부산대학교 도서관

The trusted execution environment protects data by taking advantage of memory isolation schemes. Most of the software implementations on security enclaves offer a framework that can be implemented on any processor architecture. Assuming that privilege escalation is not possible through software means, the only way to access protected data is over authentication over a driver in kernel mode. However, the use of hardware back-doors cannot prevent processor execution in more privileged modes. Implementation of kernel-mode allows the reading of sensitive data over the protected regions of memory. In this work, a proposal of crypto-accelerator is described. The peripheral bus in the proposed architecture features a write-only secure memory. That means the cryptography operations on the software level can not read the sensitive data from that secure memory. This approach suppresses any cache coherence manipulator and fault execution-related attacks against reading sensitive data. The peripheral can be useful to accelerate the cryptography operations, and store securely intermediate calculations as well as storing secure keys. The time of execution compared to the software counterpart can be reduced down to 2.5 decades, and the throughput is risen to 3 decades, reaching speeds of 30MB/s for large chunks of data. The total area represents 10.7% of the total area of a dual-core RISC-V processor with RV64IMAFC extensions and TileLink buses.