research-article

Public Access

Fault injection attacks on emerging non-volatile memory and countermeasures

Authors:

Mohammad Nasim Imtiaz Khan,

Swaroop GhoshAuthors Info & Claims

HASP '18: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy

Article No.: 10, Pages 1 - 8

https://doi.org/10.1145/3214292.3214302

Published: 02 June 2018 Publication History

Abstract

Emerging Non-Volatile Memories (NVMs) suffer from high and asymmetric read/write current and long write latency which can result in supply noise such as supply voltage droop and ground bounce. The magnitude of supply noise depends on the old data and the new data that is being written (for write operation) or on the stored data (for read operation). In this paper, we show that the adversary can write specific data pattern (that results in deterministic supply noise) in their memory space to launch, i) Denial of Service (DoS) attack (total write failure), and ii) specific polarity fault (i.e., fault injection) attack in victim's memory space sharing the same power rails with the adversary's memory space. These attacks are specifically possible if exhaustive testing of the memory for all patterns, all possible location combinations, all possible parallel read/write conditions are not performed under bit-to-bit process variations and, specified (−10°C to 90°C) and unspecified temperature ranges (i.e., less than -10°C and greater than 90°C). Simulation result indicates that adversary can launch DoS attack on victim's write operation by injecting more than 120mV of supply noise to victim's write location. The adversary can also launch 0 → 1 polarity fault injection attack on victim's write operation by injecting supply noise greater than 50mV but shorter than 120mV to victim's write location. Furthermore, the adversary can cause data '1' read failure by injecting more than 150mV of supply noise to victim's read location.

References

[1]

A. Nigam, C. W. Smullen, V. Mohan, E. Chen, S. Gurumurthi, and M. R. Stan, "Delivering on the promise of universal memory for spin-transfer torque ram (STT-RAM)," in IEEE/ACM International Symposium on Low Power Electronics and Design, pp. 121--126, Aug 2011.

Digital Library

[2]

D. C. Worledge, G. Hu, P. L. Trouilloud, D. W. Abraham, S. Brown, M. C. Gaidis, J. Nowak, E.J. O'Sullivan, R. P. Robertazzi, J. Z. Sun, and W.J. Gallagher, "Switching distributions and write reliability of perpendicular spin torque MRAM," in 2010 International Electron Devices Meeting, pp. 12.5.1--12.5.4, Dec 2010.

[3]

Y. Wu, S. Yu, X. Guan, and H. S. P. Wong, "Recent progress of resistive switching random access memory (RRAM)," in 2012 IEEE Silicon Nanoelectronics Workshop (SNW), pp. 1--4, June 2012.

[4]

A. Pirovano, A. L. Lacaita, F. Pellizzer, S. A. Kostylev, A. Benvenuti, and R. Bez, "Low-field amorphous state resistance and threshold voltage drift in chalcogenide materials," IEEE Transactions on Electron Devices, vol. 51, pp. 714--719, May 2004.

[5]

Y. M. Kang and S. Y. Lee, "The challenges and directions for the mass-production of highly-reliable, high-density 1T1C FRAM," in 2008 17th IEEE International Symposium on the Applications of Ferroelectrics, vol. 1, pp. 1--2, Feb 2008.

[6]

"16Mb 256K x 16 MRAM Memory - Everspin." https://www.everspin.com/file/882/download, 2015. {Online; accessed May-03-2018}.

[7]

"RM24C256DS, 256-Kbit 1.65V Minimum Non-volatile Serial EEPROM I2C Bus." http://www.adestotech.com/wp-content/uploads/RM24C256DS_085.pdf, 2016. {Online; accessed May-03-2018}.

[8]

"Intel Optane Memory Series." https://ark.intel.com/products/97544/Intel-Optane-Memory-Series-16GB-M_2--80mm-PCIe-3_0-20nm-3D-Xpoint, 2015. {Online; accessed May-03-2018}.

[9]

"FM28V102A 1-Mbit (64 K X 16) F-RAM Memory." http://www.cypress.com/file/140901/download, 2015. {Online; accessed May-03-2018}.

[10]

A. Chen, "A review of emerging non-volatile memory (nvm) technologies and applications" Solid-State Electronics, vol. 125, pp. 25 -- 38, 2016. Extended papers selected from ESSDERC 2015.

[11]

C. J. Xue, G. Sun, Y. Zhang, J. J. Yang, Y. Chen, and H. Li, "Emerging nonvolatile memories: Opportunities and challenges," in 2011 Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS), pp. 325--334, Oct 2011.

Digital Library

[12]

A. De, M. N. I. Khan, J. Park, and S. Ghosh, "Replacing eflash with sttram in iots: Security challenges and solutions," Journal of Hardware and Systems Security, vol. 1, pp. 328--339, Dec 2017.

[13]

S. Motaman, M. N. I. Khan, and S. Ghosh, "Novel application of spintronics in computing, sensing, storage and cybersecurity" in 2018 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 125--130, March 2018.

[14]

J.-W. Jang, J. Park, S. Ghosh, and S. Bhunia, "Self-correcting STTRAM under magnetic field attacks," in Proceedings of the 52Nd Annual Design Automation Conference, DAC '15, (New York, NY, USA), pp. 77:1--77:6, ACM, 2015.

Digital Library

[15]

S. Ghosh, M. N. I. Khan, A. De, and J. W. Jang, "Security and privacy threats to on-chip Non-Volatile Memories and countermeasures," in 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1--6, Nov 2016.

Digital Library

[16]

K. Shamsi and Y. Jin, "Security of emerging non-volatile memories: Attacks and defenses," in 2016 IEEE 34th VLSI Test Symposium (VTS), pp. 1--4, April 2016.

[17]

M. N. I. Khan, S. Bhasin, A. Yuan, A. Chattopadhyay, and S. Ghosh, "Side-channel attack on STTRAM based cache for cryptographic application," in 2017 IEEE International Conference on Computer Design (ICCD), pp. 33--40, Nov 2017.

[18]

R. K. Aluru and S. Ghosh, "Droop mitigating last level cache architecture for STTRAM," in Proceedings of the Conference on Design, Automation & Test in Europe, DATE '17, (3001 Leuven, Belgium, Belgium), pp. 262--265, European Design and Automation Association, 2017.

Digital Library

[19]

M.-J. Lee, C. B. Lee, D. Lee, S. R. Lee, M. Chang, J. H. Hur, Y.-B. Kim, C.-J. Kim, D. H. Seo, S. Seo, U.-I. Chung, I.-K. Yoo, and K. Kim, "A fast, high-endurance and scalable non-volatile memory device made from asymmetric Ta2O5-x/TaO2-x bilayer structures," Nature Materials, vol. 10, pp. 625 EP -, Jul 2011. Article.

[20]

S. Bhattacharya and D. Mukhopadhyay, "Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers," Journal of Cryptographic Engineering, vol. 7, pp. 299--310, Nov 2017.

[21]

Y. Cai, S. Ghose, Y. Luo, K. Mai, O. Mutlu, and E. F. Haratsch, "Vulnerabilities in MLC NAND flash memory programming: Experimental analysis, exploits, and mitigation techniques," in 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA), pp. 49--60, Feb 2017.

[22]

P. Y. Chen and S. Yu, "Compact modeling of RRAM devices and its applications in 1T1R and 1S1R array design," IEEE Transactions on Electron Devices, vol. 62, pp. 4022--4028, Dec 2015.

[23]

"Interconnect: Capacitance and Resistance for 65nm technology." http://ptm.asu.edu/, 2005. {Online; accessed May-03-2018}.

[24]

"Wire Capacitance and Resistance Calculator for 65nm." http://users.ece.utexas.edu/~mcdermot/vlsi-2/Wire_Capacitance_and_Resistance_65nm.xls, 2008. {Online; accessed May-03-2018}.

[25]

I. Shao, J. M. Cotte, B. Haran, A. W. Topol, E. E. Simonyi, C. Cabral, and H. Deligianni, "An alternative low resistance MOL technology with electroplated rhodium as contact plugs for 32nm CMOS and beyond," in 2007 IEEE International Interconnect Technology Conferencee, pp. 102--104, June 2007.

[26]

X. Li, W. Zhao, Y. Cao, Z. Zhu, J. Song, D. Bang, C. C. Wang, S. H. Kang, J. Wang, M. Nowak, and N. Yu, "Pathfinding for 22nm CMOS designs using Predictive Technology Models" in 2009 IEEE Custom Integrated Circuits Conference, pp. 227--230, Sept 2009.

[27]

T. D. Happ, H. L. Lung, and T. Nirschl, "Current compliant sensing architecture for multilevel phase change memory," 2009. Patent No. US7515461B2, Filed January 5th, 2007, Issued April 7th., 2009.

[28]

S. H. Choday, S. K. Gupta, and K. Roy, "Write-optimized STT-MRAM bit-cells using asymmetrically doped transistors," IEEE Electron Device Letters, vol. 35, pp. 1100--1102, Nov2014.

Cited By

Muttaki MRahman MKulkarni ATehranipoor MFarahmandi F(2024)FTC: A Universal Framework for Fault-Injection Attack Detection and PreventionIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2024.338453132:7(1311-1324)Online publication date: Jul-2024
https://doi.org/10.1109/TVLSI.2024.3384531
Tisha ZMuldavin JGuin U(2024)Exploring Security Solutions and Vulnerabilities for Embedded Non-Volatile Memories2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00072(361-366)Online publication date: 1-Jul-2024
https://doi.org/10.1109/ISVLSI61997.2024.00072
Sapui BMeschkov STahoori M(2024)Side-Channel Attack with Fault Analysis on Memristor-based Computation-in-Memory2024 IEEE 30th International Symposium on On-Line Testing and Robust System Design (IOLTS)10.1109/IOLTS60994.2024.10616088(1-7)Online publication date: 3-Jul-2024
https://doi.org/10.1109/IOLTS60994.2024.10616088
Show More Cited By

Index Terms

Fault injection attacks on emerging non-volatile memory and countermeasures
1. Hardware
  1. Emerging technologies
    1. Memory and dense storage
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures

Recommendations

Information Leakage Attacks on Emerging Non-Volatile Memory and Countermeasures
ISLPED '18: Proceedings of the International Symposium on Low Power Electronics and Design

Emerging Non-Volatile Memories (NVMs) suffer from high and asymmetric read/write current and long write latency which can result in supply noise, such as supply voltage droop and ground bounce. The magnitude of supply noise depends on the old data and ...
Faults, Injection Methods, and Fault Attacks

In a fault attack, errors are induced during the computation of a cryptographic algorithm, and the faulty results are exploited to extract information about the secret key in embedded systems. Fault attacks can break an unprotected system more quickly ...
QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks
DSD '15: Proceedings of the 2015 Euromicro Conference on Digital System Design

Physical attacks, such as fault attacks, pose a decisive threat for the security of devices in the Internet of Things. An important class of countermeasures for fault attacks is fault tolerant software that is applicable for systems based on COTS ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

HASP '18: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy

June 2018

84 pages

ISBN:9781450365000

DOI:10.1145/3214292

Conference Chairs:
Jakub Szefer
Yale University
,
Weidong Shi
University of Houston
,
Ruby B. Lee
Princeton University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Semiconductor Research Corporation
National Science Foundation
DARPA Young Faculty Award

Conference

HASP '18

HASP '18: Hardware and Architectural Support for Security and Privacy

June 2, 2018

California, Los Angeles

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
835
Total Downloads

Downloads (Last 12 months)243
Downloads (Last 6 weeks)31

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Muttaki MRahman MKulkarni ATehranipoor MFarahmandi F(2024)FTC: A Universal Framework for Fault-Injection Attack Detection and PreventionIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2024.338453132:7(1311-1324)Online publication date: Jul-2024
https://doi.org/10.1109/TVLSI.2024.3384531
Tisha ZMuldavin JGuin U(2024)Exploring Security Solutions and Vulnerabilities for Embedded Non-Volatile Memories2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00072(361-366)Online publication date: 1-Jul-2024
https://doi.org/10.1109/ISVLSI61997.2024.00072
Sapui BMeschkov STahoori M(2024)Side-Channel Attack with Fault Analysis on Memristor-based Computation-in-Memory2024 IEEE 30th International Symposium on On-Line Testing and Robust System Design (IOLTS)10.1109/IOLTS60994.2024.10616088(1-7)Online publication date: 3-Jul-2024
https://doi.org/10.1109/IOLTS60994.2024.10616088
Goswami BSuri M(2024)Experimental Investigation of EM Side Channel and FI Attacks on Commercial FRAM Chips2024 8th IEEE Electron Devices Technology & Manufacturing Conference (EDTM)10.1109/EDTM58488.2024.10511546(1-3)Online publication date: 3-Mar-2024
https://doi.org/10.1109/EDTM58488.2024.10511546
Staudigl FFetz TPelke RSisejkovic DJoseph JPöhls LLeupers R(2023)Invited Paper: A Holistic Fault Injection Platform for Neuromorphic Hardware2023 IEEE 24th Latin American Test Symposium (LATS)10.1109/LATS58125.2023.10154482(1-6)Online publication date: 21-Mar-2023
https://doi.org/10.1109/LATS58125.2023.10154482
Chakraborty SDas TSuri M(2023)Investigation of Voltage Fault Injection Attacks on NN Inference Utilizing NVM Based Weight Storage2023 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS)10.1109/APCCAS60141.2023.00018(26-30)Online publication date: 19-Nov-2023
https://doi.org/10.1109/APCCAS60141.2023.00018
Tehranipoor MNalla Anandakumar NFarahmandi FTehranipoor MAnandakumar NFarahmandi F(2023)Universal Fault SensorHardware Security Training, Hands-on!10.1007/978-3-031-31034-8_15(273-292)Online publication date: 30-Jun-2023
https://doi.org/10.1007/978-3-031-31034-8_15
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Jun-2022
https://dl.acm.org/doi/10.1145/3544102
Dermanis DBogris ARizomiliotis PMesaritakis C(2022)Photonic Physical Unclonable Function Based on Integrated Neuromorphic DevicesJournal of Lightwave Technology10.1109/JLT.2022.320030740:22(7333-7341)Online publication date: 15-Nov-2022
https://doi.org/10.1109/JLT.2022.3200307
Khan MBhasin SLiu BYuan AChattopadhyay AGhosh S(2021)Comprehensive Study of Side-Channel Attack on Emerging Non-Volatile MemoriesJournal of Low Power Electronics and Applications10.3390/jlpea1104003811:4(38)Online publication date: 28-Sep-2021
https://doi.org/10.3390/jlpea11040038
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents