TY - JOUR
T1 - FESSD
T2 - A fast encrypted SSD employing on-chip access-control memory
AU - Lee, Junghee
AU - Ganesh, Kalidas
AU - Lee, Hyuk Jun
AU - Kim, Youngjae
N1 - Funding Information:
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MISP) (No. 2015R1C1A1A0152105). This research also used resources of The University of Texas at San Antonio, San Antonio, TX. Youngjae Kim is the corresponding author.
Publisher Copyright:
© 2017 IEEE. All rights reserved.
PY - 2017
Y1 - 2017
N2 - Cryptography is one of the most popular methods for protecting data stored in storage devices such as solid-state drives (SSDs). To maintain integrity of data, one of the popular techniques is that all incoming data are encrypted before they are stored, however, in this technique, the encryption overhead is non-negligible and it can increase I/O service time. In order to mitigate the negative performance impact caused by the data encryption, a write buffer can be used to hide the long latency by encryption. Using the write buffer, incoming unencrypted data can be immediately returned as soon as they are written in the buffer. They will get encrypted and synchronized with flash memory. However, if the write buffer itself is not encrypted, unencrypted secret data might leak through this insecure write buffer. On the other hand, if the entire write buffer is fully encrypted, it incurs significant performance overhead. To address this problem, we propose an on-chip access control memory (ACM) and presents a fast encrypted SSD, called FESSD that implements a secure write buffering mechanism using the ACM. The ACM does not require a memory-level full encryption mechanism, thus not only solving the unencrypted data leaking problem, but also offering relatively fast I/O service. Our simulation results show that the I/O response time of FESSD can be improved by up to 56 percent over a baseline where encrypted data are stored in the normal write buffer.
AB - Cryptography is one of the most popular methods for protecting data stored in storage devices such as solid-state drives (SSDs). To maintain integrity of data, one of the popular techniques is that all incoming data are encrypted before they are stored, however, in this technique, the encryption overhead is non-negligible and it can increase I/O service time. In order to mitigate the negative performance impact caused by the data encryption, a write buffer can be used to hide the long latency by encryption. Using the write buffer, incoming unencrypted data can be immediately returned as soon as they are written in the buffer. They will get encrypted and synchronized with flash memory. However, if the write buffer itself is not encrypted, unencrypted secret data might leak through this insecure write buffer. On the other hand, if the entire write buffer is fully encrypted, it incurs significant performance overhead. To address this problem, we propose an on-chip access control memory (ACM) and presents a fast encrypted SSD, called FESSD that implements a secure write buffering mechanism using the ACM. The ACM does not require a memory-level full encryption mechanism, thus not only solving the unencrypted data leaking problem, but also offering relatively fast I/O service. Our simulation results show that the I/O response time of FESSD can be improved by up to 56 percent over a baseline where encrypted data are stored in the normal write buffer.
KW - Encryption
KW - On-chip memory
KW - Security
KW - Solid-state drive (SSD)
UR - http://www.scopus.com/inward/record.url?scp=85057203142&partnerID=8YFLogxK
U2 - 10.1109/LCA.2017.2667639
DO - 10.1109/LCA.2017.2667639
M3 - Article
AN - SCOPUS:85057203142
SN - 1556-6056
VL - 16
SP - 115
EP - 118
JO - IEEE Computer Architecture Letters
JF - IEEE Computer Architecture Letters
IS - 2
M1 - 7851061
ER -