Fully Batch Processing Enabled Memory Integrity Verification Algorithm Based on Merkle Tree
Memory attacks have been increasing in number recently. Adversary can manipulate memory data or break system by doing active attacks. Especially, main memory is used as a target of attack, because main memory is more vulnerable than other components, such as CPU. To prevent adversary’s active attack, memory integrity verification algorithm has been proposed. Protection of computer’s memory integrity is important in situations where attacks on the computer systems are a threat. As technology has advanced, computer systems migrate from wire-based to wireless system. A lot of memory integrity verification algorithms are already developed, but these algorithms do not consider new wireless platform. Wireless platform is constrained by a lack of storage and power supply in comparison with wire-based system, therefore computational overhead and storage overhead must be considered when applying to algorithm, which is used in wireless system. In this study, integrity verification performance can be improved by doing batch-processing. Previous verification algorithms based on Merkle tree do not support fully batch processing verification. We propose fully batch processing enabled memory integrity verification algorithm based on Merkle tree. This algorithms can verify memory integrity in completely batches. For implement our algorithm, we use Incremental multiset hash function, and as a result, consume only 480-bit on-chip storage. Reducing consumption of on-chip storage leads to improving on the performance of computation. We implement our algorithm and previous memory integrity verification algorithms based on standard Merkle tree and lazy-processing Merkle tree in simulator to compare their performance. Our algorithm offers better system performance overall, especially when attack rarely occur.
KeywordsMemory integrity Incremental multiset hash function Temper-resistant Merkle tree
This work was supported by the National Research Foundation of Korea Grant funded by the Korean Government (NRF-2014R1A2A2A01006957) and the Institute for Information & communication Technology Promotion (IITP) grant funded by the Korea government. (MSIP) (No. 10041244, SmartTV 2.0 Software Platform).
- 1.Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: USENIX Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)Google Scholar
- 2.Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the cor-rectness of memories. In: Proceedings of the 32nd IEEE Symposium on Foundations of Computer Science 1991, pp. 90–99 (1991)Google Scholar
- 4.Clarke, D., Suh, G.E., Gassend, B., Sudan, A., Van Dijk, M., Devadas, S.: Towards constant bandwidth overhead integrity checking of untrusted data. In: IEEE Symposium on Security and Privacy, 2005, pp. 139–153 (2005)Google Scholar
- 5.Eastlake, D., Jones, P.: US secure hash algorithm 1 (SHA1) (2001). http://www.hjp.at/doc/rfc/rfc3174.html
- 6.Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. Grid Comput. Environ. Workshop 2008, 1–10 (2008)Google Scholar
- 7.Gassend, B., Suh, G.E., Clarke, D., Van Dijk, M., Devadas, S.: Caches and hash trees for efficient memory integrity verification. High Perform. Comput. Archit. 2003, 295–306 (2003)Google Scholar
- 9.Merkle, R.C.: Protocols for public key cryptosystems. IEEE Symp. Secur. Priv. 1980, 122–123 (1980)Google Scholar
- 10.Patel, A., Afram, F., Ghose, K.: Marss-x86: A qemu-based micro-architectural and systems simulator for x86 multicore processors. In: 1st International Qemu Users’ Forum, pp. 29–30 (2011)Google Scholar
- 11.Rogers, B., Chhabra, S., Prvulovic, M., Solihin, Y.: Using address independent seed encryption and bonsai merkle trees to make secure processors os and performance-friendly. In: Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture 2007, pp. 183–196 (2007)Google Scholar
- 12.Suh, G.E., Clarke, D., Gassend, B., Dijk, M.V., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture 2003, p. 339 (2003)Google Scholar
- 13.Szefer, J., Biedermann, S.: Towards fast hardware memory integrity checking with skewed Merkle trees. In: Proceedings of the Third Workshop on Hard-ware and Architectural Support for Security and Privacy 2014, p. 9 (2014)Google Scholar
- 14.Yourst, M.T.: PTLsim: A cycle accurate full system x86-64 microarchitec-tural simulator. In: IEEE International Symposium on Performance Analysis of Systems & Software, ISPASS 2007, pp. 23–34 (2007)Google Scholar