Abstract
Emerging byte-addressable Non-Volatile Memory (NVM) technology, although promising superior memory density and ultra-low energy consumption, poses unique challenges to achieving persistent data privacy and computing security, both of which are critically important to the embedded and IoT applications. Specifically, to successfully restore NVMs to their working states after unexpected system crashes or power failure, maintaining and recovering all the necessary security-related metadata can severely increase memory traffic, degrade runtime performance, exacerbate write endurance problem, and demand costly hardware changes to off-the-shelf processors.
In this article, we designed and implemented ARES, a new FPGA-assisted processor-transparent security mechanism that aims at efficiently and effectively achieving all three aspects of a security triad—confidentiality, integrity, and recoverability—in modern embedded computing. Given the growing prominence of CPU-FPGA heterogeneous computing architectures, ARES leverages FPGA’s hardware reconfigurability to offload performance-critical and security-related functions to the programmable hardware without microprocessors’ involvement. In particular, recognizing that the traditional Merkle tree caching scheme cannot fully exploit FPGA’s parallelism due to its sequential and recursive function calls, we (1) proposed a Merkle tree cache architecture that partitions a unified cache into multiple levels with parallel accesses and (2) further designed a novel Merkle tree scheme that flattened and reorganized the computation in the traditional Merkle tree verification and update processes to fully exploit the parallel cache ports and to fully pipeline time-consuming hashing operations. Beyond that, to accelerate the metadata recovery process, multiple parallel recovery units are instantiated to recover counter metadata and multiple Merkle sub-trees.
Our hardware prototype of the ARES system on a Xilinx U200 platform shows that ARES achieved up to 1.4× lower latency and 2.6× higher throughput against the baseline implementation, while metadata recovery time was shortened by 1.8 times. When integrated with an embedded processor, neither hardware changes nor software changes are required. We also developed a theoretical framework to analytically model and explain experimental results.
- [1] . 2020. Phoenix: Towards ultra-low overhead, recoverable, and persistently secure nvm. IEEE Transactions on Dependable and Secure Computing.Google Scholar
- [2] . 2016. Silent shredder: Zero-cost shredding for secure non-volatile main memory controllers. ACM SIGPLAN Not. 51, 4 (2016), 263–276.Google Scholar
Digital Library
- [3] . 2003. Very compact FPGA implementation of the AES algorithm. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 319–333.Google Scholar
Cross Ref
- [4] . 2016. Intel SGX explained. IACR Cryptol. ePrint Arch. 2016, 86 (2016), 1–118.Google Scholar
- [5] . 2001. US secure hash algorithm 1 (SHA1).Google Scholar
- [6] . 2018. Method and apparatus for completing pending write requests to volatile memory prior to transitioning to self-refresh mode.
US Patent 10,127,968. November 13 2018.Google Scholar - [7] . 2007. Tec-tree: A low-cost, parallelizable tree for efficient defense against memory replay attacks. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 289–302.Google Scholar
Digital Library
- [8] . 2013. Amazon.com Goes Down, Loses $66,240 Per Minute. Retrieved from https://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute/?sh=3c1ad34f495c.Google Scholar
- [9] . 2020. Persist level parallelism: Streamlining integrity tree updates for secure persistent memory. In Proceedings of the 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 14–27.Google Scholar
Cross Ref
- [10] . 2003. Caches and merkle trees for efficient memory authentication. In Proceedings of the 9th International Symposium on High Performance Computer Architecture.Google Scholar
- [11] . 2005. AES on FPGA from the fastest to the smallest. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 427–440.Google Scholar
Digital Library
- [12] . 2005. Parallelizable authentication trees. In Proceedings of the International Workshop on Selected Areas in Cryptography. Springer, 95–109.Google Scholar
- [13] . 2020. Intel Architecture Memory Encryption Technologies Specification. Retrieved from https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf?source=techstories.org.Google Scholar
- [14] . 2020. Intel Optane Persistent Memory. Retrieved from https://www.intel.com/content/www/us/en/ architecture-and-technology/optane-dc-persistent-memory.html.Google Scholar
- [15] . 2020. Intel Optane Persistent Memory Write Endurance. Retrieved from https://www.intel.com/content/www/us/en/architecture-and-technology/optane-technology/delivering-new-levels-of-endurance-article-brief.html.Google Scholar
- [16] . 2020. Intel SGX. Retrieved from https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions/details.html.Google Scholar
- [17] . 2020. NVDIMM-C: A byte-addressable non-volatile memory module for compatibility with standard DDR memory interfaces. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’20). IEEE, 502–514.Google Scholar
Cross Ref
- [18] . 2019. Janus: Optimizing memory and storage support for non-volatile memory systems. In Proceedings of the ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA’19). IEEE, 143–156.Google Scholar
Digital Library
- [19] . 1995. Memory bandwidth and machine balance in current high performance computers. Proceedings of the IEEE Computer Society Technical Committee on Computer Architecture Newsletter, 19–25.Google Scholar
- [20] . 2013. BEEBS: Open benchmarks for energy measurements on embedded platforms. arXiv:1308.5174. Retrieved from https://arxiv.org/abs/1308.5174.Google Scholar
- [21] . 2007. Using address independent seed encryption and bonsai merkle trees to make secure processors os-and performance-friendly. In Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’07). IEEE, 183–196.Google Scholar
Digital Library
- [22] . 2016. Deprecating the PCOMMIT Instruction. Retrieved from Software.Intel.com/en-us/blogs/2016/09/12/deprecate-pcommit-instruction, Intel Corp.Google Scholar
- [23] . 2003. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the ACM International Conference on Supercomputing 25th Anniversary Volume. 357–368.Google Scholar
Digital Library
- [24] . 2014. Towards fast hardware memory integrity checking with skewed merkle trees. In Proceedings of the 3rd Workshop on Hardware and Architectural Support for Security and Privacy. 1–8.Google Scholar
Digital Library
- [25] . 2018. Dynamic skewed tree for fast memory integrity verification. In Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE’18). IEEE, 642–647.Google Scholar
Cross Ref
- [26] . 2019. Framework for fast memory authentication using dynamically skewed integrity tree. IEEE Trans. VLSI Syst. 27, 10 (2019), 2331–2343.Google Scholar
Digital Library
- [27] . 2021. Cache-aware dynamic skewed tree for fast memory authentication. In Proceedings of the 26th Asia and South Pacific Design Automation Conference. 402–407.Google Scholar
Digital Library
- [28] . 2017. Customizing skewed trees for fast memory integrity verification in embedded systems. In Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI’17). IEEE, 213–218.Google Scholar
Cross Ref
- [29] . 2017. Transparent memory encryption and authentication. In Proceedings of the 27th International Conference on Field Programmable Logic and Applications (FPL’17). IEEE, 1–6.Google Scholar
Cross Ref
- [30] . 2018. UG909 Vivado Partial Reconfiguration. Retrieved from https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_1/ug909-vivado-partial-reconfiguration.pdf.Google Scholar
- [31] . 2020. ShieldNVM: An efficient and fast recoverable system for secure non-volatile memory. ACM Trans. Stor. 16, 2 (2020), 1–31.Google Scholar
Digital Library
- [32] . 2019. No compromises: Secure NVM with crash consistency, write-efficiency and high-performance. In Proceedings of the 56th ACM/IEEE Design Automation Conference (DAC’19). IEEE, 1–6.Google Scholar
Digital Library
- [33] . 2018. Osiris: A Low-Cost Mechanism to Enable Restoration of Secure Non-Volatile Memories.
Technical Report . Sandia National Laboratory, Albuquerque, NM.Google Scholar - [34] . 1994. DSPstone: A DSP-oriented benchmarking methodology. In Proceedings of the Signal Processing Applications & Technology Conference, 715–720.Google Scholar
- [35] . 2019. FAST: A frequency-aware skewed merkle tree for FPGA-secured embedded systems. In Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI’19). IEEE, 326–331.Google Scholar
Cross Ref
- [36] . 2019. Anubis: Ultra-low overhead and recovery time for secure non-volatile memories. In Proceedings of the 46th International Symposium on Computer Architecture. 157–168.Google Scholar
Digital Library
- [37] . 2019. SuperMem: Enabling application-transparent secure persistent memory with low overheads. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. 479–492.Google Scholar
Digital Library
Index Terms
ARES: Persistently Secure Non-Volatile Memory with Processor-transparent and Hardware-friendly Integrity Verification and Metadata Recovery
Recommendations
Redesign the Memory Allocator for Non-Volatile Main Memory
Special Issue on Hardware and Algorithms for Learning On-a-chip and Special Issue on Alternative Computing SystemsThe non-volatile memory (NVM) has the merits of byte-addressability, fast speed, persistency and low power consumption, which make it attractive to be used as main memory. Commonly, user process dynamically acquires memory through memory allocators. ...
Secure non-volatile memory with scratch pad memory using dual encryption mode: work-in-progress
CODES '18: Proceedings of the International Conference on Hardware/Software Codesign and System SynthesisThis paper proposes a secure non-volatile main memory (NVMM) with a scratch pad memory (SPM) management compiler to reduce the number of bit flips in NVMM.
The main idea is to categorize data to write-intensive and non write-intensive, and apply the CTR ...
Minimizing write activities to non-volatile memory via scheduling and recomputation
SASP '10: Proceedings of the 2010 IEEE 8th Symposium on Application Specific Processors (SASP)Non-volatile memories, such as flash memory, Phase Change Memory (PCM), and Magnetic Random Access Memory (MRAM), have many desirable characteristics for embedded DSP systems to employ them as main memory. These characteristics include low-cost, shock-...






Comments