, B., Englender, D., Solihin, D., Prvulovic, M.: Improving cost, performance, and security of memory encryption and authentication. In: 33rd International Symposium on Computer Architecture, ISCA 2006, Boston, MA, pp. 179–190 (2006)Google Scholar