TY - GEN
T1 - Fault injection attacks on emerging non-volatile memory and countermeasures
AU - Khan, Mohammad Nasim Imtiaz
AU - Ghosh, Swaroop
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/6/2
Y1 - 2018/6/2
N2 - Emerging Non-Volatile Memories (NVMs) suffer from high and asymmetric read/write current and long write latency which can result in supply noise such as supply voltage droop and ground bounce. The magnitude of supply noise depends on the old data and the new data that is being written (for write operation) or on the stored data (for read operation). In this paper, we show that the adversary can write specific data pattern (that results in deterministic supply noise) in their memory space to launch, i) Denial of Service (DoS) attack (total write failure), and ii) specific polarity fault (i.e., fault injection) attack in victim’s memory space sharing the same power rails with the adversary’s memory space. These attacks are specifically possible if exhaustive testing of the memory for all patterns, all possible location combinations, all possible parallel read/write conditions are not performed under bit-to-bit process variations and, specified (-10°C to 90°C) and unspecified temperature ranges (i.e., less than -10°C and greater than 90°C). Simulation result indicates that adversary can launch DoS attack on victim’s write operation by injecting more than 120mV of supply noise to victim’s write location. The adversary can also launch 0 ? 1 polarity fault injection attack on victim’s write operation by injecting supply noise greater than 50mV but shorter than 120mV to victim’s write location. Furthermore, the adversary can cause data ‘1’ read failure by injecting more than 150mV of supply noise to victim’s read location.
AB - Emerging Non-Volatile Memories (NVMs) suffer from high and asymmetric read/write current and long write latency which can result in supply noise such as supply voltage droop and ground bounce. The magnitude of supply noise depends on the old data and the new data that is being written (for write operation) or on the stored data (for read operation). In this paper, we show that the adversary can write specific data pattern (that results in deterministic supply noise) in their memory space to launch, i) Denial of Service (DoS) attack (total write failure), and ii) specific polarity fault (i.e., fault injection) attack in victim’s memory space sharing the same power rails with the adversary’s memory space. These attacks are specifically possible if exhaustive testing of the memory for all patterns, all possible location combinations, all possible parallel read/write conditions are not performed under bit-to-bit process variations and, specified (-10°C to 90°C) and unspecified temperature ranges (i.e., less than -10°C and greater than 90°C). Simulation result indicates that adversary can launch DoS attack on victim’s write operation by injecting more than 120mV of supply noise to victim’s write location. The adversary can also launch 0 ? 1 polarity fault injection attack on victim’s write operation by injecting supply noise greater than 50mV but shorter than 120mV to victim’s write location. Furthermore, the adversary can cause data ‘1’ read failure by injecting more than 150mV of supply noise to victim’s read location.
UR - http://www.scopus.com/inward/record.url?scp=85048808885&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048808885&partnerID=8YFLogxK
U2 - 10.1145/3214292.3214302
DO - 10.1145/3214292.3214302
M3 - Conference contribution
AN - SCOPUS:85048808885
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2018
PB - Association for Computing Machinery
T2 - 7th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2018
Y2 - 2 June 2018 through 2 June 2018
ER -