FESSD: A fast encrypted SSD employing on-chip access-control memory

Junghee Lee, Kalidas Ganesh, Hyuk Jun Lee, Youngjae Kim

Research output: Contribution to journalArticle

Abstract

Cryptography is one of the most popular methods for protecting data stored in storage devices such as solid-state drives (SSDs). To maintain integrity of data, one of the popular techniques is that all incoming data are encrypted before they are stored, however, in this technique, the encryption overhead is non-negligible and it can increase I/O service time. In order to mitigate the negative performance impact caused by the data encryption, a write buffer can be used to hide the long latency by encryption. Using the write buffer, incoming unencrypted data can be immediately returned as soon as they are written in the buffer. They will get encrypted and synchronized with flash memory. However, if the write buffer itself is not encrypted, unencrypted secret data might leak through this insecure write buffer. On the other hand, if the entire write buffer is fully encrypted, it incurs significant performance overhead. To address this problem, we propose an on-chip access control memory (ACM) and presents a fast encrypted SSD, called FESSD that implements a secure write buffering mechanism using the ACM. The ACM does not require a memory-level full encryption mechanism, thus not only solving the unencrypted data leaking problem, but also offering relatively fast I/O service. Our simulation results show that the I/O response time of FESSD can be improved by up to 56 percent over a baseline where encrypted data are stored in the normal write buffer.

Original languageEnglish
Article number7851061
Pages (from-to)115-118
Number of pages4
JournalIEEE Computer Architecture Letters
Volume16
Issue number2
DOIs
Publication statusPublished - 2017 Jan 1
Externally publishedYes

Fingerprint

Access control
Cryptography
Data storage equipment
Flash memory

Keywords

  • Encryption
  • On-chip memory
  • Security
  • Solid-state drive (SSD)

ASJC Scopus subject areas

  • Hardware and Architecture

Cite this

FESSD : A fast encrypted SSD employing on-chip access-control memory. / Lee, Junghee; Ganesh, Kalidas; Lee, Hyuk Jun; Kim, Youngjae.

In: IEEE Computer Architecture Letters, Vol. 16, No. 2, 7851061, 01.01.2017, p. 115-118.

Research output: Contribution to journalArticle

Lee, Junghee ; Ganesh, Kalidas ; Lee, Hyuk Jun ; Kim, Youngjae. / FESSD : A fast encrypted SSD employing on-chip access-control memory. In: IEEE Computer Architecture Letters. 2017 ; Vol. 16, No. 2. pp. 115-118.
@article{a7915b5a0ebb4c65b70d17f4bc1dd56c,
title = "FESSD: A fast encrypted SSD employing on-chip access-control memory",
abstract = "Cryptography is one of the most popular methods for protecting data stored in storage devices such as solid-state drives (SSDs). To maintain integrity of data, one of the popular techniques is that all incoming data are encrypted before they are stored, however, in this technique, the encryption overhead is non-negligible and it can increase I/O service time. In order to mitigate the negative performance impact caused by the data encryption, a write buffer can be used to hide the long latency by encryption. Using the write buffer, incoming unencrypted data can be immediately returned as soon as they are written in the buffer. They will get encrypted and synchronized with flash memory. However, if the write buffer itself is not encrypted, unencrypted secret data might leak through this insecure write buffer. On the other hand, if the entire write buffer is fully encrypted, it incurs significant performance overhead. To address this problem, we propose an on-chip access control memory (ACM) and presents a fast encrypted SSD, called FESSD that implements a secure write buffering mechanism using the ACM. The ACM does not require a memory-level full encryption mechanism, thus not only solving the unencrypted data leaking problem, but also offering relatively fast I/O service. Our simulation results show that the I/O response time of FESSD can be improved by up to 56 percent over a baseline where encrypted data are stored in the normal write buffer.",
keywords = "Encryption, On-chip memory, Security, Solid-state drive (SSD)",
author = "Junghee Lee and Kalidas Ganesh and Lee, {Hyuk Jun} and Youngjae Kim",
year = "2017",
month = "1",
day = "1",
doi = "10.1109/LCA.2017.2667639",
language = "English",
volume = "16",
pages = "115--118",
journal = "IEEE Computer Architecture Letters",
issn = "1556-6056",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "2",

}

TY - JOUR

T1 - FESSD

T2 - A fast encrypted SSD employing on-chip access-control memory

AU - Lee, Junghee

AU - Ganesh, Kalidas

AU - Lee, Hyuk Jun

AU - Kim, Youngjae

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Cryptography is one of the most popular methods for protecting data stored in storage devices such as solid-state drives (SSDs). To maintain integrity of data, one of the popular techniques is that all incoming data are encrypted before they are stored, however, in this technique, the encryption overhead is non-negligible and it can increase I/O service time. In order to mitigate the negative performance impact caused by the data encryption, a write buffer can be used to hide the long latency by encryption. Using the write buffer, incoming unencrypted data can be immediately returned as soon as they are written in the buffer. They will get encrypted and synchronized with flash memory. However, if the write buffer itself is not encrypted, unencrypted secret data might leak through this insecure write buffer. On the other hand, if the entire write buffer is fully encrypted, it incurs significant performance overhead. To address this problem, we propose an on-chip access control memory (ACM) and presents a fast encrypted SSD, called FESSD that implements a secure write buffering mechanism using the ACM. The ACM does not require a memory-level full encryption mechanism, thus not only solving the unencrypted data leaking problem, but also offering relatively fast I/O service. Our simulation results show that the I/O response time of FESSD can be improved by up to 56 percent over a baseline where encrypted data are stored in the normal write buffer.

AB - Cryptography is one of the most popular methods for protecting data stored in storage devices such as solid-state drives (SSDs). To maintain integrity of data, one of the popular techniques is that all incoming data are encrypted before they are stored, however, in this technique, the encryption overhead is non-negligible and it can increase I/O service time. In order to mitigate the negative performance impact caused by the data encryption, a write buffer can be used to hide the long latency by encryption. Using the write buffer, incoming unencrypted data can be immediately returned as soon as they are written in the buffer. They will get encrypted and synchronized with flash memory. However, if the write buffer itself is not encrypted, unencrypted secret data might leak through this insecure write buffer. On the other hand, if the entire write buffer is fully encrypted, it incurs significant performance overhead. To address this problem, we propose an on-chip access control memory (ACM) and presents a fast encrypted SSD, called FESSD that implements a secure write buffering mechanism using the ACM. The ACM does not require a memory-level full encryption mechanism, thus not only solving the unencrypted data leaking problem, but also offering relatively fast I/O service. Our simulation results show that the I/O response time of FESSD can be improved by up to 56 percent over a baseline where encrypted data are stored in the normal write buffer.

KW - Encryption

KW - On-chip memory

KW - Security

KW - Solid-state drive (SSD)

UR - http://www.scopus.com/inward/record.url?scp=85057203142&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85057203142&partnerID=8YFLogxK

U2 - 10.1109/LCA.2017.2667639

DO - 10.1109/LCA.2017.2667639

M3 - Article

AN - SCOPUS:85057203142

VL - 16

SP - 115

EP - 118

JO - IEEE Computer Architecture Letters

JF - IEEE Computer Architecture Letters

SN - 1556-6056

IS - 2

M1 - 7851061

ER -