Mohammad Nasim Imtiaz Khan

Security and privacy threats to on-chip non-volatile memories and countermeasures

Non-volatile memories (NVMs) such as Spin-Transfer Torque RAM (STTRAM) have drawn significant attention due to complete elimination of bitcell leakage. In addition to the plethora of benefits such as density, non-volatility, low-power and high speed, majority of Non-Volatile Memories (NVMs) are also compatible with CMOS technology enabling easy integration. Although promising, NVM brings new security challenges that were absent in their conventional volatile memory counterparts such as Static RAM (SRAM) and embedded Dynamic RAM (eDRAM). The root cause is persistent data that may allow the adversary to retrieve sensitive information like password or cryptographic keys. This is primarily due to the fundamental dependency of these memory technologies on environmental parameters such as magnetic fields and temperature which can be exploited by the adversary to tamper with the stored data. This paper investigates the data security and privacy challenges in NVMs by exploring the security specific properties and novel security primitives realized using spintronic building blocks. A thorough analysis is done on the vulnerabilities, data security and privacy issues, threats and possible countermeasures to enable safe computing environment using spintronics.

Side-Channel Attack on STTRAM Based Cache for Cryptographic Application

In this paper, we propose a Side Channel Attack (SCA) model on Spin-Torque Transfer RAM (STTRAM) where an adversary can monitor the supply current of the memory array consumed during read/write operations and recover the secret key of Advanced Encryption Standard (AES) execution. Simulation results indicate that by monitoring write current, 50% of keys could be extracted using 2000 traces. Further improvement of attacks on write operation is also proposed. The read current is found to be more susceptible to leak the key. It reveals first byte in only 40 traces and leaks the entire key in as low as 400 traces. The results are then compared with Static RAM (SRAM) based cache. The attack model has been experimentally validated on read operation of commercial MRAM chip (STTRAM variant). Experimental results indicate that the attack can reveal correct key in 15 traces compared to 40 in simulation due to less algorithmic noise. To the best of our knowledge, this is the first comprehensive SCA study for STTRAM based cache for cryptographic application.

Novel magnetic burn-in for retention testing of STTRAM

Spin-Transfer Torque RAM (STTRAM) is an emerging Non-Volatile Memory (NVM) technology that has drawn significant attention due to complete elimination of bitcell leakage. However, it brings new challenges in characterizing the retention time of the array during test. Significant shift of retention time under static (process variation (PV)) and dynamic (voltage, temperature fluctuation) variability furthers this issue. In this paper, we propose a novel magnetic burn-in (MBI) test which can be implemented with minimal changes in the existing test flow to enable STTRAM retention testing at short test time. The magnetic burn-in is also combined with thermal burn-in (MBI−BI) for further compression of retention and test time. Simulation results indicate MBI with 220Oe (at 25C) can improve the test time by 3.71×1013 X while MBI−BI with 220Oe at 125C can improve the test time by 1.97×1014X.

Sensing of Phase-Change Memory

PCM is an emerging non-volatile memory that offers high integration density and high endurance. The speed of PCM is comparable to DRAM. However, PCM sense operation incurs issues due to the resistance drifting phenomenon, high sensing time, sense time variation from cell to cell, etc. Therefore, conventional sensing techniques need to be modified. In this chapter, we describe these issues along with the basics of PCM cell design and PCM read/write operation. We also summarized state-of-the-art PCM-specific sensing schemes proposed to address different PCM-sensing issues.

Information Leakage Attacks on Emerging Non-Volatile Memory and Countermeasures

Emerging Non-Volatile Memories (NVMs) suffer from high and asymmetric read/write current and long write latency which can result in supply noise, such as supply voltage droop and ground bounce. The magnitude of supply noise depends on the old data and the new data that is being written (for a write operation) or on the stored data (for a read operation). Therefore, victims write operation creates a supply noise which propagates to adversarys memory space. The adversary can detect victims write initiation and can leverage faster read latency (compared to write) to further sense the Hamming Weight (HW) of the victims write data by detecting read failures in his memory space. These attacks are specifically possible if exhaustive testing of the memory for all patterns, all possible location combinations, all possible parallel read/write conditions are not performed under bit-to-bit process variations and specified (-10°C to 90°C) and unspecified temperature ranges (i.e., less than -10°C and greater than 90°C). Simulation result indicates that adversary can sense HW of victims (near-by) write data = 66.77%, and further narrow the range based on read/write failure characteristics. Side Channel Attacks can utilize this information to strengthen the attacks.