ADDRESS DEPENDENT DATA ENCRYPTION
Encryption of data within a memory is provided by key generation circuitry which serves to generate a key as a function of the address within the memory being accessed and then encryption circuitry or decryption circuitry which serve respectively to encrypt or decrypt the data as a function of the key that has been generated based upon the address. The encryption and the decryption may be performed using a bitwise XOR operation. The key generation circuitry may have the form of physically unclonable function circuitry, which varies from instance to instance of implementation and that operates to generate the same key for the same address upon both write and read operations within the same instance.
This application is a continuation of U.S. application Ser. No. 14/486,181 filed Sep. 15, 2014, the entire contents of which are incorporated herein by reference in this application.
BACKGROUNDThis disclosure relates to the field of data processing systems. More particularly, this disclosure relates to the encryption of data within data processing systems.
It is known to protect sensitive data, such as encryption key data, financial data and the like, using encryption mechanisms within data processing systems. An assumption often made within data processing systems in relation to the protection of data is that when that data is erased from a memory, then it will not be recoverable. For example, when power to a volatile memory is removed, the data within that memory is assumed to be erased. However, in practice there may be physical characteristics of the memory that allow erased data to be reconstructed. Data remnance poses a threat to systems that make this assumption, i.e. that data erased from a memory will not be recoverable.
Another potential problem with data encryption mechanisms is that these may consume a disadvantageous amount of energy when encrypting and decrypting data. For example, complex algorithms, such as RSA, can consume many hundreds of thousands of processing cycles to perform their encryption and decryption operations. Within systems with energy budget constraints, such as battery-operated internet-of things devices, the energy consumed by such encryption and decryption mechanisms is a disadvantage.
SUMMARYViewed from one aspect the present disclosure provides apparatus comprising:
memory to store encrypted data representing unencrypted data at a storage location specified by an address;
key generation circuitry to generate a key as a function of said address;
encryption circuitry to encrypt said unencrypted data to form said encrypted data as a function of said key.
Viewed from another aspect the present disclosure provides apparatus comprising:
memory means for storing encrypted data representing unencrypted data at a storage location specified by an address;
key generation means for generating a key as a function of said address;
encryption means for encrypting said unencrypted data to form said encrypted data as a function of said key.
Viewed from another aspect the present disclosure provides a method comprising the steps of:
storing encrypted data representing unencrypted data at a storage location specified by an address;
generating a key as a function of said address;
encrypting said unencrypted data to form said encrypted data as a function of said key.
Viewed from another aspect the present disclosure provides apparatus comprising:
memory to store encrypted data representing unencrypted data at a storage location specified by an address;
key generation circuitry to generate a key as a function of said address;
decryption circuitry to decrypt said encrypted data to form said unencrypted data as a function of said key.
Viewed from another aspect the present disclosure provides apparatus comprising:
memory means for storing encrypted data representing unencrypted data at a storage location specified by an address;
key generation means for generating a key as a function of said address;
decryption means for decrypting said encrypted data to form said unencrypted data as a function of said key.
Viewed from another aspect the present disclosure provides a method comprising the steps of:
storing encrypted data representing unencrypted data at a storage location specified by an address;
generating a key as a function of said address;
decrypting said encrypted data to form said unencrypted data as a function of said key.
Example embodiments will now be described, by way of example only, with reference to the accompanying drawings in which:
At least example embodiments of the disclosure provide a low energy and secure mechanism for protecting data whereby the same data written to different addresses within a memory will be encrypted with different keys and accordingly highly likely have a different form. This provides resistance against attacks based upon data remnance as it renders it difficult to identify any particular data within the memory as the same data will highly likely be represented in different forms at different storage locations within the memory.
Security is further enhanced when the key generation circuitry comprises physically unclonable function circuitry (PUF circuitry). There are a variety of different possible forms for such physically unclonable function circuitry, as will be known to those in this technical field.
The address may be used as a challenge input to the physically unclonable function circuitry and the key may be a response output from the physically unclonable function circuitry. The variation from instance to instance of the physically unclonable function circuitry has the result that even if multiple different apparatuses are using the same secret data, the variation in the physically unclonable function circuitry between those different apparatuses will mean that the keys used for the same addresses in the different apparatuses will highly likely be different. Accordingly, such embodiments provide for different keys to be used for different addresses within the same device and for different keys to be used for the same addresses within different devices. This helps resist another form of attack whereby the attacker might seek to analyse multiple devices in order to identify common data at the same addresses within different devices.
While it will be appreciated that the encryption circuitry may use the key in a variety of different ways, one particularly secure way in which the encryption circuitry may be configured is so as to perform one-time-pad encryption of the encrypted data using the key. Such one-time-pad encryption in which any form of unencrypted data may be formed from any form of encrypted data by using a suitable key has the advantage that knowledge of the encrypted data will not assist in yielding any information regarding either the key or the unencrypted data.
Security may be improved within at least some embodiments in which the key has a character width greater than or equal to the character width of the unencrypted data. The use of keys which are at least as wide as the unencrypted data they protect permits a higher degree of security. In practice, as the secret data in some circumstances is likely to be relatively short, it may generally be possible to provide a key which is at least as great in character width.
While the above techniques are generally applicable in providing data security, they can be used with particular advantage to protect systems within which the memory has data remnance behaviour whereby data values stored within the memory induce physical changes within the memory which permit reconstruction of data erased from the memory. Examples of such memories include SRAM memory and DRAM memory. A non-volatile memory is an extreme example of a memory which has data remnance as its nature is that it is intended to provide perfect data remnance.
It will be appreciated that different aspects of the present disclosure comprise a mechanism for writing data to a memory in accordance with the present technique and mechanisms for reading data from a memory in accordance with the present techniques. These mechanisms may also be used in combination. Such embodiments may share the key generation circuitry in a manner which ensures that the same key is generated for encryption as for decryption when the same storage location within the memory is being addressed. Such encryption is turned symmetric encryption.
In operation the processor core 4 executes program instructions and manipulates data which are stored within the memory 6. The program instructions and the data stored within the memory 6 are transformed between an unencrypted form used by the processor core 4 and an encrypted form stored within the memory 6 via the encryption and decryption circuitry 8.
The nature of the physically unclonable function circuitry 12 is such that different instances of this circuit 12 will have different forms such that the same address when applied as a challenge input to these different instances will highly likely generate a different response output. Such device-to-device variation is part of the security afforded by the use of the physically unclonable function circuitry. An individual instance of the physical unclonable function circuitry will repeatedly generate the same response output from the same challenge input such that the key generated for a given address may be the same on both writing the data into the memory 6 and reading the data out of the memory 6. The key can thus be used to support symmetric encryption.
As illustrated in
As illustrated in
Although illustrative embodiments of the invention have been described in detail herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various changes, additions and modifications can be effected therein by one skilled in the art without departing from the scope and spirit of the invention as defined by the appended claims. For example, various combinations of the features of the dependent claims could be made with the features of the independent claims without departing from the scope of the present invention.
Claims
1. Apparatus comprising:
- memory to store encrypted data representing unencrypted data at a storage location specified by an address;
- key generation circuitry to generate a key as a function of said address;
- encryption circuitry to encrypt said unencrypted data to form said encrypted data as a function of said key.
2. Apparatus as claimed in claim 1, wherein a given data value stored at different storage locations is encrypted using keys generated as a function of different respective addresses.
3. Apparatus as claimed in claim 1, wherein key generation circuitry comprises physically unclonable function circuitry, wherein said address is a challenge input to said physically unclonable function circuitry and said key is a response output from said physically unclonable function circuitry.
4. Apparatus as claimed in claim 1, wherein said encryption circuitry has a configuration to perform one-time-pad encryption of said unencrypted data using said key.
5. Apparatus as claimed in claim 1, wherein said key has a character width greater than or equal to a character width of said unencrypted data.
6. Apparatus as claimed in claim 1, wherein said encryption circuitry has a configuration to perform a bitwise XOR of said unencrypted data with said key to form said encrypted data.
7. Apparatus as claimed in claim 1, wherein said memory has data remanence behaviour whereby data values stored within said memory induce physical changes within said memory to permit reconstruction of data erased from said memory.
8. Apparatus as claimed in claim 7, wherein said memory is one of:
- an SRAM memory;
- a DRAM memory; and
- a non-volatile memory.
9. A method comprising the steps of:
- storing encrypted data representing unencrypted data at a storage location specified by an address; and
- generating a key as a function of said address;
- said method comprising one of: encrypting said unencrypted data to form said encrypted data as a function of said key; and decrypting said encrypted data to form said unencrypted data as a function of said key.
10. Apparatus comprising:
- memory to store encrypted data representing unencrypted data at a storage location specified by an address;
- key generation circuitry to generate a key as a function of said address;
- decryption circuitry to decrypt said encrypted data to form said unencrypted data as a function of said key.
11. Apparatus as claimed in claim 10, wherein a given data value stored at different storage locations is encrypted using keys generated as a function of different respective addresses.
12. Apparatus as claimed in claim 10, wherein key generation circuitry comprises physically unclonable function circuitry, wherein said address is a challenge input to said physically unclonable function circuitry and said key is a response output from said physically unclonable function circuitry.
13. Apparatus as claimed in claim 10, wherein said decryption circuitry has a configuration to perform one-time-pad decryption of said encrypted data using said key.
14. Apparatus as claimed in claim 10, wherein said key has a character width greater than or equal to a character width of said encrypted data.
15. Apparatus as claimed in claim 10, wherein said decryption circuitry has a configuration to perform a bitwise XOR of said encrypted data with said key to form said unencrypted data.
16. Apparatus as claimed in claim 10, wherein said memory has data remanence behaviour whereby data values stored within said memory induce physical changes within said memory to permit reconstruction of data erased from said memory.
17. Apparatus as claimed in claim 16, wherein said memory is one of:
- an SRAM memory;
- a DRAM memory; and
- a non-volatile memory.
18. Apparatus as claimed in claim 10, comprising encryption circuitry to encrypt said unencrypted data to form said encrypted data as a function of said key.
Type: Application
Filed: Oct 27, 2016
Publication Date: Feb 16, 2017
Inventors: Vikas CHANDRA (San Jose, CA), Robert Campbell AITKEN (San Jose, CA)
Application Number: 15/335,479