Skip to main content
SpringerLink
Log in

Minimizing performance overhead in memory encryption

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Modern communications devices process, distribute and store massive amounts of data compared to only a few years ago. These devices can contain very sensitive information. In addition, they are used in uncontrolled, open environments where they can be lost or compromised. The communications channels are protected using encryption technologies, but the internal data-at-rest is often not secured in any way. If the device is lost or stolen while in service, a motivated adversary could attempt to compromise the unprotected internal data. This paper presents a keystream caching methodology and architecture for encrypting/decrypting program code and data in real-time during each access within CPU’s system memory. A prototype was developed for the Cyclone III FPGA using a Nios II processor, the 256-bit key Advanced Encryption Standard (AES) block cipher operating in a counter mode, and low latency off-chip SRAM memory. Various applications were used to benchmark the performance overhead of the method. The results show that this can be achieved while incurring as little as 1 % performance overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Huang, A.B.: The trusted PC: dkin-deep security. Computer 35, 103–105 (2002)

    Article  Google Scholar 

  2. Finder, I.: Data Loss Prevention: Data-at-Rest vs. Data-in-Motion, white paper, Identity Finder, LLC (2009)

  3. SNIA Security Technical Work Group: Encryption of Data-at-Rest, Tech. Rep. Storage Networking Industry Association (2009)

  4. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM. 52(5), 91–98 (2009)

    Article  Google Scholar 

  5. Mackey, C.D., Kurdziel, M.T.: Secure processing device with keystream cache and related methods. Patent Application 20100299537, Harris Corporation (2010)

  6. National Institute of Standards and Technology (NIST): Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication, pp. 197, Washinton, D.C., (2001)

  7. Yan, C., Rogers, B., Englender, D., Solihin, D., Prvulovic, M.: Improving cost, performance, and security of memory encryption and authentication. In: 33rd International Symposium on Computer Architecture, 2006. ISCA ’06, pp. 179–190 (2006)

  8. McGrew, D.A., Viega, J.: The Galois/counter mode of operation (GCM) (Submission to NIST Modes of Operation Process) (2005)

  9. Zhou, G., Michalik, H., Hinsenkamp, L.: Efficient and High-Throughput Implementations of AES-GCM on FPGAs. In: International Conference on Field-Programmable Technology, 2007. ICFPT 2007, pp. 185–192 (2007)

  10. Vaslin, R., Gogniat, G., Diguet, J.-P., Tessier, R., Burleson, W.: Low latency solution for confidentiality and integrity checking in embedded systems with off-chip memory. In: ReCoSoc proceeedings 2007 Reconfigurable communication-centric Socs (2007)

  11. Vaslin, R., Gogniat, G., Diguet, J.-P., Tessier, R., Unnikrishnan, D., Gaj, K.: Memory security management for reconfigurable embedded systems. In: International Conference on ICECE Technology, 2008. FPT 2008, pp. 153–160 (2008)

  12. Liu, Z., Huo, W., Zou, X., Lin, Y.: A lightweight memory encryption cache design and implementation for embedded processor. In: Proceedings of the 2009 12th International Symposium on Integrated circuits. ISIC ’09, pp. 57–60 (2009)

  13. Suh, G.E, Clarke, D., Gassend, B., Dijk, M. v, Devadas, S.. Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, pp. 339–350. Washington, IEEE Computer Society (2003)

  14. DeepCover Secure Microcontroller with ARM926EJ-S Processor Core. http://www.maximintegrated.com/datasheet/index.mvp/id/7538

  15. DeepCover Secure Microcontroller with Rapid Zeroization Technology and Cryptography. http://www.maximintegrated.com/datasheet/index.mvp/id/5815

  16. DeepCover Secure Microcontroller with USB, Hardware, and Cryptography. http://www.maximintegrated.com/datasheet/index.mvp/id/7277

  17. Dworkin, M.: Recommendation for Block Cipher Modes of Operation, Methods and Techniques. Tech. Rep., pp. 800–38A. National Institute of Standards and Technology (2001)

Download references

Acknowledgments

This work was supported in part by a grant from Harris Corporation, RF Communications Division. The authors would like to acknowledge the contributions, technical advice and support from Ken Smith Jr., Eric Averill, and Christopher Mackey.

Author information

Authors and Affiliations

  1. RF Communications, Harris Corporation, 1680 University Ave., 14610,  Rochester, NY, USA

    Michael T. Kurdziel

  2. Department of Computer Engineering, Rochester Institute of Technology, 83 Lomb Memorial Dr., 14623,  Rochester, NY, USA

    Marcin Lukowiak & Michael A. Sanfilippo

Authors
  1. Michael T. Kurdziel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marcin Lukowiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael A. Sanfilippo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcin Lukowiak.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kurdziel, M.T., Lukowiak, M. & Sanfilippo, M.A. Minimizing performance overhead in memory encryption. J Cryptogr Eng 3, 129–138 (2013). https://doi.org/10.1007/s13389-013-0047-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-013-0047-5

Keywords

Search

Navigation