Faster security for non-volatile memory tech
The new encryption technique, say the researchers, also permits faster performance than existing software security technologies.
“NVMs are an emerging technology that allows rapid access to the data, and retains data even when a system crashes or loses power,” says Amro Awad, senior author of a paper on the work and an assistant professor of electrical and computer engineering at North Carolina State University. “However, the features that give NVMs these attractive characteristics also make it difficult to encrypt files on NVM devices – which raises security concerns. We’ve developed a way to secure files on NVM devices without sacrificing the speed that makes NVMs attractive.”
Traditionally, computers have used two types of data storage: Dynamic random access memory (DRAM) allows quick access to stored data, but will lose that data if the system crashes, while long-term storage technologies, such as hard drives, are good at retaining data even if a system loses power – but store the data in a way that makes it slower to access.
NVMs combine the best features of both technologies. However, securing files on NVM devices can be challenging. Their technique, say the researchers, allows for file-level encryption in fast NVM memories, while cutting the related execution time significantly.
Existing methods for file system encryption use software, which is not particularly fast. Historically, say the researchers, this wasn’t a problem because the technologies for accessing file data from long-term storage devices weren’t particularly fast either.
“But now that NVMs are allowing faster access to file data,” says Kazi Abu Zubair, first author of the paper and a Ph.D. student at NC State, “the software approach to file encryption has become a problem, because it slows down overall operations. To address this challenge, we’ve developed a novel architecture that incorporates some elements of the encryption and decryption process into hardware, which is faster than software. As a result, processes that allow users to store and retrieve file data securely are significantly faster.”
In simulations, the researchers say they found that using their novel encryption architecture to secure files in NVMs slowed down operations by 3.8%, when running workloads that were representative of real-world applications. When using software approaches to provide security for the same workloads, operations slowed by about 200%.
“If this was implemented in commercial processors, it would significantly improve performance for secure file operation in large data centers and cloud systems,” says Zubair.
While their work addresses file encryption, the researchers think it is important to also assess other security functions – such as auditing and run-time ransomware detection – in the context of direct access file systems. Addressing those security functions using traditional software approaches can also slow system performance, but the researchers say they are optimistic that their hybrid hardware/software approach may be able to improve performance for those functions as well, and are exploring that possibility.
The paper, “Filesystem Encryption or Direct-Access for NVM Filesystems? Let’s Have Both!,” was presented at the 28th IEEE International Symposium on High-Performance Computer Architecture (HPCA-22).