ELM: A Low-Latency and Scalable Memory Encryption Scheme

Memory encryption (ME) with authentication is becoming a key security feature of modern processors, as evident by the adoption of ME by Intel's SGX. Recently ME is actively studied from the viewpoint of system architecture. This paper studies ME from the viewpoint of symmetric-key cryptographic designs, with a primal focus on latency. A significant progress in such a direction can he observed in the SGX Integrity Tree (SIT). Using a variant of AES-GCM, SIT achieves an excellent latency. However, it has a scalability issue. By carefully examining SIT, we develop a new ME scheme clubbed ELM. We present an AES-based instantiation of ELM, and show that ELM significantly reduces latency from SIT for large memories, and achieves the provable security and equivalent hardware-protected (on-chip) area. We also present preliminary hardware implementations to substantiate our advantages.