Dynamic encryption key design and management for memory data encryption in embedded systems

To effectively encrypt data memory contents of an embedded processor, multiple keys which are dynamically changed are necessary. However, the resources required to store and manage these keys on-chip (so that they are secure) can be extensive. This paper presents a design where each dynamic key is determined by a random number, a counter value, and a memory address, and is unique to the data in a memory location. The counter value, dedicated to a given memory location, controls the duration of the random number for the key associated with the location. The counter table and random number table are used for key storage. We reduce on-chip resources by customizing the counter table and allowing a pool of random numbers to be shared amongst the keys. The random numbers are dynamically updated during the application execution. We propose a key generation and management scheme such that the random number pool is extremely small (hence low memory consumption) yet sufficient for the uniqueness and randomness of each dynamic key. Experiments on a set of applications show that on average, large overhead (90% on chip area and 92% on power consumption) can be saved for a same security level, when compared to the state-of-the-art approach.