Making safe data transmission faster
Context: Many software companies use encryption to protect their programs from tampering or copying, but even those protections can be circumvented by a hacker who’s skilled and motivated enough. In a conventional computer, protected software is decoded and stored in memory until the processor calls for it; hackers can tap into decoded instructions as they move from memory to the processor by listening to the channel between the two. Safeguards exist – namely, the XOM (execution-only memory) processor, which keeps information encrypted until it gets to the processor – but systems that use them are painfully slow.
Methods and Results: The bottleneck in most XOM systems is the decryption procedure: encrypted instructions are first fetched from memory, then decoded, then executed. Jun Yang, an assistant professor of computer science at the University of California, Riverside, and colleagues at Riverside and the University of Texas at Dallas use a security scheme called a one-time pad that can start decryption without the data. The new procedure fetches data and starts the decryption in parallel, so that the processor can act on instructions almost as they arrive. In a simulation, the extra time needed for decryption dropped from 20.8 percent of the computation time in current XOM processors to a mere 1.3 percent.
Why It Matters: Until now, the XOM fix caused a performance slowdown of as much as 42 percent. For some applications, like ATMs and other financial systems, it’s worth the cost. But for interactive applications like video games, sluggish response times – reminiscent of surfing the Internet in the early days – simply are not acceptable. Yang and colleagues’ technique faces sizable hurdles to adoption: devices will need updated software and new processors with extra on-chip memory. Nevertheless, the researchers’ method for improving the performance of encrypted software might be the breakthrough required to produce systems that are both secure and fast.
Source: Yang, J., et al. 2005. Improving memory encryption performance in secure processors. IEEE Transactions on Computers 54:630-640.