1. Patent Search
  2. Details

Method of Writing Data to a Memory Device and Reading Data From the Memory Device

20180011995 · 2018-01-11

    Inventors

    Cpc classification

    International classification

    Abstract

    A method of writing data to a memory device and reading data from the memory device includes issuing a challenge to a PUF device during a power-up process in order to derive a PUF response, error correcting the PUF response, providing delinearized addresses via a delinearization algorithm to the memory device using the error corrected PUF response, masking data, which is written to the memory device, via a masking module using the error corrected PUF response, de-masking data, which is read from the memory device, via the masking module (19) using the error corrected PUF response; and performing a check-sum verification of read data such that address delinearization and data masking are used together to obfuscate the memory content.

    Claims

    1.-8. (canceled)

    9. A method of writing data to a memory device and reading data from the memory device, comprising: issuing a challenge to a Physical Unclonable Function (PUF) device during a power-up process to derive a PUF response; error correcting the PUF response; providing delinearized addresses via a delinearization algorithm to the memory device using the error corrected PUF response; masking data, which is written to the memory device, via a masking module using the error corrected PUF response; de-masking data, which is read from the memory device, via the masking module using the error corrected PUF response; and performing a check-sum verification of read data.

    10. The method of claim 9, wherein the check-sum verification is performed by using a cyclic error-correcting code.

    11. The method of claim 9, further comprising: generating a reset signal in case of data falsification to reset a processor which interacts with the memory device.

    12. The method of claim 10, further comprising: generating a reset signal in case of data falsification to reset a processor which interacts with the memory device.

    13. The method of claim 9, wherein the data is masked with the error corrected PUF response using an XOR operator; and wherein the data is revealed out of masked data with the error corrected PUF response using the XOR operator.

    14. The method of claim 10, wherein the data is masked with the error corrected PUF response using an XOR operator; and wherein the data is revealed out of masked data with the error corrected PUF response using the XOR operator.

    15. The method of claim 11, wherein the data is masked with the error corrected PUF response using an XOR operator; and wherein the data is revealed out of masked data with the error corrected PUF response using the XOR operator.

    16. The method of claim 9, wherein the PUF device utilizes silicon physical unclonable functions of a system on chip which comprises a processor and a memory controller.

    17. A system on chip comprising: a processor; a memory controller; and a memory obfuscation module which is connected to a data bus and a address bus; wherein the memory obfuscation module is configured to: issue a challenge to a Physical Unclonable Function (PUF) device during a power-up process to derive a PUF response; error correct the PUF response; provide delinearized addresses via a delinearization algorithm to a memory device using the error corrected PUF response; mask data, which is written to the memory device, via a masking module using the error corrected PUF response; de-mask data, which is read from the memory device, via the masking module using the error corrected PUF response; and performing a check-sum verification of read data.

    18. The system of claim 17, wherein the obfuscation module comprises the PUF device, an address delinearization module and a data masking module.

    19. The system of claim 18, wherein the obfuscation module comprises an error correction module connected to the PUF device.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0019] The invention will be described hereinafter in more detail and by way of example, with reference to the drawings, in which:

    [0020] FIG. 1 is a device structure in accordance with the invention;

    [0021] FIG. 2 is a structure of a memory obfuscation module in accordance with the invention; and

    [0022] FIG. 3 is a flowchart illustrating the method of memory obfuscation and de-obfuscation in accordance with the invention.

    DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

    [0023] FIG. 1 shows a system on chip (SoC) with a memory controller 1 that is connected to an address bus 2 and a data bus 3. Via theses busses 2, 3, addresses and data are exchanged with various memory devices 4, 5, 6, such as RAM 4, rewritable memory 5 or ROM 6. For this purpose the memory controller 1 and the memory devices 4, 5, 6 comprise address connections 7 and data connections 8.

    [0024] The RAM 4 and the rewritable memory 5 comprise R/W′-inputs 9, which are connected to a corresponding output 10 of the memory controller 1. Additionally, each memory device 4, 5, 6 comprises a CE-input 11 that is respectively connected to a corresponding CS-output 12, 13, 14 of the memory controller 1.

    [0025] The memory controller 1 is responsible for accessing the external memories 4, 5, 6 attached to the SoC. The memory controller 1 sets the address on the address bus 2 and reads or writes the data via data bus 3.

    [0026] Adjacent to the memory controller 1 the inventive obfuscation module 15 is connected to the busses 2, 3. In particular, the obfuscation module 15 is arranged between the memory controller 1 and the memory devices 4, 5, 6.

    [0027] The obfuscation module 15 is shown in FIG. 2 in detail. Obfuscation module 15 comprises a PUF device 16 that responds to a challenge with a unique output by utilizing a silicon physical unclonable function.

    [0028] The PUF device 16 utilizes the fact that no integrated circuit (IC) is similar to another because of production process variations. For example, path delays vary enough across ICs to use them for identification. Therefore, PUF provides a direct link between the physical properties of the silicon device and the security level provided.

    [0029] The output of the PUF device 16 is input to an error correction module 17 to make the PUF response consistent.

    [0030] The error corrected PUF response is used in the obfuscation structure as such, i.e., in an address delinearization module 18 and in a data masking module 19.

    [0031] The address delinearization module 18 is connected to the address bus 2 and delinearizes the exchanged addresses. The data masking module 19 is connected to the data bus 3 and masks or de-masks the exchanged data.

    [0032] The different method steps are described with reference to the flowchart shown in FIG. 3.

    [0033] During power-up (step 20) the PUF device 16 is challenged (step 21). As a result the PUF response is derived 22. In a next step (23), the PUF response is error corrected. Next, the error corrected PUF response is then passed to the address delinearization (address obfuscation) (step 24) and data masking or de-masking is performed (step 25).

    [0034] Address delinearization (step 24) and masking or de-masking (step 25) are implemented with any known mathematically proven theory in order to realize the needed functionality. Address delinearization (step 24) randomizes the addresses of code and data segments. For this purpose, the error corrected PUF response is considered as random response.

    [0035] During the write operation, the addresses are delinearized and the data to be written is masked with the error corrected PUF response. During the read operation, the same addresses are selected as before but the data is de-masked, thus revealing the original data.

    [0036] In order to check the validity of the read data, check-sum verification (step 26) is performed. For this purpose the cyclic error-correcting code (CRC) is preferred.

    [0037] If the silicon device is subject to any physical attacks, the PUF response changes, thus yielding wrong addresses and wrong data during the de-masking operation. In this case, the validity decision (step 27) of the check-sum is NO.

    [0038] There are different possibilities for a reaction (step 28). The simplest way is to issue an alarm. A more sophisticated approach is to reset a processor (CPU) of the SoC, whereas any attack is blocked immediately.

    [0039] If the check-sum verification (step 26) results in a YES-decision, an execution (step 29) of the loaded code is performed.

    [0040] While there have been shown, described and pointed out fundamental novel features of the invention as applied to a preferred embodiment thereof, it will be understood that various omissions and substitutions and changes in the form and details of the methods described and the devices illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements and/or method steps shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed or described or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.