Minimizing performance overhead in memory encryption
- PDF / 602,368 Bytes
- 10 Pages / 595.276 x 790.866 pts Page_size
- 12 Downloads / 232 Views
REGULAR PAPER
Minimizing performance overhead in memory encryption Michael T. Kurdziel · Marcin Lukowiak · Michael A. Sanfilippo
Received: 28 September 2012 / Accepted: 28 January 2013 / Published online: 26 January 2013 © Springer-Verlag Berlin Heidelberg 2013
Abstract Modern communications devices process, distribute and store massive amounts of data compared to only a few years ago. These devices can contain very sensitive information. In addition, they are used in uncontrolled, open environments where they can be lost or compromised. The communications channels are protected using encryption technologies, but the internal data-at-rest is often not secured in any way. If the device is lost or stolen while in service, a motivated adversary could attempt to compromise the unprotected internal data. This paper presents a keystream caching methodology and architecture for encrypting/decrypting program code and data in real-time during each access within CPU’s system memory. A prototype was developed for the Cyclone III FPGA using a Nios II processor, the 256-bit key Advanced Encryption Standard (AES) block cipher operating in a counter mode, and low latency off-chip SRAM memory. Various applications were used to benchmark the performance overhead of the method. The results show that this can be achieved while incurring as little as 1 % performance overhead. Keywords Memory protection · Keystream cache · Pseudo one-time-pad · Parametrizable design
M. T. Kurdziel RF Communications, Harris Corporation, 1680 University Ave., 14610 Rochester, NY, USA e-mail: [email protected] M. Lukowiak (B) · M. A. Sanfilippo Department of Computer Engineering, Rochester Institute of Technology, 83 Lomb Memorial Dr., 14623 Rochester, NY, USA e-mail: [email protected] M. A. Sanfilippo e-mail: [email protected]
1 Introduction The sophistication of communication devices has increased dramatically over the last decade. While there have been improvements in security technologies for these applications, the advancement has not been as dramatic. Over-the-air and wired transmissions are adequately protected using strong encryption and key negotiation techniques, but data-at-rest or internally stored data and software is still vulnerable. Traditional protection methods such as access control, code obfuscation and other physical protection mechanisms may not be adequate [1–3]. Successful attacks have even been reported against encrypted non-volatile storage and unencrypted volatile memory [4]. Low cost and increased availability of tools has raised the threat to consumer products and applications. High value data-at-rest exists on edge devices, servers and throughout the cloud. In addition, commercial users tend to be less tolerant to any impact to computational performance as a result of the implementation of any security measure. The results of an effort to investigate and develop a customizable keystream caching methodology and architecture for encrypting/decrypting data in real-time during each memory access are presented in
Data Loading...
