SMART: Secure Magnetoelectric AntifeRromagnet-Based Tamper-Proof
  Non-Volatile Memory by Rangarajan, Nikhil et al.
SMART: Secure Magnetoelectric AntifeRromagnet-Based
Tamper-Proof Non-Volatile Memory
Nikhil Rangarajan
New York University
Satwik Patnaik
New York University
Johann Knechtel
New York University Abu Dhabi
Ozgur Sinanoglu
New York University Abu Dhabi
Shaloo Rakheja
New York University
ABSTRACT
Data the and tampering are serious concerns as aackers have
aggressively begun to exploit weaknesses in current memory sys-
tems to advance their nefarious schemes. e storage industry is
moving toward emerging non-volatile memories (NVM), including
the spin-transfer torque magnetoresistive random access memory
(STT-MRAM) and the phase change memory (PCM), owing to their
high density and low power operation. e advent of novel memory
technologies has led to new vulnerabilities including data sensitivity
to magnetic eld and temperature uctuations and data persistence
aer power down. In this paper, we propose SMART: a Secure Mag-
netoelectric Antiferromagnet-Based Tamper-Proof memory, which
leverages unique properties of antiferromagnetic materials and of-
fers dense, on-chip non-volatile storage. SMART memory is not
only resilient against data condentiality aacks seeking to leak
sensitive information but also protects data integrity and prevents
Denial of Service (DoS) aacks on the memory. It is impervious to
power side-channel aacks, which exploit asymmetric reads/writes
for ‘0’ and ‘1’ logic levels, and photonic side-channel aacks, which
monitor photo-emission signatures from the chip backside. Further,
the ultra-low power magnetoelectric switching coupled with the
terahertz regime antiferromagnetic dynamics result in ∼ 4 orders
lower energy-per-bit and ∼ 3 orders smaller latency for the SMART
memory as compared to prior NVMs such as STT-MRAM and PCM.
1 INTRODUCTION
Conventional DRAM scaling has reached a critical tipping point
as the miniaturization of the DRAM cell has plateaued in recent
years. Feature size scaling beyond the 20 nm technology node is
met with numerous challenges such as smaller retention times,
higher leakage currents, and increased fault rates [1]. Solutions to
address these concerns include improved DRAM fault detection
and recovery [2], as well as architectural techniques to enhance
DRAM scaling [3].
A promising solution to the memory scaling problem is to real-
ize the main memory system using non-volatile technologies [4].
Examples of emerging non-volatile memories (NVMs) include spin-
transfer torque magnetoresistive random access memory (STT-
MRAM), ferroelectric random access memory (FeRAM), resistive
random access memory (ReRAM), and phase change memory (PCM).
Recent interest in NVMs from memory manufacturers has esca-
lated signicantly. For instance, Intel’s current line of 3D XPoint
memory systems utilize PCM-based NVM technology [5]. IBM
and Everspin’s new solid state drive comes with STT-MRAM write
caches [6]. While NVMs oer aractive features, such as high
density, low leakage, and non-volatile data retention, they also
suer from poor endurance and high access latency in their current
implementation.
Memory security has come under a lot of scrutiny recently. is
is because aacks such as Spectre [7] and Meltdown [8] targeting
side-channels associated with speculative execution and out-of-
order execution, respectively, exposed security vulnerabilities in
a wide array of currently deployed processors and memory ar-
chitectures. In the case of NVMs, data persistence aer power
down presents a severe threat to data condentiality as malicious
aackers aiming to steal private data can do so easily by mounting
cold-boot aacks [9] or other removal aacks like stealing the mem-
ory DIMM [10]. Moreover, magnetic memories like STT-MRAM
are highly sensitive to stray magnetic elds. As such, magnetic
eld-based aacks [11] can be used to corrupt the stored data or
compromise the memory’s functional integrity, causing a Denial of
Service (DoS). Hence, such security vulnerabilities pose a crucial
impediment to pervasive large-scale proliferation of NVMs in the
memory industry.
In this paper, we present an alternative to conventional NVMs
such as STT-MRAM and PCM, in the form of SMART: a Secure Mag-
netoelectric Antiferromagnet-Based Tamper-Proof memory. SMART
memory leverages the room-temperature linear magnetoelectric
(ME) eect in antiferromagnets (AFMs) like chromia [12], which
can be switched solely using voltage pulses without the use of elec-
tric currents, leading to ultra-low energy (∼aJ) operation. Further,
the intrinsic dynamics of AFMs is typically in the terahertz regime
(∼ 1012 Hz), which is ∼ 3 orders of magnitude faster than the de-
lay of other NVMs including STT-MRAM and PCM. In addition to
its energy and latency improvements, the SMART memory oers
a signicant advancement in terms of secure tamper-proof data
storage. For example, AFMs do not exhibit a magnetic signature
since they do not have a net external magnetic moment, unlike
ferromagnets (FM). Hence, the SMART memory cannot be probed
or switched with external magnetic elds, unlike the way STT-
MRAMs can. is, in turn, eliminates the possibility of magnetic
eld aacks targeting data integrity or aiming to induce a DoS. To
address the post-shutdown data persistence of SMART memory,
we demonstrate an in-memory encryption scheme employing ME-
AFM transistor-based controlled NOT (CNOT) logic. We discuss
the resilience of the SMART memory against aacks aiming to
undermine data condentiality and data delity, in both powered
on and powered down states. e main contributions of this work
can be summarized as follows:
(1) We introduce SMART, a secure ME-AFM-based NVM and
develop analytic models for its design and simulation.
(2) We demonstrate the resilience of SMART memory against
magnetic eld and temperature aacks, which can aect
other NVMs like the STT-MRAM. We explore the implica-
tions of various side channel aacks on the SMART mem-
ory.
(3) We present an in-memory encryption scheme with ME-
AFM transistor-based CNOT gates, to protect the data
stored in SMART memory against cold-boot and stolen
DIMM aacks.
ar
X
iv
:1
90
2.
07
79
2v
1 
 [c
s.E
T]
  2
0 F
eb
 20
19
2 BACKGROUND AND RELATEDWORK
Prior works on securing NVMs have focused mainly on memory
encryption schemes, which are necessary to prevent aackers from
exploiting data persistence in o-state. Chhabra et al. proposed an
incremental encryption scheme [13] for NVMs where only inert
memory pages, which have not been accessed for a while, are en-
crypted selectively. e working set of the memory (which is in cur-
rent use) is in plaintext and, hence, incurs no encryption overhead
on access. Such a selective encryption ensures that the majority
of the main memory content (but not all) remains encrypted at all
times, without overly compromising the performance. However,
it requires dedicated hardware, inert page prediction, and schedul-
ing for its implementation. A sneak path encryption scheme was
demonstrated for memristor-based NVMs in [14], wherein sneak
paths in the memristor crossbar array are exploited to apply en-
cryption pulses to change the resistances of the memory cells, and
hence, encrypt the stored data.
In [10], the authors proposed DEUCE, a dual counter encryp-
tion for PCM memories, which signicantly reduces the number of
modied bits per writeback, to improve performance and lifetime
of the memory. is scheme aims to mitigate the impact of the
avalanche eect [15] occurring during memory encryption, by re-
encrypting and writing back only the modied words during any
write operation. Swami et al. took this concept forward and pro-
posed SECRET [16], a smart encryption scheme for NVMs, which
integrates word-level re-encryption and zero-based partial writes
to reduce memory write operations. ey also demonstrate write
optimization through the use of energy masks in the encryption
XOR logic, which minimizes the bit ips in the encryption pro-
cess thereby reducing the total write energy. An advanced counter
mode encryption (ACME) was presented in [17], which utilizes the
write leveling architecture inherent in PCM memories, to perform
counter write leveling. ACME helps to avoid Rowhammer-type
aacks by preventing the counter associated with any single cache
line from overowing.
e impact of contactless tampering in STT-MRAMs using ex-
ternal magnetic elds was highlighted in [11]. e authors showed
how magnetic eld-based aacks can corrupt the contents of STT-
MRAM cells, through micromagnetic simulations of FMs in mag-
netic tunnel junctions (MTJs). ey also proposed duplicating the
STT-MRAM array to implement an on-chip sensor for detecting
such magnetic eld-based incursions, and error correction modules
to compensate cell failures arising due to these aacks. eir im-
plementation, however, incurs large energy and area penalties due
to the additional hardware requirements imposed by the magnetic
eld sensor and error correction scheme.
3 DEVICE MODEL AND FUNCTIONALITY
e linear ME eect [18] represents the coupling between applied
magnetic eld and induced polarization or between applied elec-
tric eld and induced magnetization in non-centrosymmetric crys-
tals like chromia (Cr2O3). Compared to the STT-based magne-
tization reversal of FMs requiring electric currents on the order
of ∼ 106 A/cm2 and associated Joule heating, the ME eect pro-
vides an energy-ecient all-electrical switching of the roughness-
insensitive boundary magnetization of chromia [19]. Additionally,
chromia is an AFM; hence, the net bulk magnetic moment (dif-
ference of the sublaice magnetization vectors) vanishes and is
imperceptible externally. However, the boundary magnetization is
strongly coupled to the AFM order parameter. at is, the electrical
switching of the AFM order results in reversal of the boundary
magnetization [20], which is used to encode the information in
ME-AFM memories.
e uncompensated surface moments at the (0001) surface of
chromia result in an equilibrium boundary magnetization, which
could be in one of the two oppositely aligned domain states. e
degeneracy between the domains is lied through ME annealing,
which allows the preferential selection of one of the states [21].
is eect then polarizes the surface and results in a single domain
surface moment. Isothermal switching between these single domain
states using an electric eld E and a small symmetry-breaking dc
magnetic eld H has been demonstrated [21]. e critical condition
for this ME switching is that the E ·H product must exceed the ME
threshold energy barrier, which is as low as ≈ 1 J/m3.
Vxy
VG
Platinum gate 
Chromia  
 Anomalous Hall 
readout
Figure 1: Chromia-based magnetoelectric antiferromagnetic ran-
dom access memory. Data (1/0) is written by applying a gate voltage
(+/−) to the bottom gate electrode. Readout is through an anoma-
lous Hall bar electrode on the top.
e chromia-based ME-AFMRAM, which is at the heart of our
SMART memory, is shown in Fig. 1. Experimentally demonstrated
by Kosub et al. [22], the ME-AFMRAM employs a boom gate elec-
trode for applying the gate voltage, which provides the electric eld
necessary for writing data into the memory. e small symmetry-
breaking magnetic eld (≈ 30 mT) is provided by the stray eld
of a permanent magnet. A positive gate voltage may orient the
bulk order and, hence, put the surface magnetization in one domain
(with surface moments pointing up), whereas a negative gate volt-
age will result in the surface magnetization relaxing to the opposite
domain (with surface moments pointing down). ese two states
correspond to logic ‘1’ and ‘0’, respectively.
e read-out is achieved through an anomalous Hall (AH) bar
electrode setup, which discerns the boundary magnetization of
chromia by sensing the proximity eect-induced magnetization in
the nearby Platinum (Pt) electrode, thereby producing a propor-
tional Hall voltage [23]. Traditionally, the order parameter of AFMs
is read-out via an exchange bias arrangement [24] in another FM
aached adjacently to the AFM surface. However, the exchange
bias and the FM’s hysteresis increase the coercive voltage required
to overcome the ME barrier and, hence, impact the write energy
negatively. To avoid this eect, Kosub et al. [22] proposed the use of
an exclusively ME-AFM setup with an AH read-out of the surface
magnetization, thereby eliminating the need for an FM.
Although chromia is not a typical ferroelectric (FE), it exhibits a
spontaneous surface polarization, in conjunction with uncompen-
sated surface magnetic moments. Under the inuence of an applied
electric eld, as the bulk order and surface magnetization undergo
reversals, the surface polarization also switches [25]. Hence, FE
hysteresis models of chromia, describing its polarization reversal
characteristics, can be used to model the switching dynamics of
the chromia-based ME-AFMRAM. Here, we combine the Landau-
Khalatnikov (LK) model of FE hysteresis [26], which is a macro-
scopic model representing homogeneous FE switching, with the
microscopic Weiss molecular model [27] that describes FE switch-
ing in terms of individual dipole reversals. Our model can thus
capture the essence of the dynamical evolution of the chromia
polarization, reconciled with its microscopic aspects.
e LK dynamical equation of motion for the total electric eld
inside the chromia dielectric is given as
Etotal =
(δU
δP
)
S
+ ρ
(dP
dt
)
, (1)
whereU is the entropy per unit volume and ρ(dP/dt) represents the
Ohmic losses in the dielectric (P represents the surface polarization).
Combining Eq. (1) with the Weiss model, we obtain the temporal
evolution of the polarization order(
τ0 exp
(
W0
kT
)
2 cosh
{
p
kT (Ea + αP(t))
} ) dP
dt
+P(t) = np tanh
{ p
kT
(Ea + αP(t))
}
,
(2)
where p is the average dipole moment, Ea is the applied eld, τ0 and
W0 are the Arrhenius pre-exponential factor and activation energy,
respectively, α is the dipole coupling constant, and n is the total
dipole density. Rearranging the terms in Eq. (2), we obtain,
dP
dt
=
2np sinh
{
p
kT (Ea + αP(t))
}
− P(t) cosh
{
p
kT (Ea + αP(t))
}
τ0 exp
(
W0
kT
)
(3)
which can be expressed in the form dVdt =
I (t )
C . Here, V (t) repre-
sents the instantaneous polarization P(t), C = τ0 exp
(
W0
kT
)
, and
I (t) is a voltage-dependent current source of the form f (P) =
2np sinh
{
p
kT (Ea + αP(t))
}
− P(t) cosh
{
p
kT (Ea + αP(t))
}
.
f(P)
P
τ0exp (W0/kT)
WE
WE
RE
RE
BL
CEL
+ VAHE
Rshunt
Figure 2: Equivalent circuit for the chromia ME-AFMRAM cell.
e bit line (BL) writes data on to the cell by switching the chro-
mia FE polarization. Read-out is achieved through an AH setup,
modeled with a voltage-controlled voltage source. CEL is the elec-
trostatic capacitance of the chromia dielectric.
e RC circuit to model the FE response in chromia is imple-
mented as aVerilog-A block and connected with peripheral read/write
circuitry to construct the full ME-AFMRAM cell in Cadence Virtuoso
using the 45-nm CMOS FreePDK technology. Figure 2 shows the
equivalent circuit of the ME-AFMRAM cell. e write pulse, used
to charge the chromia RC and switch the polarization P , is given
through the bit line (BL) in the write setup. Aer the write cycle,
the read setup is enabled to read-out the stored polarization charge
through an AH arrangement, modeled with a voltage-controlled
voltage source (vcvs). Output voltage levels are then restored to
logic ‘0’/‘1’ using an inverter chain. e AHE coecient of Pt, used
in the vcvs is taken as ∼ 5 pΩm [28]. e chromia layer considered
is 60 × 60 × 10 nm3, with n = 1.85 × 1028/m3, p = 5 × 10−30 Cm,
and Ea = 1 × 107 V/m [29, 30]. Hence, the write pulse magnitude
is ∼ 100 mV. e electrostatic capacitance for chromia is calculated
as 5.8 aF, considering a relative permiivity of 11 for chromia [30].
Figure 3 shows the transient read/write operations of the ME-
AFMRAM cell. e write and read latencies of the ME-AFMRAM cell
are obtained as 8.5 ps and ∼10 ps, respectively, and the energy-per-
bit for one write-read operation cycle is 4.7 aJ. A comparison of the
performance metrics of the ME-AFMRAM with other memory tech-
nologies is presented in Table 1. It is seen that the ME-AFMRAM
outperforms other NVMs as well as conventional memory systems
in almost every aspect.
RE
WE
Figure 3: Transient simulations showingwrite and read operations
on the chromia ME-AFMRAM cell. Note that for writing a ‘1’ the
write pulse is positive, and for writing a ‘0’ the write pulse is nega-
tive. In this simulation, a series of ‘1’s and ‘0’s are being written to
the cell, and then nally ‘1’ is read o the cell.
Memory 
technology 
Write 
latency 
Read 
latency 
Energy- 
per-bit 
Endurance 
(cycles) 
Density 
DRAM 10 ns 10 ns 3 pJ 1016 Medium 
NAND Flash 500 µs  25 µs  300 pJ 104 High 
PCM 50 ns 10 ns 2 pJ 108 High 
FeRAM 10 ns 5 ns 2.5 pJ 1013 Low 
ReRAM 40 ns 20 ns 0.4 pJ 105 High 
Memristor 10 ns 10 ns 0.1 pJ 1012 Medium 
STT-MRAM 2-10 ns 2-10 ns 0.1 pJ 1015 Medium 
ME-
AFMRAM  
8.5 ps 10-20 ps 4.7 aJ 1015 High 
Table 1: Performance comparison of variousmemory technologies,
from [31, 32].
4 SECURITY ANALYSIS
4.1 reat model
Here, we discuss the threat model, which denes the strengths
and capabilities of an aacker as well as the objectives and conse-
quences for a successful aack. e aack scenarios presented are
considered for NVMs only.
• An aacker with physical access to a system can disassem-
ble and remove the memory cells to try to read out the
contents.
• e aacker can launch cold-boot aacks [9]. During
power-down, there is some latency between the time when
power-down sequence initiates and the instant when mem-
ory contents are completely secured. Aackers might use
this time-window to read out memory contents. To cir-
cumvent such aacks, memory encryption is typically em-
ployed [13, 17].
• Aackers could leverage properties like sensitivity to mag-
netic elds and temperature uctuations to corrupt the
data or induce a DoS [11]. ey may forcibly write spe-
cic data to memory, which accelerates aging and causes
memory failures.
• With access to failure analysis equipment, an aacker can
also resort to advanced invasive aacks. Majority of inva-
sive aacks typically target the Back-End-of-Line (BEOL),
approaching from the top-most metal layer, which is also
referred to as a front-side aack. However, aackers can
also enter through the substrate to conduct back-side at-
tacks [33–35]. Here, by considering the possibility of a
back-side aack, we assume that an aacker would be
interested in reading out the data stored in the memory.
• Asymmetricity in reading/writing logic ‘0’ and ‘1’ in the
NVM, if any, can be exploited by the aacker to perform
a side channel aack to recover the stored information,
through techniques like dierential power analysis (DPA) [36]
and correlation power analysis (CPA) [37].
4.2 Magnetic eld and temperature attacks
STT-MRAMs have FM-based MTJs as their basic building blocks.
FMs possess a macroscopic magnetization or magnetic signature,
which is visible externally and can be manipulated using magnetic
elds. e fact that the MTJs in STT-MRAM respond to external
elds is what makes them prime targets for any adversary aempt-
ing to tamper with the stored data or cause memory malfunction
by leveraging magnetic eld-based aacks [11]. Stray elds from
nearby magnets, as small as 0.01 T, could cause an unintended bit
ip in the STT-MRAM cell, under close proximity. Fig. 4 shows the
magnetic eld-induced bit ip in a representative FM, obtained by
solving the Landau-Lifshitz-Gilbert equation for FM dynamics [38].
AFMs, on the other hand, exhibit no external magnetic signa-
ture since their equal and opposite sublaice moments cancel each
other out. Hence, the bulk order parameter cannot be aected by
external magnetic elds. To switch the bulk order, staggered elds
(opposite sign on opposite sublaices) must be applied on both
the sublaice moments, as illustrated in Fig. 5 inset. However, an
external homogeneous magnetic eld is unable to provide such a
staggered eld arrangement, and hence, just ends up canting the
sublaice moments in a way wherein the torque due to the external
eld is exactly balanced by the exchange torque exerted by one
sublaice moment on the other [39]. As shown in Fig. 5, magnetic
1
mx
0
-1-1
0
my
-0.5
1
-1
0
0.5
1
m
z
Initial
state
Final
state
Hext
(a) Magnetization trajectory for mag-
netic eld-induced switching of a FM.
t (ns)
0 0.5 1 1.5 2
M
ag
ne
tiz
at
io
n
-1
-0.5
0
0.5
1 mx
my
mz
(b) Magnetization components for magnetic
eld-induced switching of a FM.
Figure 4: e FMs in an STT-MRAM can be switched easily using
external magnetic elds.
elds are unable to reorient the AFM order parameter.1 erefore,
the SMART ME-AFMRAM is expected to be resistant to magnetic
eld aacks described in [11].
With regards to temperature uctuation-based aacks, an ad-
versary might try to increase the ambient temperature of the ME-
AFMRAM in an aempt to alter the stored data. e Ne´el tempera-
ture of pure chromia is 308 K [40], above which the AFM ordering is
destroyed. Hence, the aacker may corrupt the memory by heating
it above the Ne´el temperature. To counter this, we use Boron-doped
chromia, whose Ne´el temperature is experimentally demonstrated
to be ∼ 400 K [41]. Hence, Boron-doped chromia can increase the
resilience of SMART memory against temperature uctuations.
(a) (b)
Figure 5: Application of magnetic eld on AFM is unable to switch
the order parameter, even on increasing the eld magnitude. Inset:
(a) an external homogeneousmagnetic eld cants the sublatticemo-
ments, but is insucient to rotate theAFMorder, (b) staggeredelds
on the sublattice moments produce staggered tangential torques,
which can reorient the AFM order.
4.3 Data condentiality attacks
As with all NVMs, data persistence in the SMART memory can be
used by aackers to steal sensitive information. e most eective
countermeasure against such data condentiality aacks, including
1Switching the ME-AFM surface magnetization state using a combination of E and
H elds would require exact knowledge of the write cycles and the prior state of the
surface, as well as a means to control the electric eld explicitly, which is concealed
from the aacker.
cold-boot and stolen DIMM aacks, is to encrypt the data in a secure
encryption block, before storing it in the memory. Advanced mem-
ory encryption techniques like counter mode encryption (CME)
use block ciphers, such as Advanced Encryption Standard (AES), to
encrypt a seed with a secret key, in order to generate a one-time
pad (OTP). e seed for each write on a memory line consists of
a secret key, the line address and a counter value associated with
that line, which is incremented with each subsequent write to the
same address. Hence, the generated OTP is unique for each line
address, and also for each write to the same address. e OTP is
then XORed with the plaintext to obtain the ciphertext, which is
stored in the non-volatile main memory (NVMM).
Directly applying XOR-based CME scheme to the SMART mem-
ory would result in large memory access overheads. is is because
the CME scheme is tailored for NVMs like PCM and STT-MRAM,
whose access time is on the order of ∼ns. However, the SMART
memory is signicantly faster with a read latency of ∼ 10 − 20 ps
(see Sec. 3). Using CMOS XOR gates (with delays ∼ few 10’s of
ps) for encryption/decryption would result in a decryption time
comparable to the memory access time, which will waste memory
cycles and negatively impact the overall memory access latency.
Here, we will use in-memory encryption, or Memcryption, using
bitwise CNOT gates constructed with ME-AFM-based logic devices.
By tying the bits of an OTP or encryption pulse to the control bit
of a CNOT gate, one can achieve controlled inversion of bits in the
plaintext, depending on the encryption pulse. Spin devices like the
ME-AFM transistor [42] are able to implement polymorphic logic
gates, which can achieve inverting or non-inverting functionality
based on a control signal [43]. Hence, the ME-AFM transistor can
directly realize the CNOT gate. Further, the ME-AFM transistor is
shown to have delays as small as ∼ 10 ps, which is substantially
faster than CMOS XORs and compatible with the SMART memory
access times. e homogeneity in the technology and materials
(ME-AFM) for the memory cells and CNOT gates will ensure ease of
fabrication. In Memcryption, we embed ME-AFM transistor-based
CNOT gates directly in the data path routed to the memory array;
hence, the encryption is in-memory as opposed to prior works using
a separate secure encryption block. is integration of encryption
gates and memory array is not detrimental to the memory density
since the ME-AFM transistors have a footprint that is ∼ 20× smaller
than that of CMOS XORs (45 nm). Fig. 6 contrasts our Memcryption
scheme with prior CME techniques.
AES coreKey
Address
Counter
OTP
+Plaintext / Ciphertext Ciphertext / 
Plaintext
NVMM / L2 cache
(a)
PRNGKey
(seed)
Address
Encryption 
pulse
Plaintext
Ciphertext
bitwise 
CNOT
Memory array
N
VM
M
(b)
Figure 6: (a) CMEusesAES core to generate anOTP, using themem-
ory line address, a counter and a secret key. e encryption/ decryp-
tion is performed outside the NVMM. (b) Memcryption uses a secret
key and the line address as seed for a PRNG, to generate an encryp-
tion pulse. e encryption pulse is used to control the operation of
bitwise CNOT gates embedded in the data path within the NVMM.
Encryption technique Decryption Latency Energy-per-bit
CME [44] 8 cycles 6×
Memcryption 1 cycle 2×
Table 2: Comparison of decryption latency and overheads incurred
in energy-per-bit, when securing the SMART memory with Mem-
cryption vs. CME. Memcryption is better optimized for the SMART
memory than CME, which utilizes CMOS XORs.
PRNG
Address bus Data bus key + address
seed
enc. pulse
Controller
control bits
ME-AFMRAM array
B0 Bn
B0 - Bn 
Decoder
WE
RE
CNOT encryption layer
Processor
L1 cache
L2 cache
Memcryption 
control unit
key
SPM
SMART NVMM
cell
Figure 7: SMART memory architecture with Memcryption.
e architecture of the SMART memory with Memcryption is
shown in Fig. 7. A trusted key from a secure processing module
(SPM) is concatenated with the memory address and used a seed for
a pseudorandom number generator (PRNG). e PRNG produces
an encryption pulse, whose bits are used as the control bits of the
CNOT gates in the in-memory encryption layer. Depending on the
control bits, the encryption layer selectively ips certain bits in the
plaintext, before performing a memory write. During decryption,
the same encryption pulse is generated again, and used to perform
bitwise CNOT operations on the ciphertext (read from memory), to
obtain the plaintext.2A comparison of the latency and energy-per-
bit overheads incurred, when SMART memory is encrypted with
Memcryption and CME, is presented in Table 2.3
4.4 Power side channel attacks
Asymmetric read/write characteristics in NVMs like STT-MRAM
make them susceptible to side channel aacks, which exploit the
dierent signatures involved with reading/writing ‘1’s and ‘0’s. STT-
MRAMs employ MTJs with a xed FM reference layer, whereas the
free layer could be oriented parallel or anti-parallel to the reference
layer. Depending on the relative orientation of these two layers
(parallel/anti-parallel), the MTJ is in a low/high resistance state. e
low (high) resistance state corresponds to logic ‘0’ (logic ‘1’). Hence,
the read/write currents drawn from the source are dierent while
reading/writing a ‘0’ or a ‘1’. An aacker could aach a resistor
in a voltage-divider conguration with the MTJ cell, monitor the
voltage drops across the resistor, and perform DPA to recover the
data being wrien to or read o the cell. Such an advanced aack
was showcased against an STT-MRAM-based cache in [45].
2e CNOT layer for decryption is not shown in Fig. 7 for simplicity.
3e focus of this work is to highlight the ME-AFMRAM as a candidate to implement
a secure storage system, by covering all possible threats to memory security. Detailed
analysis and evaluation of the Memcryption scheme is reserved for future work.
For the SMART memory, writing is achieved with electric elds,
not currents. Further, the electric eld magnitude required for writ-
ing ‘0’s and ‘1’s is equivalent (see write voltage and polarization
voltage traces in Fig. 3). is is because there is no reference layer
or tunneling magnetoresistance in ME-AFMRAM, which can cause
asymmetricity. As for the read operation, the proximity eect-
induced moment in the Pt electrode is slightly dierent for reading
‘0’ or ‘1’. However, this imbalance in the Hall signals can be compen-
sated by introducing appropriate osets in the Hall measurements
as demonstrated in [22]. Hence, the SMART memory can achieve
symmetric reads/writes for both ‘0→1’ and ‘1→0’ transitions, thus
thwarting any possibility of DPA-based side channel aacks.
4.5 Photonic side channel and backside attacks
Leveraging photonic side channel (PSC) to circumvent the security
guarantees provided by cryptographic algorithms like AES and
RSA has been discussed very recently. Simple Photonic Emission
Analysis (SPEA) or Dierential Photonic Emission Analysis (DPEA)
can be carried out using equipment available for the same price as
that of the power analysis equipment. In the case of PSC, photo-
emissions emanating from switching transistors (observed from
IC’s backside) in SRAM- or DRAM-based memories can be corre-
lated with the data being programmed into the memory. In [33], this
unique side channel was found to originate when kinetic energy
gained by charge carriers in the transistor channel is transferred
to photons, which are visible through photo-detectors. In [34],
authors leveraged this information to perform side-channel analy-
sis, ultimately recovering the full AES key. Modern-day chips use
several metal layers, which interfere with the emission of photons
from IC’s frontside; therefore, a natural direction is to observe the
photon emission from IC’s backside. While CMOS-based memory
technologies like SRAM and DRAM are prone to such backside PSC
aacks, the SMART memory is AFM-based and involves no pho-
tonic emissions from transistor channels. Data read-out in SMART
memory can only be accomplished through the AH measurement
setup. Further, even if an advanced aacker is able to isolate the
SMART memory cell and gain illicit access to the AH setup from
the frontside, they would only recover the encrypted ciphertext (as
described in Sec.4.3).
5 CONCLUSION
In this paper, we present SMART: a Secure Magnetoelectric Antiferro-
magnet-Based Tamper-Proof non-volatile memory, by utilizing the
unique properties of ME-AFMs. e ME-AFMRAM, which is at the
core of SMART memory, combines the benets of energy-ecient
ME switching with the terahertz-range dynamics of AFMs, to im-
plement an ∼aJ energy-per-bit NVM with ∼ps read/write latencies.
Besides its superior performance as compared to prior NVMs like
STT-MRAM and PCM, the SMART memory exhibits no sensitivity
to external magnetic elds, which makes it resilient to magnetic-
eld based data tampering and denial of memory service aacks
that commonly plague other ferromagnet-based NVMs. To solve
the security vulnerability of data persistence (aer power-down) in
the SMART memory, we demonstrate a new encryption technique
called Memcryption. Memcryption employs emerging ME-AFM
logic devices to implement a CNOT-based in-memory encryption,
which is particularly tailored to reduce decryption latencies in the
SMART memory, given its ultra-fast access time. Further, sym-
metrical reads/writes of ‘0’s and ‘1’s renders side channel aacks
like DPA futile against the SMART memory. Advanced photonic
side channel aacks, which penetrate the memory chip from the
backside are ineective against the SMART memory due to the
placement of the AH read-out setup, as well as the inherent Mem-
cryption safeguard.
ACKNOWLEDGMENTS
is work was supported in part by the Semiconductor Research
Corporation (SRC) and the National Science Foundation (NSF)
through ECCS 1740136. e authors also acknowledge funding sup-
port from the NSF MRSEC Program, Award Number DMR-1420073.
REFERENCES
[1] S.-K. Park, “Technology scaling challenge and future prospects of DRAM and
NAND ash memory,” in Memory Workshop (IMW), 2015 IEEE International.
IEEE, 2015, pp. 1–4.
[2] H. Wang, K. Zhao, M. Lv, X. Zhang, H. Sun, and T. Zhang, “Improving 3D DRAM
fault tolerance through weak cell aware error correction,” IEEE Trans. Comput.,
vol. 66, no. 5, pp. 820–833, 2017.
[3] Y. Kim, “Architectural techniques to enhance DRAM scaling,” Ph.D. dissertation,
PhD thesis, Carnegie Mellon University, 2015.
[4] R. Bez and A. Pirovano, “Non-volatile memory technologies: emerging concepts
and new materials,” Materials Science in Semiconductor Processing, vol. 7, no. 4-6,
pp. 349–355, 2004.
[5] E. Wyrwas, “Proton irradiation of the 16GB Intel Optane SSD,” 2017.
[6] “16Mb 256K x 16 MRAM Memory - Everspin,” hps://www.everspin.com/le/
882/download, accessed: 2018-11-20.
[7] P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp et al., “Spectre
aacks: Exploiting speculative execution,” arXiv preprint arXiv:1801.01203, 2018.
[8] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, S. Mangard et al., “Meltdown,”
arXiv preprint arXiv:1801.01207, 2018.
[9] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino
et al., “Lest we remember: cold-boot aacks on encryption keys,” Communications
of the ACM, vol. 52, no. 5, pp. 91–98, 2009.
[10] V. Young, P. J. Nair, and M. K. reshi, “DEUCE: Write-ecient encryption for
non-volatile memories,” ACM SIGARCH Computer Architecture News, vol. 43,
no. 1, pp. 33–44, 2015.
[11] J.-W. Jang, J. Park, S. Ghosh, and S. Bhunia, “Self-correcting STTRAM under
magnetic eld aacks,” in DAC. ACM, 2015, p. 77.
[12] G. Rado and V. Folen, “Observation of the magnetically induced magnetoelectric
eect and evidence for antiferromagnetic domains,” Phys. Rev. Le., vol. 7, no. 8,
p. 310.
[13] S. Chhabra and Y. Solihin, “i-NVMM: a secure non-volatile main memory system
with incremental encryption,” in Computer Architecture (ISCA), 2011 38th Annual
International Symposium on. IEEE, 2011, pp. 177–188.
[14] S. Kannan, N. Karimi, and O. Sinanoglu, “Secure memristor-based main memory,”
in DAC. ACM, 2014, pp. 1–6.
[15] A. K. Mandal, C. Parakash, and A. Tiwari, “Performance evaluation of crypto-
graphic algorithms: DES and AES,” in Electrical, Electronics and Computer Science
(SCEECS), 2012 IEEE Students’ Conference on. IEEE, 2012, pp. 1–5.
[16] S. Swami, J. Rakshit, and K. Mohanram, “SECRET: Smartly encrypted energy
ecient non-volatile memories,” in DAC. IEEE, 2016, pp. 1–6.
[17] S. Swami and K. Mohanram, “ACME: Advanced counter mode encryption for
secure non-volatile memories,” in DAC. IEEE, 2018, pp. 1–6.
[18] A. Agyei and J. L. Birman, “On the linear magnetoelectric eect,” Journal of
Physics: Condensed Maer, vol. 2, no. 13, p. 3007, 1990.
[19] W. Echtenkamp and C. Binek, “Electric control of exchange bias training,” Phys.
Rev. Le., vol. 111, no. 18, p. 187204, 2013.
[20] N. Wu, X. He, A. L. Wysocki, U. Lanke, T. Komesu, K. D. Belashchenko et al.,
“Imaging and control of surface magnetization domains in a magnetoelectric
antiferromagnet,” Phys. Rev. Le., vol. 106, no. 8, p. 087202, 2011.
[21] X. He, Y. Wang, N. Wu, A. N. Caruso, E. Vescovo, K. D. Belashchenko et al.,
“Robust isothermal electric control of exchange bias at room temperature,” Nature
materials, vol. 9, no. 7, p. 579, 2010.
[22] T. Kosub, M. Kopte, R. Hu¨hne, P. Appel, B. Shields, P. Maletinsky et al., “Purely
antiferromagnetic magnetoelectric random access memory,” Nature communica-
tions, vol. 8, p. 13985, 2017.
[23] T. Kosub, M. Kopte, F. Radu, O. G. Schmidt, and D. Makarov, “All-electric access
to the magnetic-eld-invariant magnetization of antiferromagnets,” Phys. Rev.
Le., vol. 115, no. 9, p. 097201, 2015.
[24] F. Radu and H. Zabel, “Exchange bias eect of ferro-/antiferromagnetic het-
erostructures,” in Magnetic heterostructures. Springer, 2008, pp. 97–184.
[25] A. Iyama and T. Kimura, “Magnetoelectric hysteresis loops in Cr2O3 at room
temperature,” Phys. Rev. B, vol. 87, no. 18, p. 180408, 2013.
[26] S. Sivasubramanian, A. Widom, and Y. Srivastava, “Equivalent circuit and simu-
lations for the Landau-Khalatnikov model of ferroelectric hysteresis,” IEEE Trans.
Ultrason., Ferroelectr., Freq. Control, vol. 50, no. 8, pp. 950–957, 2003.
[27] V. Fridkin, M. Kuehn, and H. Kliem, “e Weiss model and the Landau–
Khalatnikov model for the switching of ferroelectrics,” Physica B: Condensed
Maer, vol. 407, no. 12, pp. 2211–2214, 2012.
[28] S. Meyer, R. Schlitz, S. Gepra¨gs, M. Opel, H. Huebl, R. Gross et al., “Anomalous
hall eect in YIG—Pt bilayers,” Appl. Phys. Le., vol. 106, no. 13, p. 132402, 2015.
[29] H. Kliem and M. Kuehn, “Modeling the switching kinetics in ferroelectrics,” J.
Appl. Phys., vol. 110, no. 11, p. 114106, 2011.
[30] D. Halley, N. Najjari, H. Majjad, L. Joly, P. Ohresser, F. Scheurer et al., “Size-
induced enhanced magnetoelectric eect and multiferroicity in chromium oxide
nanoclusters,” Nature communications, vol. 5, p. 3167, 2014.
[31] J. J. Yang, D. B. Strukov, and D. R. Stewart, “Memristive devices for computing,”
Nature nanotechnology, vol. 8, no. 1, p. 13, 2013.
[32] A. D. Kent and D. C. Worledge, “A new spin on magnetic memories,” Nature
nanotechnology, vol. 10, no. 3, p. 187, 2015.
[33] J. Ferrigno and M. Hlava´c, “When AES blinks: introducing optical side channel,”
IET Information Security, vol. 2, no. 3, pp. 94–98, 2008.
[34] A. Schlo¨sser, D. Nedospasov, J. Kra¨mer, S. Orlic, and J.-P. Seifert, “Simple photonic
emission analysis of AES,” Journal of Cryptographic Engineering, vol. 1, no. 3, pp.
3–15, 2013.
[35] S. Tajik, H. Lohrke, J.-P. Seifert, and C. Boit, “On the power of optical contactless
probing: Aacking bitstream encryption of FPGAs,” in Proceedings of the 2017
ACM SIGSAC Conference on Computer and Communications Security. ACM,
2017, pp. 1661–1674.
[36] P. Kocher, J. Jae, and B. Jun, “Dierential power analysis,” inAnnual International
Cryptology Conference. Springer, 1999, pp. 388–397.
[37] E. Brier, C. Clavier, and F. Olivier, “Correlation power analysis with a leak-
age model,” in International workshop on cryptographic hardware and embedded
systems. Springer, 2004, pp. 16–29.
[38] S. Ament, N. Rangarajan, A. Parthasarathy, and S. Rakheja, “Solving the stochastic
Landau-Lifshitz-Gilbert-Slonczewski equation for monodomain nanomagnets:
A survey and analysis of numerical techniques,” arXiv preprint arXiv:1607.04596,
2016.
[39] V. Baltz, A. Manchon, M. Tsoi, T. Moriyama, T. Ono, and Y. Tserkovnyak, “Anti-
ferromagnetic spintronics,” Rev. Mod. Phys., vol. 90, no. 1, p. 015005, 2018.
[40] S. Shi, A. L. Wysocki, and K. D. Belashchenko, “Magnetism of chromia from
rst-principles calculations,” Phys. Rev. B, vol. 79, no. 10, p. 104404, 2009.
[41] M. Street, W. Echtenkamp, T. Komesu, S. Cao, P. A. Dowben, and C. Binek, “In-
creasing the ne´el temperature of magnetoelectric chromia for voltage-controlled
spintronics,” Appl. Phys. Le., vol. 104, no. 22, p. 222402, 2014.
[42] P. A. Dowben, C. Binek, K. Zhang, L. Wang, W.-N. Mei, J. P. Bird et al., “To-
wards a strong spin-orbit coupling magneto-electric transistor,” IEEE Journal on
Exploratory Solid-State Computational Devices and Circuits, 2018.
[43] S. Patnaik, N. Rangarajan, J. Knechtel, O. Sinanoglu, and S. Rakheja, “Advancing
hardware security using polymorphic and stochastic spin-hall eect devices,” in
DATE, 2018. IEEE, 2018, pp. 97–102.
[44] S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic, “Making secure proces-
sors OS-and performance-friendly,” ACM Transactions on Architecture and Code
Optimization, vol. 5, no. 4, p. 16, 2009.
[45] M. N. I. Khan, S. Bhasin, A. Yuan, A. Chaopadhyay, and S. Ghosh, “Side-channel
aack on STTRAM based cache for cryptographic application,” in 2017 IEEE 35th
International Conference on Computer Design. IEEE, 2017, pp. 33–40.
