62 research outputs found
SecDDR: Enabling Low-Cost Secure Memories by Protecting the DDR Interface
The security goals of cloud providers and users include memory
confidentiality and integrity, which requires implementing Replay-Attack
protection (RAP). RAP can be achieved using integrity trees or mutually
authenticated channels. Integrity trees incur significant performance overheads
and are impractical for protecting large memories. Mutually authenticated
channels have been proposed only for packetized memory interfaces that address
only a very small niche domain and require fundamental changes to memory system
architecture. We propose SecDDR, a low-cost RAP that targets direct-attached
memories, like DDRx. SecDDR avoids memory-side data authentication, and thus,
only adds a small amount of logic to memory components and does not change the
underlying DDR protocol, making it practical for widespread adoption. In
contrast to prior mutual authentication proposals, which require trusting the
entire memory module, SecDDR targets untrusted modules by placing its limited
security logic on the DRAM die (or package) of the ECC chip. Our evaluation
shows that SecDDR performs within 1% of an encryption-only memory without RAP
and that SecDDR provides 18.8% and 7.8% average performance improvements (up to
190.4% and 24.8%) relative to a 64-ary integrity tree and an authenticated
channel, respectively
- …