ELM: A Low-Latency and Scalable Memory Encryption Scheme

Akiko Inoue; Kazuhiko Minematsu; Maya Oda; Rei Ueno; Naofumi Homma

doi:10.1109/TIFS.2022.3188146

ELM: A Low-Latency and Scalable Memory Encryption Scheme

Akiko Inoue, Kazuhiko Minematsu, Maya Oda, Rei Ueno, Naofumi Homma

電気通信研究所・情報通信基盤研究部門

研究成果: ジャーナルへの寄稿 › 学術論文 › 査読

6 被引用数 (Scopus)

抄録

Memory encryption (ME) with authentication is becoming a key security feature of modern processors, as evident by the adoption of ME by Intel's SGX. Recently ME is actively studied from the viewpoint of system architecture. This paper studies ME from the viewpoint of symmetric-key cryptographic designs, with a primal focus on latency. A significant progress in such a direction can be observed in the SGX Integrity Tree (SIT). Using a variant of AES-GCM, SIT achieves an excellent latency. However, it has a scalability issue. By carefully examining SIT, we develop a new ME scheme dubbed ELM. We present an AES-based instantiation of ELM, and show that ELM significantly reduces latency from SIT for large memories, and achieves the provable security and equivalent hardware-protected (on-chip) area. We also present preliminary hardware implementations to substantiate our advantages.

本文言語	英語
ページ（範囲）	2628-2643
ページ数	16
ジャーナル	IEEE Transactions on Information Forensics and Security
巻	17
DOI	https://doi.org/10.1109/TIFS.2022.3188146
出版ステータス	出版済み - 2022

文献へのアクセス

10.1109/TIFS.2022.3188146

他のファイルとリンク

引用スタイル

@article{6fc8a257aef0438aa34df40f91b15077,

title = "ELM: A Low-Latency and Scalable Memory Encryption Scheme",

abstract = "Memory encryption (ME) with authentication is becoming a key security feature of modern processors, as evident by the adoption of ME by Intel's SGX. Recently ME is actively studied from the viewpoint of system architecture. This paper studies ME from the viewpoint of symmetric-key cryptographic designs, with a primal focus on latency. A significant progress in such a direction can be observed in the SGX Integrity Tree (SIT). Using a variant of AES-GCM, SIT achieves an excellent latency. However, it has a scalability issue. By carefully examining SIT, we develop a new ME scheme dubbed ELM. We present an AES-based instantiation of ELM, and show that ELM significantly reduces latency from SIT for large memories, and achieves the provable security and equivalent hardware-protected (on-chip) area. We also present preliminary hardware implementations to substantiate our advantages.",

keywords = "Memory encryption, SGX, authentication tree, latency, mode of operations",

author = "Akiko Inoue and Kazuhiko Minematsu and Maya Oda and Rei Ueno and Naofumi Homma",

note = "Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2022",

doi = "10.1109/TIFS.2022.3188146",

language = "English",

volume = "17",

pages = "2628--2643",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - ELM

T2 - A Low-Latency and Scalable Memory Encryption Scheme

AU - Inoue, Akiko

AU - Minematsu, Kazuhiko

AU - Oda, Maya

AU - Ueno, Rei

AU - Homma, Naofumi

PY - 2022

Y1 - 2022

N2 - Memory encryption (ME) with authentication is becoming a key security feature of modern processors, as evident by the adoption of ME by Intel's SGX. Recently ME is actively studied from the viewpoint of system architecture. This paper studies ME from the viewpoint of symmetric-key cryptographic designs, with a primal focus on latency. A significant progress in such a direction can be observed in the SGX Integrity Tree (SIT). Using a variant of AES-GCM, SIT achieves an excellent latency. However, it has a scalability issue. By carefully examining SIT, we develop a new ME scheme dubbed ELM. We present an AES-based instantiation of ELM, and show that ELM significantly reduces latency from SIT for large memories, and achieves the provable security and equivalent hardware-protected (on-chip) area. We also present preliminary hardware implementations to substantiate our advantages.

AB - Memory encryption (ME) with authentication is becoming a key security feature of modern processors, as evident by the adoption of ME by Intel's SGX. Recently ME is actively studied from the viewpoint of system architecture. This paper studies ME from the viewpoint of symmetric-key cryptographic designs, with a primal focus on latency. A significant progress in such a direction can be observed in the SGX Integrity Tree (SIT). Using a variant of AES-GCM, SIT achieves an excellent latency. However, it has a scalability issue. By carefully examining SIT, we develop a new ME scheme dubbed ELM. We present an AES-based instantiation of ELM, and show that ELM significantly reduces latency from SIT for large memories, and achieves the provable security and equivalent hardware-protected (on-chip) area. We also present preliminary hardware implementations to substantiate our advantages.

KW - Memory encryption

KW - SGX

KW - authentication tree

KW - latency

KW - mode of operations

UR - http://www.scopus.com/inward/record.url?scp=85134224757&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85134224757&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2022.3188146

DO - 10.1109/TIFS.2022.3188146

M3 - Article

AN - SCOPUS:85134224757

SN - 1556-6013

VL - 17

SP - 2628

EP - 2643

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

ER -

ELM: A Low-Latency and Scalable Memory Encryption Scheme

抄録

文献へのアクセス

他のファイルとリンク

フィンガープリント

引用スタイル