Hardware Trojans in Emerging Non-Volatile Memories

Mohammad Nasim Imtiaz Khana, Karthikeyan Nagarajanb and Swaroop Ghoshc
The Pennsylvania State University, University Park, PA, USA
amuk392@psu.edu
bkxn287@psu.edu
cszg212@psu.edu

ABSTRACT


Emerging Non-Volatile Memories (NVMs) possess unique characteristics that make them a top target for deploying Hardware Trojan. In this paper, we investigate such knobs that can be targeted by the Trojans to cause read/write failure. For example, NVM read operation depends on clamp voltage which the adversary can manipulate. Adversary can also use ground bounce generated in NVM write operation to hamper another parallel read/write operation. We have designed a Trojan that can be activated and deactivated by writing a specific data pattern to a particular address. Once activated, the Trojan can couple two predetermined addresses and data written to one address (victim’s address space) will get copied to another address (adversary’s address space). This will leak sensitive information e.g., encryption keys. Adversary can also create read/write failure to predetermined locations (fault injection). Simulation results indicate that the Trojan can be activated by writing a specific data pattern to a specific address for 1956 times. Once activated, the attack duration can be as low as 52.4µs and as high as 1.1ms (with reset-enable trigger). We also show that the proposed Trojan can scale down the clamp voltage by 400mV from optimum value which is sufficient to inject specific data-polarity read error. We also propose techniques to inject noise in the ground/power rail to cause read/write failure.

Keywords: Hardware Trojan, Memory Trojan, Trigger, Payloads, Information Leakage, Fault Injection, DoS.



Full Text (PDF)