Probable cause: The deanonymizing effects of approximate DRAM

Approximate computing research seeks to trade-off the accuracy of computation for increases in performance or reductions in power consumption. The observation driving approximate computing is that many applications tolerate small amounts of error which allows for an opportunistic relaxation of guard bands (e.g., clock rate and voltage). Besides affecting performance and power, reducing guard bands exposes analog properties of traditionally digital components. For DRAM, one analog property exposed by approximation is the variability of memory cell decay times. In this paper, we show how the differing cell decay times of approximate DRAM creates an error pattern that serves as a system identifying fingerprint. To validate this observation, we build an approximate memory platform and perform experiments that show that the fingerprint due to approximation is device dependent and resilient to changes in environment and level of approximation. To identify a DRAM chip given an approximate output, we develop a distance metric that yields a two-orders-of-magnitude difference in the distance between approximate results produced by the same DRAM chip and those produced by other DRAM chips. We use these results to create a mathematical model of approximate DRAM that we leverage to explore the end-to-end deanonymizing effects of approximate memory using a commodity system running an image manipulation program. The results from our experiment show that given less than 100 approximate outputs, the fingerprint for an approximate DRAM begins to converge to a single, machine identifying fingerprint.

[1]  Luis Ceze,et al.  Architecture support for disciplined approximate programming , 2012, ASPLOS XVII.

[2]  Qingyuan Deng,et al.  MemScale: active low-power modes for main memory , 2011, ASPLOS XVI.

[3]  Subramanian S. Iyer,et al.  A Self-Authenticating Chip Architecture Using an Intrinsic Fingerprint of Embedded DRAM , 2013, IEEE Journal of Solid-State Circuits.

[4]  Jacob Nelson,et al.  Approximate storage in solid-state memories , 2013, 2013 46th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[5]  Zeno Geradts,et al.  Methods for identification of images acquired with digital cameras , 2001, SPIE Optics East.

[6]  Kenji Kurosawa,et al.  CCD fingerprint method-identification of a video camera from videotaped images , 1999, Proceedings 1999 International Conference on Image Processing (Cat. 99CH36348).

[7]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[8]  Amir Rahmati,et al.  TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks , 2012, USENIX Security Symposium.

[9]  Kate Cumming Purposeful data: the roles and purposes of recordkeeping metadata , 2007 .

[10]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[11]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[13]  Yue Wang,et al.  Exploiting Half-Wits: Smarter Storage for Low-Power Devices , 2011, FAST.

[14]  Dennis Goeckel,et al.  Identifying Wireless Users via Transmitter Imperfections , 2011, IEEE Journal on Selected Areas in Communications.

[15]  Song Liu,et al.  Hardware/software techniques for DRAM thermal management , 2011, 2011 IEEE 17th International Symposium on High Performance Computer Architecture.

[16]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[17]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[18]  Jean-Louis Lacoume,et al.  Noise Reduction in Side Channel Attack Using Fourth-Order Cumulant , 2007, IEEE Transactions on Information Forensics and Security.

[19]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[20]  Daniel E. Holcomb,et al.  Refreshing Thoughts on DRAM : Power Saving vs . Data Integrity , 2014 .

[21]  Eric Rotenberg,et al.  Retention-aware placement in DRAM (RAPID): software methods for quasi-non-volatile DRAM , 2006, The Twelfth International Symposium on High-Performance Computer Architecture, 2006..

[22]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[23]  Miroslav Goljan,et al.  Digital camera identification from sensor pattern noise , 2006, IEEE Transactions on Information Forensics and Security.

[24]  Chris Fallin,et al.  Memory power management via dynamic voltage/frequency scaling , 2011, ICAC '11.

[25]  P. Jaccard,et al.  Etude comparative de la distribution florale dans une portion des Alpes et des Jura , 1901 .

[26]  Kilroy,et al.  No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. By Glenn Greenwald, New York, NY: Metropolitan Books, 2014. , 2016 .

[27]  David Tschumperlé,et al.  The CImg Library , 2012 .

[28]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[29]  T. Hamamoto,et al.  On the retention time distribution of dynamic random access memory (DRAM) , 1998 .

[30]  Richard Veras,et al.  RAIDR: Retention-aware intelligent DRAM refresh , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[31]  Dan Grossman,et al.  EnerJ: approximate data types for safe and general low-power computation , 2011, PLDI '11.

[32]  Glenn Greenwald,et al.  No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State , 2014 .