Multi-Master RAM Content Protection: Page 3 of 3

March 25, 2020 //By Sandeep Jain, Kirk Taylor, Pradip Singh (NXP Semiconductors)
Multi-Master RAM Content Protection
This article describes a mechanism to secure RAM content by storing the data encrypted and allowing selective decryption of the data, based on master privileges. The feature is especially useful for scenarios where we allow a master to access the RAM data for copy etc but do not allow to interpret the contents. The encryption-decryption steps are handled at the RAM controller level, transparent to the Software.

Configuration bits can be further made as non-readable (write-only), to avoid leaking knowledge of sensitive regions.


Fig. 4  RAM scrambling-de-scrambling for non-secure master

When reading the data, the controller will return additional flag (as sideband AHB/AXI) to indicate if the data is plaintext or not, as shown in Fig 5.

A scrambled data will be available as plaintext to the secure master. The data will be saved encrypted at destination (re-scrambled), based on the flag.


Fig. 5  RAM scrambling-de-scrambling for secure master

Note that gaining knowledge of the function, through test/debug paths, should not be an issue as the RNG source forces a different behavior for each session.

The obfuscation function can be a simple scrambler or a cryptographic function (eg AES), based on the area and performance overheads acceptable in the system

Summary: There are multiple access-restriction solutions in the industry, catering to master based access controls. The solutions either provide complete access or complete denial of content (in any form). In this article, we discussed a solution that creates another layer with interpretable access vs black-box access.

About the authors:

Sandeep Jain (sandeep.j@nxp.com) is Security designer at NXP

Kirk Taylor (kirk.taylor@nxp.com) is Security architect at NXP

Pradip Singh (pradip.singh@nxp.com) is Security FW designer at NXP

References:

  1. US 8560863 B2 - Systems and techniques for datapath security in a system-on-a-chp device
  2. NXP Extended Resource Domain Controller xRDC
  3. US9400890 - Method and devices for selective RAM scrambling
Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.