Cachet: A High-Performance Joint-Subtree Integrity Verification for Secure Non-Volatile Memory

Abstract

Data confidentiality, integrity, and persistence are essential in secure non-volatile memory (NVM) systems. However, the cost of persisting all affected security metadata is high and leads to non-negligible overheads, including performance degradation, memory lifetime reduction, and high energy consumption. This is because integrity trees, which are typically used for data authentication of NVMs, require additional cryptographic calculations and memory accesses to persist the metadata for the recovery. In this paper, we propose Cachet, a novel integrity verification scheme that leverages set hash functions to achieve high performance and crash consistency. Specifically, Cachet maintains two set hash values representing the metadata cache state to enable the lazy update of the integrity tree in a joint-subtree manner with minimal overheads. The observation that underlies Cachet is that regarding the metadata cache, the integrity of each cached node is never verified individually, and the recovery process requires just the digest of the cached metadata. Our evaluation results show that Cachet reduces the application execution time by 21%, NVM writes by 30%, and hash calculations by 36% compared to the state-of-art solutions.