Framework for Fast Memory Authentication Using Dynamically Skewed Integrity Tree

Integrity trees are widely used in computer systems to prevent replay, splicing, and spoofing attacks on memories. Such mechanisms incur excessive performance and energy overhead. We propose a memory authentication framework that combines architecture-specific optimizations of the integrity tree with mechanisms that enable it to restructure at runtime based on memory access patterns. The integrity tree structure is customized based on the cache configuration in order to minimize the performance and energy overhead through speculative authentication. At runtime, the tree nodes that are accessed more frequently will be dynamically shifted closer to the root such that fewer levels of the tree are accessed during authentication. The framework is simulated with Multi2Sim and compared with other existing mechanisms [i.e., tamper-evident counter (TEC) tree and ASSURE] to demonstrate its performance and energy benefits. Experimental results using benchmarks from SPEC-CPU2006, SPLASH-2, and PARSEC show that the proposed dynamic integrity tree leads to an average reduction in instruction per cycle of 13% and 10% over TEC tree and ASSURE, respectively. The corresponding average reduction in authentication time is 30% and 20%, respectively. We show that the proposed framework facilitates the selection of a processor with a smaller cache size such that the energy consumption is reduced without sacrificing performance.

[1]  Steven Pigeon,et al.  A memory-efficient adaptive Huffman coding algorithm for very large sets of symbols , 1998, Proceedings DCC '98 Data Compression Conference (Cat. No.98TB100225).

[2]  Y. Tsunoo,et al.  Cryptanalysis of Block Ciphers Implemented on Computers with Cache , 2002 .

[3]  Jaehyuk Huh,et al.  Reducing the Memory Bandwidth Overheads of Hardware Security Support for Multi-Core Processors , 2016, IEEE Transactions on Computers.

[4]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[5]  Thomas Unterluggauer,et al.  MEAS: memory encryption and authentication secure against side-channel attacks , 2018, Journal of Cryptographic Engineering.

[6]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[7]  Kartik Mohanram,et al.  ASSURE: Authentication Scheme for SecURE energy efficient non-volatile memories , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[8]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.

[9]  Aamer Jaleel,et al.  High performance cache replacement using re-reference interval prediction (RRIP) , 2010, ISCA.

[10]  David R. Kaeli,et al.  Multi2Sim: A simulation framework for CPU-GPU computing , 2012, 2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT).

[11]  Guiyuan Jiang,et al.  Customizing Skewed Trees for Fast Memory Integrity Verification in Embedded Systems , 2017, 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[12]  Rajeev Balasubramonian,et al.  VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures , 2018, ASPLOS.

[13]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[14]  Aamer Jaleel,et al.  Adaptive insertion policies for high performance caching , 2007, ISCA '07.

[15]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[16]  Guiyuan Jiang,et al.  Dynamic skewed tree for fast memory integrity verification , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[17]  Jose Joao,et al.  Morphable Counters: Enabling Compact Integrity Trees For Low-Overhead Secure Memories , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[18]  Lionel Torres,et al.  Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines , 2009, Trans. Comput. Sci..

[19]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[20]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).