Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Scattered Memory: Rethinking Secure Enclave Memory with Secret Sharing

Haoran Geng, Yuezhi Che, Dazhao Chen, Michael Niemier, Xiaobo Sharon Hu

TL;DR

This paper introduces Secure Scattered Memory (SSM), a memory-protection scheme that replaces traditional counter-based encryption with secret sharing to achieve confidentiality, integrity, and freshness without Merkle Tree metadata. By encoding data as t-of-N shares scattered across memory and regenerating shares on each write, SSM eliminates the need for on-chip MTs and VN updates while resisting replay attacks through dynamic relocation. The authors implement and synthesize SSM in a 28 nm process, demonstrating a small silicon area and modest power, and show performance overheads around 8–10% relative to AES-XTS and AES-GCM, with substantial gains over state-of-the-art SGXv1-like designs on irregular workloads. Overall, SSM offers a scalable, hardware-feasible secure memory solution with strong security guarantees and broad applicability beyond specialized accelerators.

Abstract

The rise of cloud computing demands secure memory systems that ensure data confidentiality, integrity, and freshness against replay attacks. Existing schemes such as AES-XTS, AES-GCM, and AES-CTR each trade performance for security, with only AES-CTR plus Message Authentication Codes (MAC) and Merkle Trees (MT) providing full protection - at the cost of substantial counter and MT overhead. This paper introduces Secure Scattered Memory (SSM), a novel scheme that replaces counter-based encryption with polynomial-based secret sharing. Each data block is encoded into multiple cryptographically independent shares distributed across memory, inherently preventing information leakage while ensuring integrity and freshness through mathematical reconstruction properties. Implemented and synthesized in a 28 nm commercial PDK, SSM occupies 0.27 mm^2 and consumes 284.53 mW. Experiments show only 10% and 8% performance overhead over AES-XTS and AES-GCM, respectively, while outperforming Morphable Counter (MICRO 2018) by up to 40%, achieving 12% better performance than EMCC/RMCC (MICRO 2022), and exceeding COSMOS (MICRO 2025) by 3%.

Secure Scattered Memory: Rethinking Secure Enclave Memory with Secret Sharing

TL;DR

This paper introduces Secure Scattered Memory (SSM), a memory-protection scheme that replaces traditional counter-based encryption with secret sharing to achieve confidentiality, integrity, and freshness without Merkle Tree metadata. By encoding data as t-of-N shares scattered across memory and regenerating shares on each write, SSM eliminates the need for on-chip MTs and VN updates while resisting replay attacks through dynamic relocation. The authors implement and synthesize SSM in a 28 nm process, demonstrating a small silicon area and modest power, and show performance overheads around 8–10% relative to AES-XTS and AES-GCM, with substantial gains over state-of-the-art SGXv1-like designs on irregular workloads. Overall, SSM offers a scalable, hardware-feasible secure memory solution with strong security guarantees and broad applicability beyond specialized accelerators.

Abstract

The rise of cloud computing demands secure memory systems that ensure data confidentiality, integrity, and freshness against replay attacks. Existing schemes such as AES-XTS, AES-GCM, and AES-CTR each trade performance for security, with only AES-CTR plus Message Authentication Codes (MAC) and Merkle Trees (MT) providing full protection - at the cost of substantial counter and MT overhead. This paper introduces Secure Scattered Memory (SSM), a novel scheme that replaces counter-based encryption with polynomial-based secret sharing. Each data block is encoded into multiple cryptographically independent shares distributed across memory, inherently preventing information leakage while ensuring integrity and freshness through mathematical reconstruction properties. Implemented and synthesized in a 28 nm commercial PDK, SSM occupies 0.27 mm^2 and consumes 284.53 mW. Experiments show only 10% and 8% performance overhead over AES-XTS and AES-GCM, respectively, while outperforming Morphable Counter (MICRO 2018) by up to 40%, achieving 12% better performance than EMCC/RMCC (MICRO 2022), and exceeding COSMOS (MICRO 2025) by 3%.
Paper Structure (41 sections, 6 equations, 13 figures, 3 tables)

This paper contains 41 sections, 6 equations, 13 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Memory Encryption
  4. AES-XTS and AES-GCM
  5. SGXv1-like
  6. Secret Sharing
  7. Observations and Motivations
  8. Analysis on Secure Memory
  9. Secure Memory Performance Analysis
  10. Current Solutions and Their Limitations
  11. Rethinking Secure Memory Design
  12. Secure Scattered Memory Architecture
  13. Threat Model
  14. SSM Overview
  15. Data Segmentation
  16. ...and 26 more sections

Figures (13)

  • Figure 1: SGXv1-like memory protection scheme
  • Figure 2: Normalized memory access overhead of encryption schemes. (a) ML Benchmarks and (b) Graph Benchmarks. AES-XTS is the left bar, AES-GCM is the middle bar, and SGXv1-like is the right bar. All values are normalized to data access.
  • Figure 3: The high-level overview of (a) SSM design, (b) data segmentation process, (c) data reconstruction process.
  • Figure 4: SSM address mapping.
  • Figure 5: SSM prevents replay attacks through dynamic share relocation.
  • ...and 8 more figures