Abstract
Protection from hardware attacks such as snoopers and mod chips has been receiving increasing attention in computer architecture. This paper presents a new combined memory encryption/authentication scheme. Our new split counters for counter-mode encryption simultaneously eliminate counter overflow problems and reduce per-block counter size, and we also dramatically improve authentication performance and security by using the Galois/Counter Mode of operation (GCM), which leverages counter-mode encryption to reduce authentication latency and overlap it with memory accesses. Our results indicate that the split-counter scheme has a negligible overhead even with a small (32KB) counter cache and using only eight counter bits per data block. The combined encryption/authentication scheme has an IPC overhead of 5% on average across SPEC CPU 2000 benchmarks, which is a significant improvement over the 20% overhead of existing encryption/authentication schemes.
- {1} M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption: Analysis of the des modes of operation. In Proc. 38th Symp. on Foundations of Computer Science, 1997. Google ScholarDigital Library
- {2} M. Dworkin. Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. National Institute of Standards and Technology, NIST Special Publication 800-38C, 2004. Google ScholarDigital Library
- {3} FIPS Pub. 197. Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology, Federal Information Processing Standards, 2001.Google Scholar
- {4} B. Gassend, G. Suh, D. Clarke, M. Dijk, and S. Devadas. Caches and Hash Trees for Efficient Memory Integrity Verification. In 9th Intl. Symp. on High Performance Computer Architecture, 2003. Google ScholarDigital Library
- {5} T. Gilmont, J.-D. Legat, and J.-J. Quisquater. Enhancing the Security in the Memory Management Unit. In Proc. of the 25th EuroMicro Conf., 1999.Google Scholar
- {6} A. Huang. Hacking the Xbox: An Introduction to Reverse Engineering. No Starch Press, San Francisco, CA, 2003. Google ScholarDigital Library
- {7} A. B. Huang. The Trusted PC: Skin-Deep Security. IEEE Computer, 35(10):103-105, 2002. Google ScholarDigital Library
- {8} J. Renau, et al. SESC. http://sesc.sourceforge.net, 2004.Google Scholar
- {9} T. Kgil, L. Falk, and T. Mudge. ChipLock: Support for Secure Microarchitectures. In Workshop on Architectural Support for Security and Anti-Virus, 2004.Google Scholar
- {10} D. Lie, J. Mitchell, C. Thekkath, and M. Horowitz. Specifying and Verifying Hardware for Tamper-Resistant Software. In IEEE Symp. on Security and Privacy, 2003. Google ScholarDigital Library
- {11} D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. MItchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proc. of the 9th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, 2000. Google ScholarDigital Library
- {12} H. Lipmaa, P. Rogaway, and D. Wagner. Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption. http://csrc.nist.gov/CryptoToolkit/ modes/proposedmodes, 2000.Google Scholar
- {13} D. A. McGrew and J. Viega. The Galois/Counter Mode of Operation (GCM). Submission to NIST Modes of Operation Process. http://csrc.nist.gov/CryptoToolkit/ modes/proposedmodes, 2004.Google Scholar
- {14} R. Merkle. Secrecy, authentication, and public key systems. PhD thesis, Department of Electrical Engineering, Stanford University, 1979. Google ScholarDigital Library
- {15} W. Shi, H.-H. Lee, M. Ghosh, and C. Lu. Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems. In Intl. Conf. on Parallel Architectures and Compilation Techniques, pages 123-134, 2004. Google ScholarDigital Library
- {16} W. Shi, H.-H. Lee, M. Ghosh, C. Lu, and A. Boldyreva. High Efficiency Counter Mode Security Architecture via Prediction and Precomputation. In 32nd Intl. Symp. on Computer Architecture, 2005. Google ScholarDigital Library
- {17} W. Shi, H.-H. Lee, C. Lu, and M. Ghosh. Towards the Issues in Architectural Support for Protection of Software Execution. In Workshop on Architectureal Support for Security and Anti-virus, pages 1-10, 2004. Google ScholarDigital Library
- {18} Standard Performance Evaluation Corporation. http://www.spec.org, 2004.Google Scholar
- {19} G. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Efficient Memory Integrity Verification and Encryption for Secure Processor. In Proc. of the 36th Intl. Symp. on Microarchitecture , 2003. Google ScholarDigital Library
- {20} J. Yang, Y. Zhang, and L. Gao. Fast Secure Processor for Inhibiting Software Piracy and Tampering. In Proc. of the 36th Intl. Symp. on Microarchitecture, 2003. Google ScholarDigital Library
- {21} Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta. SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors. In Intl. Symp. on High-Performance Computer Architecture, 2005. Google ScholarDigital Library
Index Terms
- Improving Cost, Performance, and Security of Memory Encryption and Authentication
Recommendations
Improving Cost, Performance, and Security of Memory Encryption and Authentication
ISCA '06: Proceedings of the 33rd annual international symposium on Computer ArchitectureProtection from hardware attacks such as snoopers and mod chips has been receiving increasing attention in computer architecture. This paper presents a new combined memory encryption/authentication scheme. Our new split counters for counter-mode ...
Improved convertible authenticated encryption scheme with provable security
Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated ...
Certificateless public key encryption in the selective-ID security model
Pairing'07: Proceedings of the First international conference on Pairing-Based CryptographyThe concept of Certificateless Public Key Encryption (CLPKE) eliminates the use of certificates in certified Public Key Encryption (PKE) scheme and the key-escrow problem in Identity Based Encryption (IBE) scheme. Al-Riyami and Paterson first proposed a ...
Comments