IRO: Integrity and Reliability Enhanced Ring ORAM

TL;DR

IRO enhances Ring ORAM with integrated security and reliability features, reducing overhead while providing strong guarantees against memory access pattern leakage and memory faults in cloud systems.

Contribution

The paper introduces IRO, a novel design that combines integrity verification, error resilience, and fault repair into Ring ORAM, achieving high security and reliability with minimal performance impact.

Findings

IRO adds only 7.54% execution time overhead on average.

IRO reduces execution time by 2.14% with optimized AES-GCM units.

Provides strong security and reliability guarantees for cloud memory systems.

Abstract

Memory security and reliability are two of the major design concerns in cloud computing systems. State-of-the-art memory security-reliability co-designs (e.g. Synergy) have achieved a good balance on performance, confidentiality, integrity, and reliability. However, these works merely rely on encryption to ensure data confidentiality, which has been proven unable to prevent information leakage from memory access patterns. Ring ORAM is an attractive confidential protection protocol to hide memory access patterns to the untrusted storage system. Unfortunately, it does not compatible with the security-reliability co-designs. A forced combination would result in more severe performance loss. In this paper, we propose IRO, an Integrity and Reliability enhanced Ring ORAM design. To reduce the overhead of integrity verification, we propose a low overhead integrity tree RIT and use a Minimum Update Subtree Tree (MUST) to reduce metadata update overhead. To improve memory reliability, we present Secure Replication to provide channel-level error resilience for the ORAM tree and use the mirrored channel technique to guarantee the reliability of the MUST. Last, we use the error correction pointer (ECP) to repair permanent memory cell fault to further improve device reliability and lifetime. A compact metadata design is used to reduce the storage and consulting overhead of the ECP. IRO provides strong security and reliability guarantees, while the resulting storage and performance overhead is very small. Our evaluation shows that IRO only increases 7.54% execution time on average over the Baseline under two channels four AES-GCM units setting. With enough AES-GCM units to perform concurrent MAC computing, IRO can reduce 2.14% execution time of the Baseline.