On the Security of Untrusted Memory

Embedded systems can be used in versatile applications. At the same time, more and more functionality is demanded from these systems, which necessitates an increase in the size of program and data memory. Thus, an external chip providing additional memory can be added to the microcontroller, which is the system´s core component. However, the connection between microcontroller chip and external memory is an easy target for an attacker. A small alteration in an external program memory can already lead to a radical change in the overall behavior of the embedded system. In security-related applications, such a change in behavior can result in potentially catastrophic consequences. Although there have been proposals for schemes to protect certain aspects of the use of external memories, none provides a comprehensive analysis of potential threats and respective countermeasures. Therefore, we propose a new scheme to detect all manipulations of data in the external memory as well as to prevent an adversary from learning potentially compromising information about the program running inside the microcontroller. Although our scheme entails a non-negligible overhead in terms of processing effort and memory, it is, to the best of our knowledge, the first to provide a practical, uniform and coherent protection for external memory.