Today's memory interfaces are often exposed to adversaries who have physical access to the computing device including the associated memory. For example, if external storage and/or memory are utilized, an adversary with physical access to that computing device can potentially remove those components and scan them for data (e.g., passwords and/or other confidential data). Further, more advanced adversaries could, for example, place a logic analyzer on a bus or insert FPGA-based memory that attempts to modify program behavior of a computing device to, for example, undermine the security of a program (e.g., by changing memory, corrupting memory, and/or replaying memory that was legitimate at some time in the past). In a distributed environment, the storage and memory could be located far away from the computing device utilizing it, thereby potentially increasing the security risk.
Counter mode encryption (e.g., AES-CTR) typically involves encrypting a counter value (e.g., based on a secret key) and combining the resulting pad with the plaintext such as data desired to be protected (e.g., via an exclusive or (XOR) operation). As such, the counter rather than the data is encrypted. Although counter mode encryption permits parallel and/or advanced computing because the pads may be computed in advance of receipt of the data to be encrypted, counter mode encryption generally requires the counter values to be also stored in memory as metadata. As such, subsequently fetching the counter values from memory results in additional memory lookups, thereby adding to the memory bandwidth and storage overhead and reducing performance.