Paper 2022/1472

Hardware-Supported Cryptographic Protection of Random Access Memory

Roberto Avanzi, ARM Germany GmbH, Caesarea Rothschild Institute, University of Haifa, Israel
Ionut Mihalcea, ARM (United Kingdom)
David Schall, University of Edinburgh
Héctor Montaner, Graphcore
Andreas Sandberg, ARM (United Kingdom)
Abstract

Confidential Computing is the protection of data in use from access or modification by any unauthorized agent, including privileged software. For example, in Intel SGX (Client and Scalable versions) and TDX, AMD SEV, Arm CCA, and IBM Ultravisor this protection is implemented via access control policies. Some of these architectures also include memory protection schemes relying on cryptography, to protect against physical attacks. We review and classify such schemes, from academia and industry, according to protection levels corresponding of adversaries with varying capabilities, budget, and strategy. The building blocks of all memory protection schemes are encryption and integrity primitives and modes of operation, as well as anti-replay structures. We review these building blocks, consider their possible combinations, and evaluate the performance impact of the resulting schemes. We present a framework for performance evaluation in a simulated system. To understand the best and worst case overhead, systems with varying load levels are considered. We propose new solutions to further reduce the performance and memory overheads of such technologies. Advanced counter compression techniques make it viable to store counters used for replay protection in a physically protected memory. By additionally repurposing some ECC bits to store integrity tags, we can provide the highest levels of confidentiality, integrity, and replay protection at a hitherto unattained performance penalty, namely 3.32%, even under extreme load and at costs that make them reasonable in data centers. Combinations of technologies that are suitable for client devices are also discussed.

Note: Discussed more results/observations.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
Memory EncryptionMemory IntegritySecurity and privacyHardware-based security protocols
Contact author(s)
roberto avanzi @ gmail com
ionut mihalcea @ arm com
david schall @ ed ac uk
hector montaner @ outlook com
andreas sandberg @ arm com
History
2023-11-07: last of 17 revisions
2022-10-27: received
See all versions
Short URL
https://ia.cr/2022/1472
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2022/1472,
      author = {Roberto Avanzi and Ionut Mihalcea and David Schall and Héctor Montaner and Andreas Sandberg},
      title = {Hardware-Supported Cryptographic Protection of Random Access Memory},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1472},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1472}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.