Protecting user’s secret data on the devices like smartphones, tablets, wearable devices etc, from memory attacks is always a challenge for system designers. The most stringent security requirements and protocols in today’s state-of-the-art systems are governed by Federal Information Processing Standards (FIPS). Specifically, it ensures the protection of sensitive data by erasing them from random access memories (RAMs) and associated flip-flip based registers, as soon as security violation(s) is(are) detected. Traditionally, the sensitive data like authentication credentials, cryptographic keys and other on-chip secrets are erased (or zeroized) by sequential write transactions initiated either by dedicated hardware or using software programs. This paper, for the first time, proposes a novel approach of erasing secured data content from on-chip RAMs using conventional memory built-in-self-test (MBIST) hardware in mission mode. The proposed zeroization approach is proved to be substantially faster than the traditional techniques in erasing data content. As it helps in re-using Memory BIST hardware for on-chip data content zeroization, this guarantees to save silicon area and power by removing dedicated conventional hardware from the device. This paper also discusses the micro-architectural implementation and security challenges of using Memory BIST hardware in mission mode and proposes practical solutions to fill the gaps.

中文翻译：

---

内存攻击下数据内容归零的新方法

保护智能手机、平板电脑、可穿戴设备等设备上的用户机密数据免受内存攻击一直是系统设计人员面临的挑战。当今最先进系统中最严格的安全要求和协议由联邦信息处理标准 (FIPS) 管理。具体而言，一旦检测到安全违规，它就会通过从随机存取存储器 (RAM) 和相关的基于翻转的寄存器中擦除敏感数据来确保对敏感数据的保护。传统上，身份验证凭证、加密密钥和其他片上机密等敏感数据会通过由专用硬件或使用软件程序启动的顺序写入事务来擦除（或归零）。这篇论文，第一次，提出了一种在任务模式下使用传统内存内置自检 (MBIST) 硬件从片上 RAM 擦除安全数据内容的新方法。事实证明，所提出的归零方法比擦除数据内容的传统技术要快得多。由于它有助于重新使用内存 BIST 硬件进行片上数据内容清零，因此可以通过从设备中移除专用的传统硬件来保证节省硅面积和功耗。本文还讨论了在任务模式下使用内存 BIST 硬件的微架构实现和安全挑战，并提出了填补空白的实用解决方案。事实证明，所提出的归零方法比擦除数据内容的传统技术要快得多。由于它有助于重新使用内存 BIST 硬件进行片上数据内容清零，因此可以通过从设备中移除专用的传统硬件来保证节省硅面积和功耗。本文还讨论了在任务模式下使用内存 BIST 硬件的微架构实现和安全挑战，并提出了填补空白的实用解决方案。事实证明，所提出的归零方法比擦除数据内容的传统技术要快得多。由于它有助于重新使用内存 BIST 硬件进行片上数据内容清零，因此可以通过从设备中移除专用的传统硬件来保证节省硅面积和功耗。本文还讨论了在任务模式下使用内存 BIST 硬件的微架构实现和安全挑战，并提出了填补空白的实用解决方案。