Improving the Heavy Re-encryption Overhead of Split Counter Mode Encryption for NVM

Emerging non-volatile memory technology enables non-volatile main memory (NVMM) that can provide larger capacity and better energy-saving opportunities than DRAMs. However, its non-volatility raises security concerns, where the data in NVMMs can be taken if the memory is stolen. Thereby, the data must stay encrypted outside the processor boundary. Such encryption requires decryption before the data being used by the processor, adding extra latency to the performance-critical read operations. Split counter mode encryption hides the latency but introduces frequent page re-encryptions as a trade-off. We find that such re-encryption overhead worsens on the NVMM, whose slow latency negates prior optimizations.To mitigate the overhead, we re-design the encryption scheme based on two key observations. First, we observe that NVMMs only need counters that can count up to twice their lifetime. Second, we observe diminishing returns on the counter size as increasing the counter size further does not necessarily decrease the re-encryption frequency. Our new designs re-arrange those inefficiently used bits to reduce the re-encryption overhead. In the tests, our two designs, 3-level split counter mode encryption and 8-block split counter mode encryption, effectively reduce the re-encryption overheads by 63% and 66%, which improve performances by 26% and 30% at maximum and by 8% and 9% on average from the original split counter scheme.