iCETD: An improved tag generation design for memory data authentication in embedded processor systems

Security becomes increasingly important in computing systems. Data integrity is of utmost importance. One way to protect data integrity is attaching an identifying tag to individual data. The authenticity of the data can then be checked against its tag. If the data is altered by the adversary, the related tag becomes invalid and the attack will be detected. The work presented in this paper studies an existing tag design (CETD) for authenticating memory data in embedded processor systems, where data that are stored in the memory or transferred over the bus can be tampered. Compared to other designs, this design offers the flexibility of trading-off between the implementation cost and tag size (hence the level of security); the design is cost effective and can counter the data integrity attack with random values (namely the fake values used to replace the valid data in the attack are random). However, we find that the design is vulnerable when the fake data is not randomly selected. For some data, their tags are not distributed over the full tag value space but rather limited to a much reduced set of values. When those values were chosen as the fake value, the data alteration would likely go undetected. In this article, we analytically investigate this problem and propose a low cost enhancement to ensure the full-range distribution of tag values for each data, hence effectively removing the vulnerability of the original design.