SecDDR: Enabling Low-Cost Secure Memories by Protecting the DDR Interface

TL;DR

SecDDR is a low-cost, practical solution for memory confidentiality and integrity in direct-attached DDR memories, offering significant security with minimal performance overhead and compatibility with existing protocols.

Contribution

SecDDR introduces a novel, low-cost replay-attack protection method that does not alter DDR protocols and is suitable for widespread deployment in untrusted memory modules.

Findings

SecDDR performs within 1% of encryption-only memory without RAP.

SecDDR improves performance by 18.8% over integrity trees.

SecDDR enhances performance by 7.8% over authenticated channels.

Abstract

The security goals of cloud providers and users include memory confidentiality and integrity, which requires implementing Replay-Attack protection (RAP). RAP can be achieved using integrity trees or mutually authenticated channels. Integrity trees incur significant performance overheads and are impractical for protecting large memories. Mutually authenticated channels have been proposed only for packetized memory interfaces that address only a very small niche domain and require fundamental changes to memory system architecture. We propose SecDDR, a low-cost RAP that targets direct-attached memories, like DDRx. SecDDR avoids memory-side data authentication, and thus, only adds a small amount of logic to memory components and does not change the underlying DDR protocol, making it practical for widespread adoption. In contrast to prior mutual authentication proposals, which require trusting the entire memory module, SecDDR targets untrusted modules by placing its limited security logic on the DRAM die (or package) of the ECC chip. Our evaluation shows that SecDDR performs within 1% of an encryption-only memory without RAP and that SecDDR provides 18.8% and 7.8% average performance improvements (up to 190.4% and 24.8%) relative to a 64-ary integrity tree and an authenticated channel, respectively.