Counter Overflow-Aware Optimization Technique for Secure Re-Encryption Delay in Non-Volatile Memory

Non-Volatile Memory (NVM), with its advantages of data persistence after power loss, high density, and large capacity, has become a significant focus of research in both academia and industry. However, this persistence characteristic also makes NVM more susceptible to security threats such as unauthorized access and data tampering. To address this, researchers have proposed a series of security mechanisms to ensure data confidentiality and integrity during NVM storage and access. Typically, secure NVM systems employ encryption and integrity verification techniques. However, direct encryption of NVM can lead to write amplification issues, resulting in performance bottlenecks such as increased write latency and energy consumption. To tackle this issue, this paper proposes a Counter Overflow-Aware Non-Volatile Memory Secure Re-encryption Delay optimization technique (ERED), which includes two schemes: W-ERED and L-ERED. The re-encryption frequency of a data line is often determined by its most frequently updated word. W-ERED accurately identifies frequently overflowing words by setting flag bits for local counters. When a local counter overflows, only the overflowing word is encrypted using a new line counter, while non-overflowing words are still encrypted with the old line counter, thereby avoiding unnecessary re-encryptions. Building upon this, the L-ERED scheme considers that the re-encryption speed of a data page is primarily affected by the data line with the highest overflow frequency within that page. By setting overflow flags for line counters, L-ERED ensures that only overflowing data lines are re-encrypted using the main counter upon overflow, significantly reducing the granularity of data blocks requiring re-encryption due to "line counter overflow." Furthermore, to further optimize write overhead and enhance system crash recovery capabilities, this paper proposes an improved scheme, STAR+. STAR+ introduces a counter write filtering mechanism, where counters are written to NVM only when their updates in the cache reach a preset threshold, thereby reducing write operations. During crash recovery, STAR+ leverages the Osiris technique, employing shadow counters to record incremental updates. For recovery, it reads persisted counter values, applies logged increments, verifies their correctness, and reconstructs the counter state. Additionally, STAR+ restores the integrity tree by updating the MAC values of leaf and parent nodes and recursively calculating upper-level hash values, ensuring data and metadata consistency. Experimental results demonstrate that the ERED series of schemes achieve significant improvements in encryption overhead optimization: compared to SECRET, W-ERED reduces average bit flips by 5%, write latency by 11%, and write energy by 6%, with only an 8/512 increase in storage overhead. In the L-ERED scheme, the number of re-encrypted lines is only 26.7% of that in the BASE scheme and 47.7% of that in the RSR scheme, requiring only an additional 1/512 storage overhead, thereby significantly reducing the re-encryption overhead during line counter overflows. Moreover, regarding crash consistency assurance, STAR+ demonstrates superior performance compared to its predecessor, STAR, with 9.8% fewer NVM writes, a 3.1% reduction in performance overhead, and recovery time comparable to STAR.