Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Architectural support for copy and tamper resistant software
ACM SIGPLAN Notices
Efficient Memory Integrity Verification and Encryption for Secure Processors
Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions
Proceedings of the 32nd annual international symposium on Computer Architecture
Improving Cost, Performance, and Security of Memory Encryption and Authentication
Proceedings of the 33rd annual international symposium on Computer Architecture
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
| Hi-index | 0.00 |
Trusted execution environments (TEEs) are widely deployed both on mobile devices as well as in personal computers. TEEs typically have a small amount of physically secure memory but they are not enough to realize certain algorithms, such as authenticated encryption modes, in the standard manner. TEEs can however access the much larger but untrusted system memory using which "pipelined" variants of these algorithms can be realized by gradually reading input from, and/or writing output to the untrusted memory. In this paper, we motivate the need for pipelined variants of authenticated encryption modes in TEEs, describe a pipelined version of the EAX mode, and prove that it is as secure as standard, "baseline", EAX. We point out potential pitfalls in mapping the abstract description of a pipelined variant to concrete implementation and discuss how these can be avoided. We also discuss other algorithms which can be adapted to the pipelined setting and proved correct in a similar fashion.