A High-Performance Transparent Memory Data Encryption and Authentication Scheme Based on Ascon Cipher

The arbitrarily connected nature of IoT has led to an explosion in the number of embedded devices accessed. These devices typically store and process large amounts of private and critical data. Most of these data are transmitted in plaintext over the bus, which is vulnerable to attacks such as theft, leakage, tampering, and even control flow hijacking. Encryption and authentication of memory data can effectively alleviate these problems. Existing solutions introduce significant performance overhead while providing data protection. Therefore, in this article, we propose a low-latency, high-performance transparent memory data encryption and authentication hardware protection scheme based on Ascon-128, in which the multistage pipeline design and the optimization of address labels effectively reduce the encryption/decryption latency and the size and storage overhead of nonce data. Based on the designed hardware architecture, the performance overhead introduced is evaluated in terms of bandwidth, latency, runtime, and score using multiple test programs on a CVA6-32-bit RISC-V SoC platform. The measured results from TinyMemBench demonstrate that the memory read and write bandwidth introduced by the proposed transparent memory data encryption and authentication scheme is reduced by 10.2% and 5.6%, respectively. For real intensive computational loads, the average runtime of Crystal-Dilithium and Crystal-Kyber increases by 6.32% and 6.42%, respectively, under three different parameter sets.