Improving Cost, Performance, and Security of Memory Encryption and Authentication

Author

Yan, Chenyu ; Rogers, Brian ; Englender, Daniel ; Solihin, Yan ; Prvulovic, Milos

Author_Institution

Coll. of Comput., Georgia Inst. of Technol.

fYear

0

fDate

0-0 0

Firstpage

179

Lastpage

190

Abstract

Protection from hardware attacks such as snoopers and mod chips has been receiving increasing attention in computer architecture. This paper presents a new combined memory encryption/authentication scheme. Our new split counters for counter-mode encryption simultaneously eliminate counter overflow problems and reduce per-block counter size, and we also dramatically improve authentication performance and security by using the Galois/counter mode of operation (GCM), which leverages counter-mode encryption to reduce authentication latency and overlap it with memory accesses. Our results indicate that the split-counter scheme has a negligible overhead even with a small (32KB) counter cache and using only eight counter bits per data block. The combined encryption/authentication scheme has an IPC overhead of 5% on average across SPEC CPU 2000 benchmarks, which is a significant improvement over the 20% overhead of existing encryption/authentication schemes

Keywords

Galois fields; cache storage; cryptography; memory architecture; message authentication; Galois counter mode of operation; IPC overhead; SPEC CPU 2000 benchmarks; authentication latency; computer architecture; counter-mode encryption; memory accesses; memory encryption; mod chips; snoopers; split counters; Authentication; Computer architecture; Costs; Counting circuits; Cryptography; Data security; Delay; Hardware; Information security; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Architecture, 2006. ISCA '06. 33rd International Symposium on

Conference_Location

Boston, MA

ISSN

1063-6897

Print_ISBN

0-7695-2608-X

Type

conf

DOI

10.1109/ISCA.2006.22

Filename

1635951