Memory scrambling is the process of messing up the contents of memory, either by remapping the adress, data encipherment or even both of them. The aim is to complicate data retrieval from memory, this is also useful to protect a small and sensitive stuff such as firmware.
The address remapping itself is nothing new, its actually a bijective mapping of plain address to scrambled address. In real life this keyed scrambling is made through the usage of block cipher. The mode could be enciphering or deciphering, since address scrambling is a one way mapping.
The content encipherment is working in the same way as address scrambling. It is also based on block cipher. However, content encipherment is sensitive to address and direction since the process must be able to recover the data stored at memory. The writing processis encipherment while the reading process is decipherment.
Now, let’s make it works. Supposed i have an oldskool 8051 development board with a 64 kilo-byte SRAM extension attached, and i wanted to protect the thing i stored in memory.
The 64 kbytes of SRAM takes 16-bits of address 8-bits of data with two additional control RD and WR. Here, as a prototype, we can use S-AES (a 16-bits block cipher with 16-bits of key) to scramble the address either in enciphering and deciphering mode. The 8-bits of content will be scrambled using S-DES (a 8-bits block cipher with 10-bits of key).
As a keying mechanism, the address scrambling will be keyed by a 17-bits key (16 from S-AES and 1 form encipherment/decipherment selection) while the content encipherment will be keyed by a 10-bits key with the addition of scrambled address to make the encipherment varies along the position. The total keyspace is 27-bit or about 128 million of combinations.
Here is the block diagram.
In real life, we need such two microcontrollers with 32 bits GPIO. The first microcontroller is responsible of scrambling the address using S-AES while the other one is responsible of scrambling the content using S-DES.
Haha, you know this is kinda stupid implementation, 27 bits of keyspace is to easy to break. It takes several seconds in a fast computer to brute force all combination. It’s just like nothing but who care . I belief that this scheme works better at larger memory space such as 128-bit that enables the usage of AES.
I am currently developing the software for both microcontroller. I chose AVR for simplicity reason. The code will be posted here and hosted at http://cryptonutter.googlecode.com