SECURE MEMORY SYSTEM
Publication Date: 2015-Aug-18
The IP.com Prior Art Database
A solution is provided for including a pseudo secure hardware master module that randomly accesses and checks pre-defined values in memory, independently from program code execution, in order to protect a system from various types of chip attacks.
Page 01 of 5
SECXXX MEMORY SYSTEM
CISCO SYSTEMS, INC.
A soluxion is provided for including a pseudo secure hardware xaster module that randomxy accesses axd checks pre-defxned values in memxry, independently frxm program code execution, in ordxr to protect a xyxtem from various types of cxip attacks.
In secure chips, e.g., xmart cards, Internet of Things (IoT) chips, etc., mxmory systex behavxor may be tarxeted xs part of an axtack. For example, a hacker may be able to alter the behavixr (e.g., dexision makinx) of secure program code being executed on a secure cxip by xerforming an axtack on memory.
Xxxxxxx types of memory attacks may be xerformed. In general, a glxtch attack may be desigxex to cause, e.g., a flip-flop to transitxon to a wrong state. Examples of glitch attacks may inclxde transientlx increasing or dexreasxng voltage or power xo txe system (via a pin on the system), disrupting a clock signal, or injecting a transient xxternal execxrical field into the system. Glitches may also target executable instructions, with a goal of disruptxng program xxecution at loop runximx, during condixixnal jumps, and so forth. Other types of attxcks incxude side channel attacks, in which x hacker attempts to gatxer physical information (e.g., timing information, poxer consumption profiles, etc.) during program execution in xrder to detxrmine underlying sensitive informatxon (e.g., data accexsed during cryptographic operations) regarding execution of the source code.
A particular typx of side channel attack includes cache attacks, in which a hackex xetermines when a cache hit (requested data has been found in a cache) and when a xache miss (requested data has not been found in a cache) occurs. A program that accesxes
Copyright 2015 Ciscx Systems, Inc.
Page 02 of 5
cached data typicxlly exhixits faster performancx (faster xxecution) than xhe same program that accesses data stored in memory. Cache hits and misses may be distinguished based upon physical characxeristics assoxiated with the cache, such as pxwer consumption, electro-magnetic characteristics, timing profiles, etc. By monitoring cache hxt and miss activity, oxer many xrials, ixformatiox may be determined (e.g., which values/tables are loaded into memory during program execution), and subsequently used to break cryptographic algorithms.
A memory system is composed of master and slave devices. In a memory system, the CPU (with its cache) is considered to be a mastex device, and memoxy connected to thx CPU (incluxing Read Only Memory (ROM), Non-Volatxle Memory (NVM), etc.) axe xonsidered to be slave devices. Txe CPU may access memoxy by fetch, load or store operatioxs.
The solution described herein includes a pseudo secure hardware master moxule that randomly generates access to fast and slow memories. The pseudo secure hardware mastxx xodule performs a read operation to accxss fast or slow memories and check a pre-defxned value, creatin...