A Secure Data-Toggling SRAM for Confidential Data Protection

We study the security feature of static random access memory (SRAM) against the data imprinting attack and provide a solution to protect the SRAM from this attack. There are four main contributions in this paper. First, the negative-bias temperature-instability (NBTI) degradation of PMOS transistors in the conventional SRAM cell that causes the data imprinting effect is explained. Second, the data imprinting effect that leaks the stored information in the conventional SRAM cell is investigated. Third, a novel low transistor-count transmission-gate-based master–slave SRAM cell is proposed to periodically toggle the stored data for reducing the data imprinting effect. Fourth, an efficient imprinting analysis flow is proposed to evaluate the proposed data-toggling SRAM for quantifying the data imprinting effect. Based on a 65-nm CMOS process, we implement and prototype the proposed 1k-byte data-toggling SRAM design. We perform our imprinting analysis flow on various SRAM ICs and benchmark our proposed data-toggling SRAM IC against the non-toggling SRAM IC and a commercial Lyontek SRAM IC. From the measurement results, the non-toggling SRAM and Lyontek SRAM suffer from 60% and 81% data imprinting effects, respectively, whereas our data-toggling SRAM has only 11% data imprinting effect (at 160-kHz toggling frequency). The data-toggling SRAM could switch between high security (< 5% data imprinting effect) high power mode for hardware security applications and low power (< 0.1mW) low security mode for power-saving applications. Particularly, our data-toggling SRAM could feature as low as ~1% data imprinting effect when increasing the toggling frequency to 1.6 MHz by compromising the power dissipation. Using the image analysis flow, the stored information is revealed in both the non-toggling and Lyontek SRAM ICs but is well protected in the proposed data-toggling SRAM IC.

[1]  余凯,et al.  Security strategy of powered-off SRAM for resisting physical attack to data remanence , 2009 .

[2]  Tilo Müller,et al.  On the Practicability of Cold Boot Attacks , 2013, 2013 International Conference on Availability, Reliability and Security.

[3]  Kwen-Siong Chong,et al.  A dynamic-voltage-scaling 1kbyte×8-bit non-imprinting Master-Slave SRAM with high speed erase for low-power operation , 2014, 2014 International Symposium on Integrated Circuits (ISIC).

[4]  Zou Xuecheng,et al.  Security strategy of powered-off SRAM for resisting physical attack to data remanence , 2009 .

[5]  Mehdi Baradaran Tahoori,et al.  Aging mitigation in memory arrays using self-controlled bit-flipping technique , 2015, The 20th Asia and South Pacific Design Automation Conference.

[6]  Yu Cao,et al.  Modeling and minimization of PMOS NBTI effect for robust nanometer design , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[7]  Ross J. Anderson,et al.  On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[8]  Edmund Y. Lam,et al.  Effective Uses of FPGAs for Brute-Force Attack on RC4 Ciphers , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[9]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[10]  Swaroop Ghosh,et al.  Exploiting Serial Access and Asymmetric Read/Write of Domain Wall Memory for Area and Energy-Efficient Digital Signal Processor Design , 2016, IEEE Transactions on Circuits and Systems I: Regular Papers.

[11]  Steven Trimberger,et al.  Analysis of Data Remanence in a 90nm FPGA , 2007, 2007 IEEE Custom Integrated Circuits Conference.

[12]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[13]  Dhiraj K. Pradhan,et al.  Robust SRAM Designs and Analysis , 2012 .

[14]  Rémi Gaillard,et al.  Single Event Effects: Mechanisms and Classification , 2011 .

[15]  Kwen-Siong Chong,et al.  Area-efficient and low stand-by power 1k-byte transmission-gate-based non-imprinting high-speed erase (TNIHE) SRAM , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[16]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[17]  Jörg Henkel,et al.  Stress balancing to mitigate NBTI effects in register files , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[18]  Ken Mai,et al.  6T SRAM and 3T DRAM data retention and remanence characterization in 65nm bulk CMOS , 2012, Proceedings of the IEEE 2012 Custom Integrated Circuits Conference.

[19]  Tolga Arul,et al.  Low-Temperature Data Remanence Attacks Against Intrinsic SRAM PUFs , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[20]  Zou Xuecheng,et al.  Novel security strategies for SRAM in powered-off state to resist physical attack , 2009, Proceedings of the 2009 12th International Symposium on Integrated Circuits.

[21]  Tao Jin,et al.  Low power aging-aware register file design by duty cycle balancing , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  Chris H. Kim,et al.  An SRAM Reliability Test Macro for Fully Automated Statistical Measurements of VMIN Degradation , 2012, IEEE Trans. Circuits Syst. I Regul. Pap..

[23]  Hao-I Yang,et al.  Impacts of NBTI/PBTI on Timing Control Circuits and Degradation Tolerant Design in Nanoscale CMOS SRAM , 2011, IEEE Transactions on Circuits and Systems I: Regular Papers.

[24]  Peter Gutmann,et al.  Data Remanence in Semiconductor Devices , 2001, USENIX Security Symposium.

[25]  Steven Trimberger,et al.  Security in SRAM FPGAs , 2007, IEEE Design & Test of Computers.

[26]  Muhammad Ashraful Alam,et al.  A comprehensive model of PMOS NBTI degradation , 2005, Microelectron. Reliab..