Integrity Protection for Data Storage

摘要

A method and system for protecting the integrity of a memory system. An age counter and an opportunity counter are provided for each of multiple memory blocks. An epoch counter is provided for the memory system. Data is written in a selected memory block which increases the local sequence number of the selected memory block. The opportunity counter for the selected memory block is updated if the local sequence number of the selected memory block rolls over. A message authentication code (MAC) is generated in the selected memory block based on a global sequence number and the local sequence number. The age counter and the opportunity counter are updated for memory blocks when the opportunity counter for the memory blocks matches the LSB of the epoch counter. A new MAC is generator for any memory block for which the updating is performed.

主权项

1. A data storage system with integrity protection comprising:
a) a memory block; b) an age counter having a value and associated with the memory block; and c) an opportunity counter having a value and associated with the memory block, the opportunity counter incrementing by one when the age counter rolls over; d) an epoch counter comprising a field of most significant bits (MSBs) and a field of least significant bits (LSBs), the MSBs incrementing by one when the LSBs roll over; e) a cryptographic integrity protection code register; and f) a processor coupled to the memory block, age counter, opportunity counter and epoch counter, the processor:
i. writing data to the memory block;ii. comparing the value of the opportunity counter to the LSBs of the epoch counter;iii. if the value of the opportunity counter is not equal to the value of the LSB of the epoch counter, then setting the value of the opportunity counter equal to the value of the LSBs of the epoch counter, setting the age counter to zero and generating a cryptographic integrity protection code based on the content of the memory block, the value of the age counter, the value of the opportunity counter and the value of the MSB of the epoch counter and storing the cryptographic integrity protection code in the cryptographic integrity protection code register;iv. if the value of the opportunity counter is equal to the value of the LSB of the epoch counter, then incrementing the age counter;v. incrementing the age counter;vi. if the age counter does not roll over, then generating a cryptographic integrity protection code based on the content of the memory block, the value of the age counter, the value of the opportunity counter and the value of the MSB of the epoch counter and storing the cryptographic integrity protection code in the cryptographic integrity protection code register;vii. if the age counter does roll over, then incrementing the epoch counter, setting the age counter to zero, generating a cryptographic integrity protection code based on the content of the memory block, the value of the age counter, the value of the opportunity counter and the value of the MSB of the epoch counter and storing the cryptographic integrity protection code in the cryptographic integrity protection code register;viii. if the age counter does not roll over, then generating a cryptographic integrity protection code based on the content of the memory block, the value of the age counter, the value of the opportunity counter and the value of the MSB of the epoch counter and storing the cryptographic integrity protection code in the cryptographic integrity protection code register; andix. if the value of the opportunity counter is not equal to the value of the LSB of the epoch counter, then setting the value of the opportunity counter equal to the value of the LSBs of the epoch counter, setting the age counter to zero and generating a cryptographic integrity protection code based on the content of the memory block, the value of the age counter, the value of the opportunity counter and the value of the MSB of the epoch counter and storing the cryptographic integrity protection code in the cryptographic integrity protection code register.