Secure computer systems require secure memory to prevent attacks by intruders with access to the computer's main memory. For example, in a so-called cold boot attack, an attacker is able to extract data content from dynamic random access memory (DRAM) in the main memory without the memory losing its contents. Therefore, security is compromised if there is sensitive plaintext information stored in the memory. Dual-ported DRAM means that an attacker may be able to observe the read and write traffic in DRAM during system operation. The use of non-volatile random access memory (NVRAM) to realize main memory means that data is preserved in the main memory and vulnerable to attacks requiring less effort than a cold-boot attack.
Presently, conventional stream encryption is deemed to be unsuitable for secure memory encryption. This is because the conventional stream encryption technique requires seeding the encryption with a pseudo-random value to prevent two instances of the same data encrypting to the same cipher text. Without this provision, an attacker is able to do a frequency analysis attack by observing the number of occurrences of the same cipher text. The overhead of storing this seed or initialization vector (IV) as well as the overhead for setting up the encryption or decryption to use this IV typically require relatively large amounts of data as units of encryption. For example, using a 16-byte IV means that encrypting at the granularity of a conventional page size of 4 kilobytes imposes a space overhead for the IV of just 0.1 percent. However, if the unit of encryption is a cache line, as is required between the processor cache and main memory, there would be a significant cost to retrieve and setup for each encryption or decryption action. For instance, the conventional cache line size is 64 bytes, thus a 16-byte IV would result in a 25 percent space overhead.
Secure data integrity also calls for large units for similar reasons. In particular, conventional approaches call for a 128 bit message authentication code (MAC) per data unit. As such, using a large unit such as a page amortizes the overhead of this MAC, but a cache line unit would incur significant overhead in addition to the IV overhead identified above.
In a standard security/threat model for computers, it is assumed that the processor chip itself is made secure and can restrict an attacker from modification of this silicon and from accessing protected data that is resident inside of the processor chip. (For instance, a processor chip can be designed to destruct or delete its contents if there is an attempt to modify the chip or perform unsupported operations.) In particular, data stored in the L1, L2, etc. to last-level cache can be stored in the clear without risk of exposure or compromise, allowing the processor to operate on data without having to decrypt data on each operation and then re-encrypt the results immediately after they are generated. In addition, other metadata resident on the processor chip's cache can similarly be protected by the physical security of this chip as well as its secure design. However, the amount of such data is significantly limited by the physical constraints on the processor chip, including power and cost limitations, to a fraction of that available in main memory. For example, currently an on-chip cache state is typically limited to tens of megabytes whereas a main memory can easily be tens of gigabytes or larger, a factor of 1000 larger. On the other hand, data stored off the processor chip is assumed to be accessible to the attacker by, for instance, removing the DRAM itself, or coupling into a second port to the DRAM, as described earlier.
Thus, there is a need to efficiently encrypt and decrypt memory line units while providing strong confidentiality and integrity of the data.