Non-volatile memory (NVM) or non-volatile storage is a type of computer memory that can retain stored information even after power is removed. Volatile memory, on the other hand, requires constant power to retain data. Non-volatile memory typically refers to storage in semiconductor memory chips, which store data in floating-gate memory cells made up of floating-gate MOSFETs (metal–oxide–semiconductor field-effect transistors), including flash memory storage such as NAND flash and solid-state drives (SSD).
Researchers have developed a technique that combines hardware and software to improve file system security for next-generation memory technologies known as non-volatile memories (NVMs). The new encryption technique also allows for faster performance than existing software security technologies.
“NVMs are an emerging technology that allows rapid access to data and retains data even when a system crashes or loses power,” says Amro Awad, an assistant professor of electrical and computer engineering at North Carolina State University and senior author of a paper on the work. “However, the features that make NVMs so appealing also make it difficult to encrypt files on NVM devices, raising security concerns. We’ve created a method for securing files on NVM devices without sacrificing the speed that makes NVMs appealing.”
Our technique enables file-level encryption in fast NVM memories while significantly reducing the associated execution time.
Kazi Abu Zubair
“Our technique enables file-level encryption in fast NVM memories while significantly reducing the associated execution time,” says Kazi Abu Zubair, first author of the paper and a Ph.D. student at NC State.
Computers have traditionally used two types of data storage. DRAM (dynamic random access memory) allows for quick access to stored data but loses that data if the system crashes. Long-term storage technologies, such as hard drives, are good at retaining data even if a system loses power – but they do so in a way that makes accessing the data more difficult.
NVMs bring together the best features of both technologies. Securing files on NVM devices, on the other hand, can be difficult. Existing methods for file system encryption rely on software, which is slow. Historically, this was not a problem because the technologies for accessing file data from long-term storage devices were also slow.
“But now that NVMs are allowing faster access to file data, the software approach to file encryption has become a problem, because it slows down overall operations,” Abu Zubair says.
“To address this challenge, we’ve developed a novel architecture that incorporates some elements of the encryption and decryption process into hardware, which is faster than software. As a result, processes that allow users to store and retrieve file data securely are significantly faster.”
Nonvolatile memory is most commonly used for secondary storage or long-term persistent storage. The most common type of primary storage today is a volatile form of random access memory (RAM), which means that anything stored in RAM is lost when the computer is turned off. However, the majority of nonvolatile memory has limitations that make it unsuitable for primary storage. Non-volatile memory typically costs more, has lower performance, and has a shorter lifetime than volatile random access memory.
Electrically addressed systems (read-only memory) and mechanically addressed systems are two types of nonvolatile data storage (hard disks, optical disc, magnetic tape, holographic memory, and such). In general, electrically addressed systems are more expensive, have limited capacity, but are faster, whereas mechanically addressed systems are less expensive per bit but slower.
In simulations, the researchers discovered that using their novel encryption architecture to secure files in NVMs slowed operations by 3.8 percent when running workloads representative of real-world applications. When using software approaches to provide security for the same workloads, operations slowed by about 200 percent.
“If this were implemented in commercial processors, it would significantly improve performance for secure file operation in large data centers and cloud systems,” says Abu Zubair.
“While this work focuses on file encryption, we believe it is critical to evaluate other security functions in the context of direct access file systems, such as auditing and run-time ransomware detection,” says Awad. “Moreover, addressing those security functions with traditional software approaches can reduce system performance. We’re hopeful that our hybrid hardware/software approach will improve performance for those functions as well; this is something we’re looking into.”
