Efficient Encryption-Authentication of Shared Bus-Memory in SMP System

To build secure SMP system with resistance against physical attacks, the essential requirements is to make data encryption and data authentication for both the shared bus and the shared memory. Analysis of such problem educes that it must combine the counter mode encryption with the hash tree based authentication, and such combination must inosculate with the architecture characters of SMP system to decrease additional burdens. Protecting method mainly consists of: (1) associate each data with its MAC and IV to form a (data, MAC, IV) pair, and the un-tampered IV can ensure data to be un-broken; (2) generate IV through tracing the shared bus sequence number, to complete bus data protection; (3) check the stored IV by hash tree, to realize memory data protection; (4) build the entire hash tree into MCH, to eliminate synchronization of tree root among processors; (5) spread tree root authentication result from MCH to processors through the safeguard IV-channel, to connect bus protection and memory protection smoothly to avoid introducing any additional data re-encryption/re-authentication on data path. Other optimizing measures are also applied. Simulations inspect this method, and prove that it is an efficient way to construct SMP data protection system.