More Web Proxy on the site http://driver.im/

research-article

Memory encryption: A survey of existing techniques

Authors:

Michael Henson,

Stephen TaylorAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 46, Issue 4

Article No.: 53, Pages 1 - 26

https://doi.org/10.1145/2566673

Published: 01 March 2014 Publication History

Abstract

Memory encryption has yet to be used at the core of operating system designs to provide confidentiality of code and data. As a result, numerous vulnerabilities exist at every level of the software stack. Three general approaches have evolved to rectify this problem. The most popular approach is based on complex hardware enhancements; this allows all encryption and decryption to be conducted within a well-defined trusted boundary. Unfortunately, these designs have not been integrated within commodity processors and have primarily been explored through simulation with very few prototypes. An alternative approach has been to augment existing hardware with operating system enhancements for manipulating keys, providing improved trust. This approach has provided insights into the use of encryption but has involved unacceptable overheads and has not been adopted in commercial operating systems. Finally, specialized industrial devices have evolved, potentially adding coprocessors, to increase security of particular operations in specific operating environments. However, this approach lacks generality and has introduced unexpected vulnerabilities of its own. Recently, memory encryption primitives have been integrated within commodity processors such as the Intel i7, AMD bulldozer, and multiple ARM variants. This opens the door for new operating system designs that provide confidentiality across the entire software stack outside the CPU. To date, little practical experimentation has been conducted, and the improvements in security and associated performance degradation has yet to be quantified. This article surveys the current memory encryption literature from the viewpoint of these central issues.

References

[1]

T. Arnold, and L. Doorn 2004. The IBM PCIXCC: A new cryptographic coprocessor for the IBM eserver. IBM Journal of Research and Development. 120--126.

Digital Library

[2]

E. Barrantes, D. Ackley, S. Forrest, T. Palmer, D. Sefanovic, and D. Zovi 2003. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03). 281--289.

Digital Library

[3]

R. Best 1979. Microprocessor for executing enciphered programs. U.S. patent 4,168,396. (18 September 1979).

[4]

R. Best 1980. Preventing software piracy with crypto-microprocessors. In Proceedings of the IEEE Spring Compcon. 466--469.

[5]

R. Best 1981. Crypto microprocessor for executing enciphered programs. U.S. patent 4,278,837. (14 July 1981).

[6]

R. Best 1984. Crypto microprocessor that executes enciphered programs. U.S. patent 4,465,901. (14 August 1984).

[7]

A. Boileau 2006. Hit by a bus: Physical access attacks with firewire. Presented at Ruxcon.

[8]

D. Brink 2009. Full-Disk Encryption on the Rise. Aberdeen Research Group Report.

[9]

E. Casey, G. Fellows, M. Geiger, and G. Stellatos 2011. The growing impact of full disk encryption on digital forensics. Digital Investigation 8, 2, 129--134.

[10]

S. Chari, C. Jutla, J. Rao, and P. Rohatgi 1999. Towards sound approaches to counteract power analysis attacks. In Proceedings of the 19th Annual International Cryptology Conference (CRYPTO’99). 398--412.

Digital Library

[11]

B. Chen, and R. Morris 2003. Certifying program execution with secure processors. In Proceedings of the 9th Conference on Hot Topics in Operating Systems. 23--29.

Digital Library

[12]

X. Chen, R. Dick, and A. Choudhary 2008. Operating system controlled processor-memory bus encryption. In Proceedings of DATE.

Digital Library

[13]

S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic 2011. SecureMe: A hardware-software approach to full system security. In Proceedings of the International Conference on Supercomputing (ICS).

Digital Library

[14]

S. Chhabra, and Y. Solihin 2011. i-NVMM: A secure non-volatile main memory system with incremental encryption. In Proceedings of the International Symposium on Computer Architecture (ISCA).

Digital Library

[15]

S. Chhabra, Y. Solihin, R. Lal, and M. Hoekstra 2010. An analysis of secure processor architectures. In Transactions on Computational Science VII. Marina L. Gavrilova and C. J. Kenneth Tan (Eds.). Lecture Notes in Computer Science. Springer-Verlag, Berlin. 101--121.

Digital Library

[16]

J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum 2004. Understanding data lifetime via whole system simulation. In Proceedings of the USENIX Security Symposium.

Digital Library

[17]

S. Conrad, G. Dorn, and P. Craiger 2010. Forensic analysis of a Sony Playstation 3 gaming console. In Advances in Digital Forensics VI. K. P. Chow and S. Shenoi (Eds.). AICT 337, 65--76.

[18]

Dallas Semiconductor. 1997. Secure Microcontroller Data Book. Dallas, TX.

[19]

G. Duc, and R. Keryell 2006. CryptoPage: An efficient secure architecture with memory encryption, integrity and information leakage protection. In Proceedings of the Annual Computer Security Applications Conference (ACSAC).

Digital Library

[20]

A. Dunn, O. Hofmann, B. Waters, and E. Witchel 2011. Cloaking malware with the trusted platform module. In Proceedings of the 29th USENIX Conference on Security. 26.

Digital Library

[21]

R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille, M. Bardouillet, C. Buatois, and J. Rigaud 2005. Hardware engines for bus encryption: A survey of existing techniques. In Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE).

Digital Library

[22]

W. Enck, K. Butler, T. Richardson, P. Mcdaniel, and A. Smith 2008. Defending against attacks on main memory persistence. In Proceedings of the Annual Computer Security Applications Conference (ACSAC’08).

Digital Library

[23]

L. Gao, J. Yang, M. Chroball, Y. Zhang, S. Nguyen, and H. Lee 2006. A low cost memory remapping scheme for address bus protection. In Proceedings of the 15th International Conference on Parallel Architecture Compilation Techniques (PACT).

Digital Library

[24]

S. Gueron 2010. Intel Advanced Encryption Standard (AES) Instructions Set. Intel Technical Report.

[25]

S. Gueron, G. Gerzon, I. Anati, J. Doweck, M. Maor, and L. Cho 2012. A tweakable encryption mode for memory encryption with protection against replay attacks. WO patent number 2012040679. (29 March 2012).

[26]

S. Gueron, U. Savagaonkar, F. Mckeen, C. Rozas, D. Durham, J. Doweck, O. Mulla, I. Anati, Z. Greenfield, and M. Maor 2013. Method and apparatus for memory encryption with integrity check and protection against replay attacks. WO patent number 2013002789. (3 January 2013).

[27]

P. Gutmann 2000. An open-source cryptographic coprocessor. In Proceedings of the 2000 USENIX Security Symposium.

Digital Library

[28]

J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J. Appelbaum, and E. Felten 2008. Lest we remember: Cold boot attacks on encryption keys. In Proceedings of the USENIX Security Symposium.

Digital Library

[29]

D. Hayes, and S. Qureshi 2009. Implications of Microsoft vista operating system for computer forensics investigations. In Proceedings of the IEEE Systems, Applications and Technology Conference. 1--9.

[30]

J. Hennessy, and D. Patterson 2006. Computer Architecture, Fourth Edition: A Quantitative Approach. Morgan Kaufmann Publishers, San Francisco, CA.

Digital Library

[31]

M. Henson, and S. Taylor 2013a. Beyond full disk encryption: Protection on security enhanced commodity processors. In Proceedings of the 11th International Conference on Applied Cryptography and Network Security (ACNS’13).

Digital Library

[32]

M. Henson, and S. Taylor 2013b. Attack mitigation through memory encryption of security enhanced commodity processors. D. Hart (Ed.). In Proceedings of the 8th International Conference on Information Warfare and Security (ICIW’13). 265--268.

[33]

D. Hong, L. Batten, S. Lim, and N. Dutt 2011. DynaPoMP: Dynamic policy-driven memory protection for SPM-based embedded systems. In Proceedings of the Workshop on Embedded Systems Security.

Digital Library

[34]

N. Howgrave-Graham, J. Dyer, and R. Gennaro 2001. Pseudo-random number generation on the IBM 4758 secure crypto coprocessor. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES ’01), LNCS 2162, Springer-Verlag, 93--102.

Digital Library

[35]

V. Jannepally, and S. Sohoni 2009. Fast encryption and authentication for cache-to-cache transfers using GCM-AES. In Proceedings of the International Conference on Sensors, Security, Software and Intelligent Systems.

[36]

B. Kaplan 2007. RAM Is Key: Extracting Disk Encryption Keys from Volatile Memory. Master's Thesis. Carnegie Mellon University.

[37]

T. Kgil, L. Falk, and T. Mudge 2005. ChipLock: Support for secure microarchitectures. ACM SIGARCH, 33, 1.

Digital Library

[38]

P. Kocher, J. Jaffe, and B. Jun 1999. Differential power analysis. In Proceedings of the CRYPTO 19th Annual International Cryptology Conference. 388--397.

Digital Library

[39]

M. Kuhn 1988. Cipher instruction search attack on the bus-encryption security microcontroller DS5002FP. IEEE Transactions on Computing. 47, 1153--2257.

Digital Library

[40]

M. Lee, M. Ahn, and E. Kim 2007. I2SEMS: Interconnects-independent security enhances shared memory multiprocessor systems. In Proceedings of the International Conference on Parallel Architectures and Compilation Techniques (PACT).

Digital Library

[41]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 168--177.

Digital Library

[42]

H. Lipman, P. Rogaway, and D. Wagner 2000. Comments to NIST concerning AES modes of operations:ctr-mode encryption.

[43]

L. Martin 2010. XTS: A mode of AES for encrypting hard disks. IEEE Security & Privacy 8, 3 (May-June 2010), 68--69.

Digital Library

[44]

H. Mel, and D. Baker 2001. Cryptography Decrypted. Addison-Wesley, Upper Saddle River, NJ.

[45]

T. Muller, F. Freiling, and A. Dewald 2011. TRESOR runs encryption securely outside RAM. In Proceedings of the 20th USENIX Conference on Security.

Digital Library

[46]

V. Nagarajan, R. Gupta, and A. Krishnaswamy 2007. Compiler-assisted memory encryption for embedded processors. In Proceedings of HiPPEAC. 7--22.

Digital Library

[47]

D. Osvik, A. Shamir, and E. Tromer 2006. Cache attacks and countermeasures: The case of AES. In Proceedings of the 2006 Cryptographers’ Track at the RSA Conference on Topics in Cryptology. 1--20.

Digital Library

[48]

P. Peterson 2010. Cryptkeeper: Improving security with encrypted RAM. In Proceedings of the IEEE International Conference on Technologies for Homeland Security (HST). 120--126.

[49]

J. Platte, R. Diaz, and E. Naroska 2006. A new encryption and hashing scheme for the security architecture for microprocessors. Communications and Multimedia Security. 4237, 120--129.

Digital Library

[50]

J. Rabaiotti, and C. Hargreaves 2010. Using a software exploit to image RAM on an embedded system. Digital Investigation.

Digital Library

[51]

A. Ravi, A. Raghunathan, and S. Chakradhar 2004. Tamper resistance mechanisms for secure embedded systems. In Proceedings of the IEEE International Conference on VLSI Design.

Digital Library

[52]

B. Rogers, Y. Chenyu, S. Chhabra, M. Prvulovic, and Y. Solihin 2008. Single level integrity and confidentiality protection for distributed shared memory multiprocessors. In Proceedings of the 14th International Symposium on High Performance Computer Architecture. 161--172.

[53]

B. Rogers, S. Chhabra, Y. Solihin, and M. Prvulovic 2007. Using address independent seed encryption and bonsai merkle trees to make secure processors OS and performance friendly. In Proceedings of the 40th International Symposium on Microarchitecture. IEEE Computer Society, 183--196.

Digital Library

[54]

B. Rogers, M. Prvulovic, and Y. Solihin 2006. Efficient data protection for distributed shared memory multiprocessors. In Proceedings of the 15th International Conference on Parallel Architectures and Compilation Techniques (PACT).

Digital Library

[55]

B. Rogers, Y. Solihin, and M. Prvulovic 2005. Memory predecryption: Hiding the latency overhead of memory encryption. ACM SIGARCH Computer Architecture News, 33, 1 (March 2005), 27--33.

Digital Library

[56]

S. Romanosky, R. Telang, and A. Acquisti 2008. Do Data Breach Disclosure Laws Reduce Identity Theft&quest; Carnegie Mellon Technical Report.

[57]

W. Shi, H. Lee, M. Ghosh, and C. Lu 2004. Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems. In Proceedings of the 13th International Conference on Parallel Architecture and Compilation Techniques (PACT).

Digital Library

[58]

P. Simmons 2011. Security through amnesia: A software-based solution to the cold boot attack on disk encryption. In Proceedings of the 27th Annual Computer Security Applications Conference.

Digital Library

[59]

S. Smith 2004. Magic boxes and boots: Security in hardware. IEEE Computer Software 37, 10, 106--109.

Digital Library

[60]

M. Steil 2005. 17 mistakes Microsoft made in the Xbox security system. In Proceedings of the 22nd Chaos Communication Congress.

[61]

M. Steil, and F. Domke 2008. The Xbox 360 Security System and Its Weaknesses. Google TechTalk, Available at http://www.youtube.com/watch&quest;v=uxjpmc8ZIxM.

[62]

L. Su, S. Courcambick, P. Guillemin, C. Schwarz, and R. Pascalet 2009a. SecBus: Operating system controlled hierarchical page-based memory bus protection. EDAA.

[63]

L. Su, A. Martinez, P. Guillemin, S. Cerdan, R. Pacalet 2009b. Hardware mechanism and performance evaluation of hierarchical page-based memory bus protection. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE).

[64]

G. Suh, D. Clarke, B. Gassend, M. Dijk, and S. Devadas 2003. Aegis: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th International Conference on Supercomputing.

Digital Library

[65]

G. Suh, D. Clarke, B. Gassend, M. Dijk, and S. Devadas 2005. Efficient memory integrity verification and encryption for secure processors. In Proceedings of the 36th International Symposium on Microarchitecture.

Digital Library

[66]

G. Suh, C. O’Donell, and S. Devadas 2007. Aegis: A single-chip secure processor. In IEEE Design and Test of Computers.

Digital Library

[67]

G. Vandana 2008. Exploring Trusted Platform Module Capabilities: A Theoretical Experimental Study. Ph.D. Dissertation.

[68]

C. Yan, B. Rogers, D. Englender, Y. Solihin, and M. Prvulovic 2006. Improving cost performance and security of memory encryption and authentication. In Proceedings of the 33rd International Symposium on Computer Architecture.

Digital Library

[69]

J. Yang, L. Gao, and Y. Zhang 2005. Improving memory encryption performance in secure processors. IEEE Transactions on Computing.

Digital Library

[70]

Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta 2005. SENSS: Security enhancement to symmetric shared memory multiprocessors. In Proceedings of the 11th International Symposium on High-Performance Computer Architecture.

Digital Library

[71]

X. Zhuang, T. Zhang, and S. Pande 2004. Hide: An infrastructure for efficiently protecting information leakage on the address bus. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 72--84.

Digital Library

Cited By

Shadab RZou YGandham SAwad ALin M(2024)A Secure Computing System With Hardware-Efficient Lazy Bonsai Merkle Tree for FPGA-Attached Embedded MemoryIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332493521:4(3262-3279)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3324935
He XBai YLiu YDu LWang ZDu Y(2024)Low-Latency PAE: Permutation-Based Address Encryption Hardware Engine for IoT Real-Time Memory ProtectionIEEE Internet of Things Journal10.1109/JIOT.2023.333320311:7(12319-12330)Online publication date: 1-Apr-2024
https://doi.org/10.1109/JIOT.2023.3333203
A BR RK RN SN PG G(2024)Resource Analysis of Lightweight Cryptography Algorithms for Compact Devices2024 International Conference on Smart Systems for Electrical, Electronics, Communication and Computer Engineering (ICSSEECC)10.1109/ICSSEECC61126.2024.10649478(579-584)Online publication date: 28-Jun-2024
https://doi.org/10.1109/ICSSEECC61126.2024.10649478
Show More Cited By

Index Terms

Memory encryption: A survey of existing techniques

Recommendations

Anonymous and provably secure certificateless multireceiver encryption without bilinear pairing

Recently, numerous multireceiver identity-based encryption or identity-based broadcast encryption schemes have been introduced with bilinear pairing and probabilistic map-to-point MTP function. As the bilinear pairing and MTP functions are expensive ...
Accelerating memory decryption and authentication with frequent value prediction
CF '07: Proceedings of the 4th international conference on Computing frontiers

This paper presents a novel architectural technique to hide fetch latency overhead of hardware encrypted and authenticated memory. A number of recent secure processor designs have used memory block encryption and authentication to protect un-trusted ...
Identity based online/offline encryption and signcryption schemes revisited
InfoSecHiComNet'11: Proceedings of the First international conference on Security aspects in information technology

Consider the situation where a low power device with limited computational power has to perform cryptographic operation in order to do secure communication to the base station where the computational power is not limited. The most obvious way is to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 46, Issue 4

April 2014

463 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/2597757

Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2014

Accepted: 01 October 2013

Revised: 01 September 2013

Received: 01 April 2013

Published in CSUR Volume 46, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Defense Advanced Research Projects Agency

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

75
Total Citations
View Citations
2,643
Total Downloads

Downloads (Last 12 months)161
Downloads (Last 6 weeks)23

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shadab RZou YGandham SAwad ALin M(2024)A Secure Computing System With Hardware-Efficient Lazy Bonsai Merkle Tree for FPGA-Attached Embedded MemoryIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332493521:4(3262-3279)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3324935
He XBai YLiu YDu LWang ZDu Y(2024)Low-Latency PAE: Permutation-Based Address Encryption Hardware Engine for IoT Real-Time Memory ProtectionIEEE Internet of Things Journal10.1109/JIOT.2023.333320311:7(12319-12330)Online publication date: 1-Apr-2024
https://doi.org/10.1109/JIOT.2023.3333203
A BR RK RN SN PG G(2024)Resource Analysis of Lightweight Cryptography Algorithms for Compact Devices2024 International Conference on Smart Systems for Electrical, Electronics, Communication and Computer Engineering (ICSSEECC)10.1109/ICSSEECC61126.2024.10649478(579-584)Online publication date: 28-Jun-2024
https://doi.org/10.1109/ICSSEECC61126.2024.10649478
Shadab RZou YLin M(2024)CTR+: A High-Performance Metadata Access Scheme for Secure Embedded Memory in Heterogeneous Computing Systems2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545394(304-308)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545394
Knapp AWamuo ERahat MTorres-Arias SBloom GZhuang Y(2024)Should Smart Homes Be Afraid of Evil Maids? : Identifying Vulnerabilities in IoT Device Firmware2024 IEEE 14th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC60891.2024.10427780(0467-0473)Online publication date: 8-Jan-2024
https://doi.org/10.1109/CCWC60891.2024.10427780
Ajmi HZayer FBelgacem H(2024)In-Memory Computing Architecture for Efficient Hardware Security2024 IEEE 7th International Conference on Advanced Technologies, Signal and Image Processing (ATSIP)10.1109/ATSIP62566.2024.10638850(71-76)Online publication date: 11-Jul-2024
https://doi.org/10.1109/ATSIP62566.2024.10638850
Ajmi HZayer FHadj Fredj ABelgacem HMohammad BWerghi NDias J(2024)Efficient and lightweight in-memory computing architecture for hardware securityJournal of Parallel and Distributed Computing10.1016/j.jpdc.2024.104898190(104898)Online publication date: Aug-2024
https://doi.org/10.1016/j.jpdc.2024.104898
Dass PUjjwal SNovotny JZolotavkin YLaaroussi ZKöpsell S(2024)Addressing Privacy Concerns in Joint Communication and Sensing for 6G Networks: Challenges and ProspectsPrivacy Technologies and Policy10.1007/978-3-031-68024-3_5(87-111)Online publication date: 1-Aug-2024
https://doi.org/10.1007/978-3-031-68024-3_5
Wichmann PSee AFederrath H(2024)SecPassInput: Towards Secure Memory and Password Handling in Web ApplicationsICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_17(236-249)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_17
Shadab RZou YGandham SAwad ALin M(2023)HMT: A Hardware-centric Hybrid Bonsai Merkle Tree Algorithm for High-performance AuthenticationACM Transactions on Embedded Computing Systems10.1145/359517922:4(1-28)Online publication date: 24-Jul-2023
https://dl.acm.org/doi/10.1145/3595179
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents