Efficient Off-chip Memory Protection Mechanism for Embedded Computing Systems using AES-GCM

Off-chip memory security has become a prime concern in embedded computing systems due to the requirement of storing a large amount of potentially sensitive information in them. Existing solutions have performance imperfection because of their deployment of hash tree or unaffordable on-chip memory overhead. In this paper, we propose an efficient off-chip memory protection mechanism based on Advanced Encryption Standard - Galois/Counter Mode (AES-GCM) to provide both confidentiality and integrity protection for data and programs transferred from processor to off-chip memory in embedded computing systems. Our proposal is a novel memory protection mechanism: in order to ensure security and minimize on-chip memory overhead, AES-GCM hardware engine is running and dynamically switching between two modes, one mode for processing data and programs (DP mode), the other mode for processing the cryptographic parameter of IV (IV mode). It can resist well-known physical attacks, including replay attacks, relocation attacks and spoofing attacks. We demonstrate that our memory protection mechanism incurs as little as 1.56