Search

US-12627467-B2 - Memory transaction protection methods and circuitry

US12627467B2US 12627467 B2US12627467 B2US 12627467B2US-12627467-B2

Abstract

Described herein, in certain embodiments, are computer-implemented memory protection systems comprising: a memory; and circuitry comprising an encryption algorithm and configured to perform operations comprising: encrypt, using the encryption algorithm, write operations to the memory; and decrypt, using the encryption algorithm, read operations from the memory. Further provided herein, in certain embodiments, are computer implemented method for memory protection.

Inventors

  • Ayanava CHAKRABORTY
  • Raghu Kondapalli
  • Gopi SIRINENI

Assignees

  • AXIADO CORPORATION

Dates

Publication Date
20260512
Application Date
20230306

Claims (20)

  1. 1 . A computer-implemented memory protection system comprising: a) a memory partitioned into a plurality of blocks, wherein a block size of the plurality of blocks is based on an encryption algorithm; and b) a circuitry configured to execute memory read or memory write transactions with the memory, the circuitry comprising the encryption algorithm and configured to perform operations comprising: i) encrypt, using the encryption algorithm, write operations to the memory; and ii) decrypt, using the encryption algorithm, read operations from the memory; wherein the encryption algorithm comprises the block size; wherein the encryption algorithm comprises a pipeline comprising a plurality of stages, each stage conducting a round of an encryption operation, passing data computed to a next stage until a final stage is reached, and comprising a key scheduler; wherein the encryption algorithm comprises a number of rounds for the encryption operation, wherein the block size or the number of rounds of encryption is user configurable through a user interface, and wherein the block size or the number of rounds for the encryption operation is set at boot-time and cannot be changed at run-time.
  2. 2 . The system of claim 1 , wherein the memory is implemented on a chip with the circuitry.
  3. 3 . The system of claim 1 , wherein the memory implemented external to the circuitry.
  4. 4 . The system of claim 1 , wherein the circuit is configured to encrypt all write transactions with the memory.
  5. 5 . The system of claim 1 , wherein the encryption algorithm comprises an XTS-AES algorithm and the encryption operation comprises an AES encryption operation.
  6. 6 . The system of claim 1 , wherein the block size is 64, 128, 256, or 512 bytes.
  7. 7 . The system of claim 1 , wherein the block size has a minimum of 64 bytes.
  8. 8 . The system of claim 1 , wherein the block size has a maximum of 512 bytes.
  9. 9 . The system of claim 1 , wherein the number of rounds for the encryption operation is 4, 5, 6, 7, 8, 9, or 10.
  10. 10 . The system of claim 1 , wherein the number of rounds for the encryption operation has a minimum of 4 or a maximum of 10.
  11. 11 . The system of claim 1 , wherein the key scheduler of each stage is configured to generate and store a round key for use thereby allowing the pipeline to take in data blocks back-to-back and allowing a remaining output data to be produced back-to-back after an initial latency.
  12. 12 . The system of claim 1 , wherein the pipeline comprises a 4-bit select bit to configure the number of rounds for the encryption operation.
  13. 13 . The system of claim 1 , wherein the pipeline comprises 10 stages.
  14. 14 . The system of claim 1 , wherein the pipelined allows the system to process successive data blocks back-to-back without waiting for completion of all encryption rounds for a previous data block.
  15. 15 . A computer-implemented method of a memory protection system that comprises circuitry configured to execute memory read or memory write transactions within a memory and further comprises an encryption algorithm, the method comprising: a) providing an interface allowing a user to configure a block size used by the encryption algorithm; b) providing an interface allowing the user to configure a number of rounds for an encryption operation performed by the encryption algorithm; c) partitioning the memory into a plurality of blocks based on the block size; d) encrypting, utilizing the encryption algorithm, write operations to the memory, the encryption algorithm comprising a pipeline comprising a plurality of stages, each stage conducting a round of the encryption operation, passing data computed to a next stage until a final stage is reached, and comprising a key scheduler; and e) decrypting, utilizing the encryption algorithm, read operations from the memory, the decrypting performed by the encryption algorithm, wherein the block size or the number of rounds for the encryption operation is set at boot time and cannot be changed at run-time.
  16. 16 . The method of claim 15 , wherein d) and e) are performed by the circuitry, and wherein the memory is implemented on a chip with the circuitry.
  17. 17 . The method of claim 15 , wherein d) and e) are performed by the circuitry, and wherein the memory is implemented external to the circuitry.
  18. 18 . The method of claim 15 , wherein the encrypting and decrypting are performed on all transactions with the memory.
  19. 19 . The method of claim 15 , wherein the encryption algorithm comprises an XTS-AES algorithm and the encryption operation comprises an AES encryption operation.
  20. 20 . The method of claim 15 , wherein the block size is 64, 128, 256, or 512 bytes.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Application No. 63/317,912, filed Mar. 8, 2022, which is incorporated herein by reference in its entirety. BACKGROUND Physical sniffing of memory transactions to gain access to data has been on the rise in many server, network, and other infrastructure deployments. Therefore, there is a need to address this vulnerability to offer security protection against malicious actors in a data center, telecom, or any other environment. SUMMARY Security protections required by today's complex networks include the ability to prevent physical sniffing of memory transactions by malicious actors. These threats may be in a data center, telecom, or any other environment where information is being written to and read from a memory. During such network threats, information (e.g., in network packets) may be accessed by malicious actor, which can result in compromised sensitive information or personal information. Therefore, a security architecture that is compatible to various types of industrial models is needed to prevent malicious actors from gaining access to such information. One way to address this vulnerability in many of today's server, network and other infrastructure deployments is to provide a security pipeline comprising encryption operations with user configurability. Encryption operations can be performed by an encryption algorithm that encrypts transactions on the way to the memory (e.g., write operations) and decrypts data on the way back from memory (e.g., read operations). The encryption operation can comprise a plurality of stages and various block sizes specified by a user depending on the task at hand, which can allow for improved efficiency and performance. Such a security pipeline can prevent a malicious actor aiming access information stored in the memory, while providing a user high specificity to streamline memory protection. In one aspect, disclosed herein are computer-implemented memory protection system comprising: a memory; and circuitry comprising an encryption algorithm and configured to perform operations comprising: encrypt, using the encryption algorithm, write operations to the memory; and decrypt, using the encryption algorithm, read operations from the memory; wherein the encryption algorithm comprises a user configurable block size and partitions the memory based on the user configurable block size; wherein the encryption algorithm comprises a pipelined design comprising a plurality of stages, each stage conducting a round of an encryption operation, passing data computed to a next stage until a final stage is reached, and comprising its own key scheduler; and wherein the encryption algorithm comprises a user configurable number of rounds for the encryption operation. In some embodiments, the memory is implemented on a chip with the circuitry. In some embodiments, the memory implemented external to the circuitry. In some embodiments, the system is configured to encrypt all transactions with the memory. In some embodiments, the encryption algorithm comprises an XTS-AES algorithm and the encryption operation comprises an AES encryption operation. In some embodiments, the block size is user configurable through a user interface. In some cases, the block size is set at boot-time and cannot be changed at run-time. In some embodiments, the number of rounds for the encryption operation is user configurable through a user interface. In some cases, the number of rounds for the encryption operation is set at boot-time and cannot be changed at run-time. In some embodiments, the block size is 64, 128, 256, or 512 bytes. In some embodiments, the block size has a minimum of 64 bytes. In some embodiments, the block size has a maximum of 512 bytes. In some embodiments, the number of rounds for the encryption operation is 4, 5, 6, 7, 8, 9, or 10. In some embodiments, the number of rounds for the encryption operation has a minimum of 4. In some embodiments, the number of rounds for the encryption operation has a maximum of 10. In some embodiments, the pipeline comprises a 4-bit select bit to configure the number of rounds for the encryption operation. In some embodiments, the pipeline comprises 10 stages. In another aspect, disclosed herein are computing devices comprising the memory protection system comprising: a memory; and circuitry comprising an encryption algorithm and configured to perform operations comprising: encrypt, using the encryption algorithm, write operations to the memory; and decrypt, using the encryption algorithm, read operations from the memory; wherein the encryption algorithm comprises a user configurable block size and partitions the memory based on the user configurable block size; wherein the encryption algorithm comprises a pipelined design comprising a plurality of stages, each stage conducting a round of an encryption operation, passing data computed to a next stage until a final st