Improving Cost, Performance, and Security of Memory Encryption and Authentication

Yan, Chenyu; Englender, Daniel; Prvulovic, Milos; Rogers, Brian; Solihin, Yan

doi:10.1145/1150019.1136502

Cited by 161 publications

(126 citation statements)

References 7 publications

Supporting

Mentioning

125

Contrasting

Order By: Relevance

“…Haswell's AESDEC performs one round in 7 processor cycles and performs the 10-14 required rounds in 70-98 cycles, depending on key length [13]. Prior work assumes 80 cycles for decryption [48].…”

Section: A Confidentiality: Counter-mode Encryptionmentioning

confidence: 99%

“…For confidentiality, the memory controller encrypts and decrypts data to and from memory. Best practices combine one-time pads and countermode encryption [12], [48].…”

Section: Introductionmentioning

confidence: 99%

“…Academic designs place metadata in the L2 cache along with the data [11], [25], [48], [49], while industry designs use a dedicated cache in the memory encryption engine [12]. Caches mitigate, but do not eliminate, overheads.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

PoisonIvy: Safe speculation for secure memory

Lehman

Hilton

Lee

2016

2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

View full text Add to dashboard Cite

Abstract-Encryption and integrity trees guard against physical attacks, but harm performance. Prior academic work has speculated around the latency of integrity verification, but has done so in an insecure manner. No industrial implementations of secure processors have included speculation. This work presents PoisonIvy, a mechanism which speculatively uses data before its integrity has been verified while preserving security and closing address-based side-channels. PoisonIvy reduces performance overheads from 40% to 20% for memory intensive workloads and down to 1.8%, on average.

show abstract

Section: A Confidentiality: Counter-mode Encryptionmentioning

confidence: 99%

“…For confidentiality, the memory controller encrypts and decrypts data to and from memory. Best practices combine one-time pads and countermode encryption [12], [48].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

PoisonIvy: Safe speculation for secure memory

Lehman

Hilton

Lee

2016

2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

View full text Add to dashboard Cite

show abstract

“…In [8,9], cryptographic hashes are computed over each data block composing the memory space being protected. We call these hashes Level 1 hashes.…”

Section: Merkle Hash Treesmentioning

confidence: 99%

“…Existing techniques allow for easy prevention of replay attacks but are very expensive in terms of on-chip memory overhead: some techniques store on-chip a hash value computed over each memory block written off-chip, while others store on-chip nonces used in MAC (Message Authentication Code) computations or in a block-level AREA (Added Redundancy Explicit Authentication [4]) scheme [5,6]. The well-known Merkle Tree technique [7,8,9] allows reducing the overhead of the countermeasure storing hashes on-chip to a single hash value. However, it comes at the cost of performance-killing characteristics for embedded systems -e.g.…”

Section: Introductionmentioning

confidence: 99%

TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks

Elbaz

Champagne

Lee

et al.

Cryptographic Hardware and Embedded Systems - CHES 2007

View full text Add to dashboard Cite

Abstract. Replay attacks are often the most costly attacks to thwart when dealing with off-chip memory integrity. With a trusted System-on-Chip, the existing countermeasures against replay require a large amount of on-chip memory to provide tamper-proof storage for metadata such as hash values or nonces. Tree-based strategies can be deployed to reduce this unacceptable overhead; for example, the well-known Merkle tree technique decreases this overhead to a single hash value. However, it comes at the cost of performancekilling characteristics for embedded systems -e.g. non-parallelizable hash computations on tree updates. In this paper, we propose an alternative solution: the Tamper-Evident Counter Tree (TEC-Tree). It allows for tamper-evident offchip storage of the nonces involved in a replay countermeasure; TEC-Tree parallelizes the computations involved in both the authentication and tree update processes. Moreover, because our tree relies on block encryption, it provides data confidentiality at no extra cost. TEC-Tree is a deployable solution for memory integrity, with low performance hit and hardware cost.

show abstract

Ultra simple way to encrypt non‐volatile main memory

Hou

2014

Security Comm Networks

View full text Add to dashboard Cite

Building non‐volatile main memory (NVMM) systems requires the memory data to be encrypted to remedy the potential security vulnerability caused by the non‐volatile property of NVMM. Existing solutions still have shortcomings as vulnerability of security, inadequate optimizing of performance, and other limitations hold back their deployment into real systems. This paper proposes an address‐based counter mode encrypted NVMM system. It constructs a stand‐alone memory‐side secure engine to make counter mode encryption and maintains the crucial encryption parameter of counter by adopting the address‐based strategy. Compared with existing techniques, it provides the distinct advantages of: (1) higher assurance of security through encrypting any data at any time; (2) better performance, as nearly all of the encryption/decryption latencies are removed; (3) good feasibility due to the lowest‐level protection, ultra simple structure with low implementation cost, as well as no need for further adjustments, and it can also be made available for a wide range of target platforms; (4) helpful to improve the lifetime of NVMM without side‐effects to wear‐leveling techniques. Performance evaluation shows the overall performance slowdown has an average value of 0.072%, which proves the proposed method is an effectual way to implement data protection for NVMM systems. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Improving Cost, Performance, and Security of Memory Encryption and Authentication

Cited by 161 publications

References 7 publications

PoisonIvy: Safe speculation for secure memory

PoisonIvy: Safe speculation for secure memory

TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks

Ultra simple way to encrypt non‐volatile main memory

Contact Info

Product

Resources

About