Abstract: Embedded systems in high security-sensitive areas are susceptible to various types of attacks, including stealing passwords, tampering data and offline analysis. Especially, the hardware-level attacks often result in significant losses to the users. In order to defend the above attacks, the off-chip memory is encrypted and authenticated through AES-GCM algorithm. This scheme writes data after encryption, decrypt and authenticate after read data. In addition, a function is built that scrambling password with page address to ensure the encryption strength. Finally LRU cache is introduced to improve its performance. The scheme is implemented on STM32F103 microprocessor platform in software and the feasibility of the system design is proved. The memory stress experiment shows that the system security is strengthened with 9% performance degradation.

Key words: embedded, microprocessor, off-chip memory, encryption and authentication

摘要： 高安全敏感领域的嵌入式系统面临总线监听、数据篡改、离线分析等类型的恶意攻击，试图窃取密码、篡改信息等。特别是配合硬件电路的攻击，给用户造成重大的损失。为了从根本上解决系统外部电路系统攻击威胁，提出片外访存加密认证机制，选择AES-GCM算法，对所有片外写数据进行加密，对读数据进行解密并认证。同时设计一次密码与页地址置乱函数产生二次密钥，保障了加密强度。进一步通过软件实现LRU Cache优化性能，在STM32系列微处理器硬件平台上，软件实现片外访存加密认证机制。在内存压力测试中，加密片外访存性能平均降低了9%。

关键词: 嵌入式, 微处理器, 片外访存, 加密认证