The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.10 - Oct. (2011 vol.22)
pp: 1714-1721
Manhee Lee , National Security Research Institute, Daejeon
Minseon Ahn , Texas A&M University, College Station
Eun Jung Kim , Texas A&M University, College Station
ABSTRACT
Protection and security are becoming essential requirements in commercial servers. To provide secure memory and cache-to-cache communications, we presented Interconnect-Independent Security Enhanced Shared Memory Multiprocessor System (I^{2}SEMS), mainly focusing on how to manage a global counter to encrypt, decrypt, and authenticate data messages with little performance overhead. However, I^{2}SEMS was vulnerable to replay attacks on data messages and integrity attacks on control and counter messages. This paper proposes three authentication schemes to remove those security vulnerabilities. First, we prevent replay attacks on data messages by inserting Request Counter (RC) into request messages. Second, we also use RC to detect integrity attacks on control messages. Third, we propose a new counter, referred to as GCC Counter (GC), to protect the global counter messages. We simulated our design with SPLASH-2 benchmarks on up to 16-processor shared memory multiprocessor systems by using Simics with Wisconsin multifacet General Execution-driven Multiprocessor Simulator (GEMS). Simulation results show that the overall performance slowdown is 4 percent on average with the highest keystream hit rate of 78 percent.
INDEX TERMS
Multiprocessor systems, shared memory, interprocessor communications, data encryption, authentication.
CITATION
Manhee Lee, Minseon Ahn, Eun Jung Kim, "Fast Secure Communications in Shared Memory Multiprocessor Systems", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 10, pp. 1714-1721, Oct. 2011, doi:10.1109/TPDS.2011.131
REFERENCES
[1] M. Lee, M. Ahn, and E.J. Kim, "I$^2$ SEMS: Interconnects-Independent Security Enhanced Shared Memory Multiprocessor Systems," Proc. 16th Int'l Conf. Parallel Architecture and Compilation Techniques (PACT '07), pp. 94-103, 2007.
[2] A. "bunnie" Huang, "The Trusted PC: Skin-Deep Security," Computer, vol. 35, no. 10, pp. 103-105, Oct. 2002.
[3] Hacking the Xbox: An Introduction to Reverse Engineering. No Starch Press, 2003.
[4] B. Gassend, G.E. Suh, D. Clarke, M. van Dijk, and S. Devadas, "Caches and Hash Trees for Efficient Memory Integrity Verification," Proc. Ninth Int'l Symp. High-Performance Computer Architecture, pp. 295-306, 2003.
[5] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," Proc. Ninth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pp. 168-177, 2000.
[6] W. Shi, H.S. Lee, M. Ghosh, C. Lu, and A. Boldyreva, "High Efficiency Counter Mode Security Architecture via Prediction and Precomputation," Proc. 30th Ann. Int'l Symp. Computer Architecture, pp. 14-24, 2005.
[7] G.E. Suh, C.W. O'Donnell, and S. Devadas, "Aegis: A Single-Chip Secure Processor," IEEE Design and Test of Computers, vol. 24, no. 6, pp. 570-580, Nov./Dec. 2007.
[8] G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, "Efficient Memory Integrity Verification and Encryption for Secure Processors," Proc. 36th Ann. IEEE/ACM Int'l Symp. Microarchitecture, pp. 339-350, 2003.
[9] C. Yan, B. Rogers, D. Englender, Y. Solihin, and M. Prvulovic, "Improving Cost, Performance, and Security of Memory Encryption and Authentication," Proc. 33rd Ann. Int'l Symp. Computer Architecture, pp. 179-190, 2006.
[10] J. Yang, Y. Zhang, and L. Gao, "Fast Secure Processor for Inhibiting Software Piracy and Tampering," Proc. 36th Ann. IEEE/ACM Int'l Symp. Microarchitecture, pp. 351-360, 2003.
[11] W. Shi, H.-H. S. Lee, M. Ghosh, and C. Lu, "Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems," Proc. 13th Int'l Conf. Parallel Architecture and Compilation Techniques, pp. 123-134, 2004.
[12] Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta, "SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors," Proc. 11th Int'l Symp. High Performance Computer Architecture, pp. 352-362, 2005.
[13] H. Lipmaa, P. Rogaway, and D. Wagner, "CTR-Mode Encryption," Proc. NIST Workshop Modes of Operation, 2000.
[14] B. Rogers, M. Prvulovic, and Y. Solihin, "Efficient Data Protection for Distributed Shared Memory Multiprocessors," Proc. 15th Int'l Conf. Parallel Architecture and Compilation Techniques (PACT '06) pp. 84-94, 2006.
[15] E.E. Bilir, R.M. Dickson, Y. Hu, M. Plakal, D.J. Sorin, M.D. Hill, and D.A. Wood, "Multicast Snooping: A New Coherence Method Using a Multicast Address Network," Proc. 26th Ann. Int'l Symp. Computer Architecture (ISCA '99), pp. 294-304, 1999.
[16] M.M. Martin, M.D. Hill, and D.A. Wood, "Token Coherence: A New Framework for Shared-Memory Multiprocessors," IEEE Micro, vol. 23, no. 6, pp. 108-116, Nov./Dec. 2003.
[17] H.-C. Hsiao and C.-T. King, "An Application-Driven Study of Multicast Communication for Write Invalidation," The J. Supercomputing, vol. 18, no. 3, pp. 279-304, 2001.
[18] M.P. Malumbres, J. Duato, and J. Torrellas, "An Efficient Implementation of Tree-Based Multicast Routing for Distributed Shared-Memory Multiprocessors," Proc. Eighth IEEE Symp. Parallel and Distributed Processing (SPDP '96), pp. 186-189, 1996.
[19] D.K. Panda, S. Singal, and P. Prabhakaran, "Multidestination Message Passing Mechanism Conforming to Base Wormhole Routing Scheme," Proc. First Int'l Workshop Parallel Computer Routing and Comm. (PCRCW '94), pp. 131-145, 1994.
[20] K. Shaneman and S. Gray, "Optical Network Security: Technical Analysis of Fiber Tapping Mechanisms and Methods for Detection and Prevention," Proc. IEEE Military Comm. Conf. (MILCOM '04), vol. 2, pp. 711-716, 2004.
[21] Nat'l Inst. of Science and Technology, "Advanced Encryption Standard (AES)," FIPS 197, 2001, http://csrc.nist.gov/ publications/ fips/fips197fips-197.pdf; Accessed Apr. 2008.
[22] B. Yang, S. Mishra, and R. Karri, "A High Speed Architecture for Galois/Counter Mode of Operation (GCM)," Cryptology ePrint Archive, Report 2005/146, 2005.
[23] R.B. Lee, P.C.S. Kwan, J.P. McGregor, J. Dwoskin, and Z. Wang, "Architecture for Protecting Critical Secrets in Microprocessors," Proc. 32nd Ann. Int'l Symp. Computer Architecture (ISCA '05), pp. 2-13, 2005.
[24] D. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM)," Submission to NIST Modes of Operation Process, 2004.
[25] B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin, "Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly," Proc. 40th Ann. IEEE/ACM Int'l Symp. Microarchitecture, pp. 183-196, 2007.
[26] J.C. Martinez, J. Flich, A. Robles, P. Lopez, J. Duato, and M. Koibuchi, "In-Order Packet Delivery in Interconnection Networks Using Adaptive Routing," Proc. 19th IEEE Int'l Parallel and Distributed Processing Symp. (IPDPS '05), p. 101, 2005.
[27] W. Heirman, J. Dambre, I. Artundo, C. Debaes, H. Thienpont, D. Stroobandt, and J. Van Campenhout, "Predicting Reconfigurable Interconnect Performance in Distributed Shared-Memory Systems," Integration the VLSI J., vol. 40, no. 4, pp. 382-393, 2007.
23 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool