Authenticated Encryption Primitives for Size-Constrained Trusted Computing

  • Jan-Erik Ekberg
  • Alexandra Afanasyeva
  • N. Asokan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7344)


Trusted execution environments (TEEs) are widely deployed both on mobile devices as well as in personal computers. TEEs typically have a small amount of physically secure memory but they are not enough to realize certain algorithms, such as authenticated encryption modes, in the standard manner. TEEs can however access the much larger but untrusted system memory using which “pipelined” variants of these algorithms can be realized by gradually reading input from, and/or writing output to the untrusted memory. In this paper, we motivate the need for pipelined variants of authenticated encryption modes in TEEs, describe a pipelined version of the EAX mode, and prove that it is as secure as standard, “baseline”, EAX. We point out potential pitfalls in mapping the abstract description of a pipelined variant to concrete implementation and discuss how these can be avoided. We also discuss other algorithms which can be adapted to the pipelined setting and proved correct in a similar fashion.


Trusted Computing Platform Security Cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Bellare, M., Rogaway, P.: The game playing technique (2004),
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM, New York (1993)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004), doi:10.1007/978-3-540-25937-4-25CrossRefGoogle Scholar
  5. 5.
    Boldyreva, A., Taesombut, N.: Online Encryption Schemes: New Security Notions and Constructions. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 1–14. Springer, Heidelberg (2004), doi:10.1007/978-3-540-24660-2-1CrossRefGoogle Scholar
  6. 6.
    Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated On-Line Encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 145–159. Springer, Heidelberg (2004), doi:10.1007/978-3-540-24654-1-11CrossRefGoogle Scholar
  7. 7.
    GlobalPlatform Device Technology. TEE Internal API Specification. Global Platform, vrtsion 0.27 edition (September 2011),
  8. 8.
    Intel Corporation. Trusted eXecution Technology (TXT) – Measured LaunchedEnvironment Developer’s Guide (December 2009)Google Scholar
  9. 9.
    Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 104–115. ACM, New York (2009)Google Scholar
  10. 10.
    Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software. SIGPLAN Not. 35(11), 168–177 (2000)CrossRefGoogle Scholar
  11. 11.
    Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005),
  12. 12.
    Edward Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: MICRO 36: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, p. 339. IEEE Computer Society, Washington, DC (2003)Google Scholar
  13. 13.
    Edward Suh, G., O’Donnell, C.W., Sachdev, I., Devadas, S.: Design and implementation of the aegis single-chip secure processor using physical random functions. In: ISCA 2005: Proceedings of the 32nd Annual International Symposium on Computer Architecture, pp. 25–36. IEEE Computer Society, Washington, DC (2005)Google Scholar
  14. 14.
    Sundaresan, H.: OMAP platform security features, TI White paper (July 2003),
  15. 15.
    Trusted Platform Module (TPM) Specifications,
  16. 16.
    Chenyu, Y., Rogers, B., Englender, D., Solihin, D., Prvulovic, M.: Improving cost, performance, and security of memory encryption and authentication. In: 33rd International Symposium on Computer Architecture, ISCA 2006, Boston, MA, pp. 179–190 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jan-Erik Ekberg
    • 1
  • Alexandra Afanasyeva
    • 2
  • N. Asokan
    • 1
  1. 1.Nokia Research CenterHelsinkiFinland
  2. 2.State University of Aerospace InstrumentationSaint-PetersburgRussia

Personalised recommendations