This Article 
 Bibliographic References 
 Add to: 
Improving Memory Encryption Performance in Secure Processors
May 2005 (vol. 54 no. 5)
pp. 630-640
Jun Yang, IEEE
Lan Gao, IEEE
Due to the widespread software piracy and virus attacks, significant efforts have been made to improve security for computer systems. For stand-alone computers, a key observation is that, other than the processor, any component is vulnerable to security attacks. Recently, an execution only memory (XOM) architecture has been proposed to support copy and tamper resistant software. In this design, the program and data are stored in an encrypted format outside the CPU boundary. The decryption is carried out after they are fetched from memory and before they are used by the CPU. As a result, the lengthened critical path causes a serious performance degradation. In this paper, we present an innovative technique in which the cryptography computation is shifted off from the memory access critical path. We propose using a different encryption scheme, namely, "pseudo-one-time pad” encryption, to produce the instructions and data ciphertext. With some additional on-chip storage, cryptography computations are carried in parallel with memory accesses, minimizing the performance penalty. We performed experiments to study the trade-off between storage size and performance penalty. Our technique reduces the performance overhead from 20.79 percent to 1.28 percent on average for reasonably sized (64KB) on-chip storage.

[1] “Advanced Encryption Standard (AES) Development Effort,” US Government,, 2001.
[2], technical report, 2003.
[3] Int'l Planning and Research Corp., “Sixth Annual BSA Global Software Piracy Study,” , 2001.
[4] J. Burke, J. McDonald, and T. Austin, “Architectural Support for Fast Symmetric-Key Cryptography,” Proc. ACM Ninth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), Nov. 2000.
[5] D. Burger and T. Austin, “The SimpleScalar Tool Set, Version 2.0,” Technical Report 1342, Computer Science Dept., Univ. of Wisconsin-Madison, 1997.
[6] CACTI3.2, HP-Compaq Western Research Lab, http://research. CACTI.html, 2001.
[7] C. Collberg and C. Thomborson, “Watermarking, Tamper-Proofing, and Obfuscation— Tools for Software Protection,” IEEE Trans. Software Eng., vol. 28, no. 8, Aug. 2002.
[8] “An Introduction to Cryptography,” Network Associates, Inc.,, 1999.
[9] D.W. Davies and W.L. Price, Security for Computer Networks. Wiley, 1989.
[10] “Data Encryption Standard (DES),” Federal Information Processing Standards Publication 46-2, Dec. 1993.
[11] H. Eberle and C. Thacker, “A 1Gbit/second GaAs DES chip,” Proc. IEEE Custom Integrated Circuits Conf., pp. 19.7.1-19.7.4, May 1992.
[12] B. Gassend, G.E. Suh, D. Clarke, M.v. Dijk, and S. Devadas, “Caches and Hash Trees for Efficient Memory Integrity Verification,” Proc. Ninth Int'l Symp. High Performance Computer Architecture (HPCA9), Feb. 2003.
[13] A. Hodjat and I. Verbauwhede, “Minimum Area Cost for a 30 to 70 Gbits/s AES Processor,” Proc. IEEE CS Ann. Symp. VLSI, pp. 83-88, Feb. 2004.
[14] M. Huang, J. Renau, S.M. Yoo, and J. Torrellas, “L1 Data Cache Decomposition for Energy Efficiency,” Proc. IEEE/ACM Int'l Symp. Low Power Electronics and Design (ISLPED), pp. 10-15, 2001.
[15] “Sandia Researchers Develop World's Fastest Encryptor,” encrypt.htm, 1999.
[16] T. Gilmont, J.-D. Legat, and J.-J. Quisquater, “Enhancing the Security in the Memory Management Unit,” Proc. 25th EuroMicro Conf., pp. 449-456, Sept. 1999.
[17], 2000.
[18] M. Kuhn, “The TrustNo1 Cryptoprocessor Concept,” technical report, Purdue Univ., Apr. 1997.
[19] K.M. Lepak, G.B. Bell, and M.H. Lipasti, “Silent Stores and Store Value Locality,” IEEE Trans. Computers, vol. 50, no. 11, Nov. 2001.
[20] D. Lie, J. Mitchell, C.A. Thekkath, and M. Horwitz, “Specifying and Verifying Hardware for Tamper-Resistant Software,” Proc. IEEE Symp. Security and Privacy, 2003.
[21] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horwitz, “Architectural Support for Copy and Tamper Resistant Software,” Proc. ACM Ninth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pp. 168-177, Nov. 2000.
[22] T. Maude and D. Maude, “Hardware Protection against Software Piracy,” Comm. ACM, vol. 27, no. 9, pp. 950-959, Sept. 1984.
[23] M.J.B. Robshaw, “Stream Ciphers,” Technical Report TR-701, version 2.0, RSA Laboratories, 1995.
[24] K. Skadron and D.W. Clark, “Design Issues and Tradeoffs for Write Buffers,” Proc. Third Int'l Symp. High-Performance Computer Architecture, pp. 144-155, Feb. 1997.
[25] S.W. Smith, E.R. Palmer, and S. Weingart, “Using a Higher Performance, Programmable Secure Coprocessor,” Financial Cryptography, pp. 73-89, Feb. 1998.
[26] W. Stallings, Cryptography and Network Security, Principles and Practice, third ed. Prentice Hall, 2003.
[27] G.E. Suh, D. Clarke, B. Gassend, M. vanDijk, and S. Devadas, “Efficient Memory Integrity Verification and Encryption for Secure Processors,” Proc. 36th Intl Symp. Microarchitecture, pp. 339-350, Dec. 2003.
[28] J. Tygar and B. Yee, “Dyad: A System for Using Physically Secure Coprocessors,” Technical Report CMU-CS-91-140R, Carnegie Mellon Univ., May 1991.
[29] L. Wu, C. Weaver, and T. Austin, “CryptoManiac: A Fast Flexible Architecture for Secure Communication,” Proc. ACM 28th Int'l Symp. Computer Architecture (ISCA '01), June 2001.
[30] Y. Zhang, J. Yang, and R. Gupta, “Frequent Value Locality and Value-Centric Data Cache Design,” Proc. Int'l Conf. Architectural Support for Programming Languages and Operating Systems, pp. 150-159, Nov. 2000.
[31] Y. Zhang, J. Yang, and L. Gao, “Fast Secure Processor for Inhibiting Software Piracy and Tampering,” Proc. 36th Int'l Symp. Microarchitecture, pp. 351-360, Dec. 2003.

Index Terms:
Memory design, hardware/software protection, security and protection.
Jun Yang, Lan Gao, Youtao Zhang, "Improving Memory Encryption Performance in Secure Processors," IEEE Transactions on Computers, vol. 54, no. 5, pp. 630-640, May 2005, doi:10.1109/TC.2005.80
Usage of this product signifies your acceptance of the Terms of Use.