Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A New Secure Memory System for Efficient Data Protection and Access Pattern Obfuscation (2402.15824v1)

Published 24 Feb 2024 in cs.CR and cs.AR

Abstract: As the reliance on secure memory environments permeates across applications, memory encryption is used to ensure memory security. However, most effective encryption schemes, such as the widely used AES-CTR, inherently introduce extra overheads, including those associated with counter storage and version number integrity checks. Moreover, encryption only protects data content, and it does not fully address the memory access pattern leakage. While Oblivious RAM (ORAM) aims to obscure these patterns, its high performance costs hinder practical applications. We introduce Secure Scattered Memory (SSM), an efficient scheme provides a comprehensive security solution that preserves the confidentiality of data content without traditional encryption, protects access patterns, and enables efficient integrity verification. Moving away from traditional encryption-centric methods, SSM offers a fresh approach to protecting data content while eliminating counter-induced overheads. Moreover, SSM is designed to inherently obscure memory access patterns, thereby significantly enhancing the confidentiality of memory data. In addition, SSM incorporates lightweight, thus integrated mechanisms for integrity assurance, protecting against data tampering. We also introduce SSM+, an extension that adapts Path ORAM to offer even greater security guarantees for both data content and memory access patterns, demonstrating its flexibility and efficiency. Experimental results show that SSM incurs only a 10% performance overhead compared to non-protected memory and offers a 15% improvement over AES-CTR mode memory protection. Notably, SSM+ provides an 20% improvement against Path ORAM integrated with Intel SGX under the highest security guarantees.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (61)
  1. AMD, “Amd memory encryption white paper,” 2023. [Online]. Available: https://www.amd.com/system/files/TechDocs/memory-encryption-white-paper.pdf
  2. A. Beimel, “Secret-sharing schemes: A survey,” in International conference on coding and cryptology.   Springer, 2011, pp. 11–46.
  3. J.-P. Berrut and L. N. Trefethen, “Barycentric lagrange interpolation,” SIAM review, vol. 46, no. 3, pp. 501–517, 2004.
  4. N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, T. Krishna, S. Sardashti et al., “The gem5 simulator,” ACM SIGARCH computer architecture news, vol. 39, no. 2, pp. 1–7, 2011.
  5. D. Cao, M. Zhang, H. Lu, X. Ye, D. Fan, Y. Che, and R. Wang, “Streamline ring oram accesses through spatial and temporal optimization,” in 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA).   IEEE, 2021, pp. 14–25.
  6. A. Chakraborti and R. Sion, “Concuroram: High-throughput stateless parallel multi-client oram,” arXiv preprint arXiv:1811.04366, 2018.
  7. Y. Che and R. Wang, “Multi-range supported oblivious ram for efficient block data retrieval,” in 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA).   IEEE, 2020, pp. 369–382.
  8. Y. Che and R. Wang, “Dnncloak: Secure dnn models against memory side-channel based reverse engineering attacks,” in 2022 IEEE 40th International Conference on Computer Design (ICCD).   IEEE, 2022, pp. 89–96.
  9. W. Cheng, D. Sang, L. Zeng, Y. Wang, and A. Brinkmann, “Tianji: Securing a practical asynchronous multi-user oram,” IEEE Transactions on Dependable and Secure Computing, 2023.
  10. N. Crooks, M. Burke, E. Cecchetti, S. Harel, R. Agarwal, and L. Alvisi, “Obladi: Oblivious serializable transactions in the cloud,” in 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18), 2018, pp. 727–743.
  11. E. Dawson and D. Donovan, “The breadth of shamir’s secret-sharing scheme,” Computers & Security, vol. 13, no. 1, pp. 69–78, 1994.
  12. J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei, “Imagenet: A large-scale hierarchical image database,” in 2009 IEEE conference on computer vision and pattern recognition.   Ieee, 2009, pp. 248–255.
  13. J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv:1810.04805, 2018.
  14. R. Elbaz, D. Champagne, R. B. Lee, L. Torres, G. Sassatelli, and P. Guillemin, “Tec-tree: A low-cost, parallelizable tree for efficient defense against memory replay attacks,” in Cryptographic Hardware and Embedded Systems-CHES 2007: 9th International Workshop, Vienna, Austria, September 10-13, 2007. Proceedings 9.   Springer, 2007, pp. 289–302.
  15. O. Goldreich, “Towards a theory of software protection and simulation by oblivious rams,” in Proceedings of the nineteenth annual ACM symposium on Theory of computing, 1987, pp. 182–194.
  16. O. Goldreich and R. Ostrovsky, “Software protection and simulation on oblivious rams,” Journal of the ACM (JACM), vol. 43, no. 3, pp. 431–473, 1996.
  17. S. Gueron, “Memory encryption for general-purpose processors,” IEEE Security & Privacy, vol. 14, no. 6, pp. 54–62, 2016.
  18. W. E. Hall and C. S. Jutla, “Parallelizable authentication trees,” in Selected Areas in Cryptography: 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005, Revised Selected Papers 12.   Springer, 2006, pp. 95–109.
  19. J. Han, Y. Liu, L. Xiao, R. Xiao, and L. M. Ni, “A mutual anonymous peer-to-peer protocol design,” in 19th IEEE International Parallel and Distributed Processing Symposium.   IEEE, 2005, pp. 10–pp.
  20. K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” in Proceedings of the IEEE conference on computer vision and pattern recognition, 2016, pp. 770–778.
  21. M. Henson and S. Taylor, “Memory encryption: A survey of existing techniques,” ACM Computing Surveys (CSUR), vol. 46, no. 4, pp. 1–26, 2014.
  22. W. Hua, M. Umar, Z. Zhang, and G. E. Suh, “Mgx: Near-zero overhead memory protection for data-intensive accelerators,” in Proceedings of the 49th Annual International Symposium on Computer Architecture, 2022, pp. 726–741.
  23. W. Hua, Z. Zhang, and G. E. Suh, “Reverse engineering convolutional neural networks through side-channel information leaks,” in Proceedings of the 55th Annual Design Automation Conference, 2018, pp. 1–6.
  24. Intel, “Intel total memory encryption white paper,” 2023. [Online]. Available: https://www.intel.com/content/www/us/en/architecture-and-technology/total-memory-encryption-security-paper.html
  25. M. S. Islam, M. Kuzu, and M. Kantarcioglu, “Access pattern disclosure on searchable encryption: ramification, attack and mitigation.” in Ndss, vol. 20.   Citeseer, 2012, p. 12.
  26. Y. Ji, S. Lee, E. Downing, W. Wang, M. Fazzini, T. Kim, A. Orso, and W. Lee, “Rain: Refinable attack investigation with on-demand inter-process information flow tracking,” in Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 377–390.
  27. T. M. John, “Privacy leakage via write-access patterns to the main memory,” 2017.
  28. A. Krizhevsky, I. Sutskever, and G. E. Hinton, “Imagenet classification with deep convolutional neural networks,” Advances in neural information processing systems, vol. 25, 2012.
  29. J. Lee, T. Kim, and J. Huh, “Reducing the memory bandwidth overheads of hardware security support for multi-core processors,” IEEE Transactions on Computers, vol. 65, no. 11, pp. 3384–3397, 2016.
  30. T. S. Lehman, A. D. Hilton, and B. C. Lee, “Poisonivy: Safe speculation for secure memory,” in 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).   IEEE, 2016, pp. 1–13.
  31. M. Li, Y. Zhang, H. Wang, K. Li, and Y. Cheng, “{{\{{CIPHERLEAKS}}\}}: Breaking constant-time cryptography on {{\{{AMD}}\}}{{\{{SEV}}\}} via the ciphertext side channel,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 717–732.
  32. W. Liang, K. Bu, K. Li, J. Li, and A. Tavakoli, “Memcloak: Practical access obfuscation for untrusted memory,” in Proceedings of the 34th Annual Computer Security Applications Conference, 2018, pp. 187–197.
  33. C. Liu, L. Zhu, M. Wang, and Y.-a. Tan, “Search pattern leakage in searchable encryption: Attacks and new construction,” Information Sciences, vol. 265, pp. 176–188, 2014.
  34. S. Liu, A. Kolli, J. Ren, and S. Khan, “Crash consistency in encrypted non-volatile main memory systems,” in 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).   IEEE, 2018, pp. 310–323.
  35. Y. Mao, Y. Zhu, Y. Wang, and Y. Guo, “Continuous variable quantum secret sharing with security enhancement in practical quantum communications,” Mathematics, vol. 10, no. 20, p. 3768, 2022.
  36. L. Martin, “Xts: A mode of aes for encrypting hard disks,” IEEE Security & Privacy, vol. 8, no. 3, pp. 68–69, 2010.
  37. A. J. Mashtizadeh, A. Bittau, D. Boneh, and D. Mazières, “Ccfi: Cryptographically enforced control flow integrity,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 941–951.
  38. B. Mi, B. Wu, D. Huang, Y. Liu, L. Chen, S. Wan et al., “Privacy-oriented transaction for public blockchain via secret sharing,” Security and Communication Networks, vol. 2022, 2022.
  39. A. Narayanan and V. Shmatikov, “Robust de-anonymization of large sparse datasets,” in 2008 IEEE Symposium on Security and Privacy (sp 2008).   IEEE, 2008, pp. 111–125.
  40. A. Narayanan and V. Shmatikov, “Myths and fallacies of” personally identifiable information”,” Communications of the ACM, vol. 53, no. 6, pp. 24–26, 2010.
  41. M. Naumov, D. Mudigere, H.-J. M. Shi, J. Huang, N. Sundaraman, J. Park, X. Wang, U. Gupta, C.-J. Wu, A. G. Azzolini et al., “Deep learning recommendation model for personalization and recommendation systems,” arXiv preprint arXiv:1906.00091, 2019.
  42. R. Rajat, Y. Wang, and M. Annavaram, “Pageoram: An efficient dram page aware oram strategy,” in 2022 55th IEEE/ACM International Symposium on Microarchitecture (MICRO).   IEEE, 2022, pp. 91–107.
  43. R. Rajat, Y. Wang, and M. Annavaram, “Laoram: A look ahead oram architecture for training large embedding tables,” in Proceedings of the 50th Annual International Symposium on Computer Architecture, 2023, pp. 1–15.
  44. L. Ren, C. W. Fletcher, A. Kwon, E. Stefanov, E. Shi, M. van Dijk, and S. Devadas, “Ring oram: Closing the gap between small and large client storage oblivious ram.” IACR Cryptol. ePrint Arch., vol. 2014, p. 997, 2014.
  45. L. Ren, X. Yu, C. W. Fletcher, M. Van Dijk, and S. Devadas, “Design space exploration and optimization of path oblivious ram in secure processors,” in Proceedings of the 40th Annual International Symposium on Computer Architecture, 2013, pp. 571–582.
  46. C. Sahin, V. Zakhary, A. El Abbadi, H. Lin, and S. Tessaro, “Taostore: Overcoming asynchronicity in oblivious data storage,” in 2016 IEEE Symposium on Security and Privacy (SP).   IEEE, 2016, pp. 198–217.
  47. A. Samajdar, Y. Zhu, P. Whatmough, M. Mattina, and T. Krishna, “Scale-sim: Systolic cnn accelerator simulator,” arXiv preprint arXiv:1811.02883, 2018.
  48. D. Sanchez and C. Kozyrakis, “Zsim: Fast and accurate microarchitectural simulation of thousand-core systems,” ACM SIGARCH Computer architecture news, vol. 41, no. 3, pp. 475–486, 2013.
  49. W. Shi, H.-h. S. Lee, M. Ghosh, C. Lu, and A. Boldyreva, “High efficiency counter mode security architecture via prediction and precomputation,” in 32nd International Symposium on Computer Architecture (ISCA’05).   IEEE, 2005, pp. 14–24.
  50. K. Simonyan and A. Zisserman, “Very deep convolutional networks for large-scale image recognition,” arXiv preprint arXiv:1409.1556, 2014.
  51. E. Stefanov, M. v. Dijk, E. Shi, T.-H. H. Chan, C. Fletcher, L. Ren, X. Yu, and S. Devadas, “Path oram: an extremely simple oblivious ram protocol,” Journal of the ACM (JACM), vol. 65, no. 4, pp. 1–26, 2018.
  52. G. E. Suh, D. Clarke, B. Gasend, M. Van Dijk, and S. Devadas, “Efficient memory integrity verification and encryption for secure processors,” in Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36.   IEEE, 2003, pp. 339–350.
  53. M. Szydlo, “Merkle tree traversal in log space and time,” in Advances in Cryptology-EUROCRYPT 2004: International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004. Proceedings 23.   Springer, 2004, pp. 541–554.
  54. M. Umar, W. Hua, Z. Zhang, and G. E. Suh, “Softvn: Efficient memory protection via software-provided version numbers,” in Proceedings of the 49th Annual International Symposium on Computer Architecture, 2022, pp. 160–172.
  55. F. Wang, C. Yun, S. Goldwasser, V. Vaikuntanathan, and M. Zaharia, “Splinter: Practical private queries on public data,” in 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), 2017, pp. 299–313.
  56. J. Wichelmann, A. Pätschke, L. Wilke, and T. Eisenbarth, “Cipherfix: Mitigating ciphertext {{\{{Side-Channel}}\}} attacks in software,” in 32nd USENIX Security Symposium (USENIX Security 23), 2023, pp. 6789–6806.
  57. J. Xu, X. Li, Y. Han, Y. Zhou, Z. Liu, Z. Zhang, and Y. Song, “Quantitative security analysis of three-level unitary operations in quantum secret sharing without entanglement,” Frontiers in Physics, vol. 11, p. 1213153, 2023.
  58. L. Yu, Y. Lu, X. Yan, Y. Jiang, J. Wang et al., “Generative text secret sharing with topic-controlled shadows,” Security and Communication Networks, vol. 2022, 2022.
  59. Y. Zhao, X. Hu, S. Li, J. Ye, L. Deng, Y. Ji, J. Xu, D. Wu, and Y. Xie, “Memory trojan attack on neural network accelerators,” in 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).   IEEE, 2019, pp. 1415–1420.
  60. W. Zheng, Y. Wu, X. Wu, C. Feng, Y. Sui, X. Luo, and Y. Zhou, “A survey of intel sgx and its applications,” Frontiers of Computer Science, vol. 15, pp. 1–15, 2021.
  61. X. Zhuang, T. Zhang, and S. Pande, “Hide: an infrastructure for efficiently protecting information leakage on the address bus,” ACM SIGOPS Operating Systems Review, vol. 38, no. 5, pp. 72–84, 2004.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now