当前位置: X-MOL 学术arXiv.cs.AR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
SCARE: Side Channel Attack on In-Memory Computing for Reverse Engineering
arXiv - CS - Hardware Architecture Pub Date : 2020-06-23 , DOI: arxiv-2006.13095
Sina Sayyah Ensan, Karthikeyan Nagarajan, Mohammad Nasim Imtia Khan, and Swaroop Ghosh

In-memory computing architectures provide a much needed solution to energy-efficiency barriers posed by Von-Neumann computing due to the movement of data between the processor and the memory. Functions implemented in such in-memory architectures are often proprietary and constitute confidential Intellectual Property. Our studies indicate that IMCs implemented using RRAM are susceptible to Side Channel Attack. Unlike conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCARE can reveal the sensitive IP implemented within the memory. Therefore, the adversary does not need to perform invasive Reverse Engineering to unlock the functionality. We demonstrate SCARE by taking recent IMC architectures such as DCIM and MAGIC as test cases. Simulation results indicate that AND, OR, and NOR gates (building blocks of complex functions) yield distinct power and timing signatures based on the number of inputs making them vulnerable to SCA. Although process variations can obfuscate the signatures due to significant overlap, we show that the adversary can use statistical modeling and analysis to identify the structure of the implemented function. SCARE can find the implemented IP by testing a limited number of patterns. For example, the proposed technique reduces the number of patterns by 64% compared to a brute force attack for a+bc function. Additionally, analysis shows improvement in SCAREs detection model due to adversarial change in supply voltage for both DCIM and MAGIC. We also propose countermeasures such as redundant inputs and expansion of literals. Redundant inputs can mask the IP with 25% area and 20% power overhead. However, functions can be found by greater RE effort. Expansion of literals incurs 36% power overhead. However, it imposes brute force search by the adversary for which the RE effort increases by 3.04X.

中文翻译:

SCARE:用于逆向工程的内存计算的旁道攻击

内存计算架构为 Von-Neumann 计算由于处理器和内存之间的数据移动而造成的能效障碍提供了急需的解决方案。在这种内存架构中实现的功能通常是专有的,构成机密知识产权。我们的研究表明,使用 RRAM 实现的 IMC 容易受到侧信道攻击。与旨在从加密实现中泄露私钥的传统 SCA 不同,SCARE 可以揭示内存中实现的敏感 IP。因此,攻击者不需要执行侵入性逆向工程来解锁功能。我们以 DCIM 和 MAGIC 等最近的 IMC 架构作为测试用例来演示 SCARE。仿真结果表明AND、OR、和或非门(复杂功能的构建块)根据输入数量产生不同的功率和时序特征,使它们容易受到 SCA 的影响。尽管由于显着重叠,过程变化可能会混淆签名,但我们表明对手可以使用统计建模和分析来识别已实现功能的结构。SCARE 可以通过测试有限数量的模式来找到实现的 IP。例如,与 a+bc 函数的蛮力攻击相比,所提出的技术减少了 64% 的模式数量。此外,分析表明,由于 DCIM 和 MAGIC 的电源电压的对抗性变化,SCARE 检测模型有所改进。我们还提出了冗余输入和文字扩展等对策。冗余输入可以用 25% 的面积和 20% 的功率开销来屏蔽 IP。但是,可以通过更大的 RE 努力找到功能。文字的扩展会导致 36% 的功率开销。然而,它强加了对手的蛮力搜索,RE 工作量增加了 3.04 倍。
更新日期:2020-06-24
down
wechat
bug