Data integrity protection from rollback attacks for use with systems employing message authentication code tags
US9460312B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 11, 2014 |
| Grant date | Oct 4, 2016 |
| Priority date | — |
| Expiry date | Aug 7, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/12
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
One feature pertains to an efficient procedure for storing data units in a storage device that allows for authentication of data units to prevent rollback attacks and other attacks such as cut-and-paste attacks. In one aspect, a message authentication code (MAC) is generated or otherwise obtained based on a primary key, a data unit to be stored, a corresponding index for the data unit (such as a page index) and a secondary key for the corresponding data unit, which is generated for each new write operation. The MAC and the corresponding data unit are stored in a bulk storage device such as a relatively insecure off-chip storage. Secondary keys are stored in a separate storage device such as a more secure on-chip storage. In some examples, new secondary keys are generated upon each data write based on a non-zero random or pseudorandom value.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.