Design and Performance Evaluation of the SCAN Secure Processor

1. Introduction

Secure computing is increasingly gaining importance in recent times as computing becomes pervasive and ubiquitous. Information security has become mandatory rather than an additional feature. Providing a trusted computing environment for tamper resistant software execution is clearly important. Although various software methodologies ranging from code obfuscation to code encryption have been used to create tamper resistant software, they are proven to be insecure. Vulnerabilities in creating software based tamper resistance include improper key management, run-time analysis of instruction stream, main memory containing decrypted or un-obfuscated code, untrusted computing environment and also the fact that software environment can be easily manipulated to overcome tamper resistance. This necessitates the need for data and code security at the hardware level, where secure processors assume importance. While various secure processor architectures ranging from bus encryption to cache encryption have been proposed to provide a trusted computing environment, none of the surveyed architectures in the article by Kannavara and Bourbakis (2009) address the complex issue of compression, encryption and information hiding (steganography) as a unified hardware solution targeting a microprocessor architecture.

In this context, we present the architecture and instruction set of the SCAN secure processor (SCAN-SP) to effectively address the complex issue of trusted computing for tamper resistant code execution by providing a microprocessor based solution to unify data compression, data encryption and information hiding capabilities along with general computing capabilities. In the proposed SCAN-SP architecture, software tamper resistance is provided by instruction and data encryption using SCAN encryption while a trusted computing environment is provided by a bus encryption scheme. The major contributions of this paper include design and performance analysis of the SCAN secure processor which provides for a trusted execution environment and memory encryption, design of the FPGA (Field Programmable Gate Array) based coprocessors to implement image compression, encryption and steganography in images and the corresponding instruction set. Further, a detailed security analysis of the proposed secure processor architecture is described.