Hardware Security Implications of Reliability, Remanence and Recovery in Embedded Memory

Secure semiconductor devices usually destroy key material on tamper detection. However, data remanence effect in SRAM and Flash/EEPROM makes secure erasure process more challenging. On the other hand, data integrity of the embedded memory is essential to mitigate fault attacks and Trojan malware. Data retention issues could influence the reliability of embedded systems. Some examples of such issues in industrial and automotive applications are presented. When it comes to the security of semiconductor devices, both data remanence and data retention issues could lead to possible data recovery by an attacker. This paper introduces a new power glitching technique that reduces the data remanence time in embedded SRAM from seconds to microseconds at almost no cost. This would definitely help in designing systems with better secret key guarding. Data remanence in non-volatile memory could be influenced in the same way. The effect of data remanence and data retention on hardware security is discussed and possible countermeasures are suggested. This should raise awareness among the designers of secure embedded systems

Flash-based security primitives: Evolution, challenges and future directions

Over the last two decades, hardware security has gained increasing attention in academia and industry. Flash memory has been given a spotlight in recent years, with the question of whether or not it can prove useful in a security role. Because of inherent process variation in the characteristics of flash memory modules, they can provide a unique fingerprint for a device and have thus been proposed as locations for hardware security primitives. These primitives include physical unclonable functions (PUFs), true random number generators (TRNGs), and integrated circuit (IC) counterfeit detection. In this paper, we evaluate the efficacy of flash memory-based security primitives and categorize them based on the process variations they exploit, as well as other features. We also compare and evaluate flash-based security primitives in order to identify drawbacks and essential design considerations. Finally, we describe new directions, challenges of research, and possible security vulnerabilities for flash-based security primitives that we believe would benefit from further exploration

Exploiting Inter- and Intra-Memory Asymmetries for Data Mapping in Hybrid Tiered-Memories

Modern computing systems are embracing hybrid memory comprising of DRAM and non-volatile memory (NVM) to combine the best properties of both memory technologies, achieving low latency, high reliability, and high density. A prominent characteristic of DRAM-NVM hybrid memory is that it has NVM access latency much higher than DRAM access latency. We call this inter-memory asymmetry. We observe that parasitic components on a long bitline are a major source of high latency in both DRAM and NVM, and a significant factor contributing to high-voltage operations in NVM, which impact their reliability. We propose an architectural change, where each long bitline in DRAM and NVM is split into two segments by an isolation transistor. One segment can be accessed with lower latency and operating voltage than the other. By introducing tiers, we enable non-uniform accesses within each memory type (which we call intra-memory asymmetry), leading to performance and reliability trade-offs in DRAM-NVM hybrid memory. We extend existing NVM-DRAM OS in three ways. First, we exploit both inter- and intra-memory asymmetries to allocate and migrate memory pages between the tiers in DRAM and NVM. Second, we improve the OS's page allocation decisions by predicting the access intensity of a newly-referenced memory page in a program and placing it to a matching tier during its initial allocation. This minimizes page migrations during program execution, lowering the performance overhead. Third, we propose a solution to migrate pages between the tiers of the same memory without transferring data over the memory channel, minimizing channel occupancy and improving performance. Our overall approach, which we call MNEME, to enable and exploit asymmetries in DRAM-NVM hybrid tiered memory improves both performance and reliability for both single-core and multi-programmed workloads.Comment: 15 pages, 29 figures, accepted at ACM SIGPLAN International Symposium on Memory Managemen

Improved constructions of permutation and multi-permutation codes correcting a burst of stable deletions

Permutation codes and multi-permutation codes have been widely considered due to their various applications, especially in flash memory. In this paper, we consider permutation codes and multi-permutation codes against a burst of stable deletions. In particular, we propose a construction of permutation codes correcting a burst stable deletion of length $s$, with redundancy $\log n+ 2\log \log n+O(1)$. Compared to the previous known results, our improvement relies on a different strategy to retrieve the missing symbol on the first row of the array representation of a permutation. We also generalize our constructions for multi-permutations and the variable length burst model. Furthermore, we propose a linear-time encoder with optimal redundancy for single stable deletion correcting permutation codes.Comment: Accepted for publication in IEEE Trans. Inf. Theor

Evidencia digital orientada a unidades de estado sólido (SSD): una revisión

Nowadays, the massive electronic usage and it's dependance. (Phones, tablets, computers, laptops, among others) it has taken to people in some way the necessity to stay connected permanently on this technology tools; in sinister terms make them really useful such as evidentiary da data. In the academy literature absence, this article checks main topics clarifying from computer forensics concepts to digital evidence, recollections and digital evidence in Argentina, Chile, Colombia and Mexico. During the last decade we use IEEE data base information and organization such as International Telecommunications Union (UIT), the attorney general's office, the Ministry of information and communications (MINTIC) and specializing web sites. Making an interpretative with Cybersecurity resources and their main focus on SSD and the physical information recovery and logically in this type of controlling materials.El uso masivo de dispositivos electrónicos (celulares, tabletas, computadoras, laptops, entre otros) y su dependencia, han llevado a las personas a crear una necesidad de estar conectados permanentemente con estas herramientas tecnológicas; situación que en el caso de siniestros las hace útiles como material probatorio. Ante la ausencia de literatura académica, este artículo realiza una revisión sobre informática forense, recolección y manejo de evidencia digital en: Argentina, Chile Colombia y México, durante la última década. Para el efecto se usan fuentes emanadas de las bases: IEEE, y organizaciones como la Unión Internacional de telecomunicaciones (UIT), la Fiscalía General de la Nación, el Ministerio de Tecnologías de la Información y Comunicaciones (MINTIC), y páginas web especializadas. Se realiza un estudio interpretativo de las fuentes relacionadas con ciberseguridad y su orientación hacia las UES y la recuperación de información física y lógica en este tipo de elementos de control.&nbsp

High-Speed Data Shredding using Python

In recent years, backup and restore is a common topic in data storage. However, theres hardly anybody mention about safe data deletion. Common data destruction methodology requires the wipe operation to fill the disk with zeros, then with random data, and then with zeros again. Three passes are normally sufficient for ordinary home users. On the down side, such algorithms will take many hours to delete a 2TB hard disk. Although current Linux utility tools gives most users more than enough security and data protections, we had developed a cross-platform standalone application that could expunge all confidential data stored in flash drive or hard disk. The data shredding software is written in Python, and it could overwrite existing data using user-defined wipe algorithm. This software project also explores the technical approaches to digital data destruction using various methodologies defined in different standards, which includes a selection of military-grade procedures proposed by information security specialists. The application operates with no limitations to the capacity of the storage media connected to the computer system, it can rapidly and securely erase any magnetic mediums, optical disks or solid-state memories found in the computer or embedded system. Not only does the software comply with the IEEE T10/T13 specifications, it also binds to the number of connectivity limited by the SAS/SATA buses

Towards Endurable, Reliable and Secure Flash Memories-a Coding Theory Application

Storage systems are experiencing a historical paradigm shift from hard disk to nonvolatile memories due to its advantages such as higher density, smaller size and non-volatility. On the other hand, Solid Storage Disk (SSD) also poses critical challenges to application and system designers. The first challenge is called endurance. Endurance means flash memory can only experience a limited number of program/erase cycles, and after that the cell quality degradation can no longer be accommodated by the memory system fault tolerance capacity. The second challenge is called reliability, which means flash cells are sensitive to various noise and disturbs, i.e., data may change unintentionally after experiencing noise/disturbs. The third challenge is called security, which means it is impossible or costly to delete files from flash memory securely without leaking information to possible eavesdroppers. In this dissertation, we first study noise modeling and capacity analysis for NAND flash memories (which is the most popular flash memory in market), which gains us some insight on how flash memories are working and their unique noise. Second, based on the characteristics of content-replication codewords in flash memories, we propose a joint decoder to enhance the flash memory reliability. Third, we explore data representation schemes in flash memories and optimal rewriting code constructions in order to solve the endurance problem. Fourth, in order to make our rewriting code more practical, we study noisy write-efficient memories and Write-Once Memory (WOM) codes against inter-cell interference in NAND memories. Finally, motivated by the secure deletion problem in flash memories, we study coding schemes to solve both the endurance and the security issues in flash memories. This work presents a series of information theory and coding theory research studies on the aforesaid three critical issues, and shows that how coding theory can be utilized to address these challenges

Dynamic Binary Translation for Embedded Systems with Scratchpad Memory

Embedded software development has recently changed with advances in computing. Rather than fully co-designing software and hardware to perform a relatively simple task, nowadays embedded and mobile devices are designed as a platform where multiple applications can be run, new applications can be added, and existing applications can be updated. In this scenario, traditional constraints in embedded systems design (i.e., performance, memory and energy consumption and real-time guarantees) are more difficult to address. New concerns (e.g., security) have become important and increase software complexity as well. In general-purpose systems, Dynamic Binary Translation (DBT) has been used to address these issues with services such as Just-In-Time (JIT) compilation, dynamic optimization, virtualization, power management and code security. In embedded systems, however, DBT is not usually employed due to performance, memory and power overhead. This dissertation presents StrataX, a low-overhead DBT framework for embedded systems. StrataX addresses the challenges faced by DBT in embedded systems using novel techniques. To reduce DBT overhead, StrataX loads code from NAND-Flash storage and translates it into a Scratchpad Memory (SPM), a software-managed on-chip SRAM with limited capacity. SPM has similar access latency as a hardware cache, but consumes less power and chip area. StrataX manages SPM as a software instruction cache, and employs victim compression and pinning to reduce retranslation cost and capture frequently executed code in the SPM. To prevent performance loss due to excessive code expansion, StrataX minimizes the amount of code inserted by DBT to maintain control of program execution. When a hardware instruction cache is available, StrataX dynamically partitions translated code among the SPM and main memory. With these techniques, StrataX has low performance overhead relative to native execution for MiBench programs. Further, it simplifies embedded software and hardware design by operating transparently to applications without any special hardware support. StrataX achieves sufficiently low overhead to make it feasible to use DBT in embedded systems to address important design goals and requirements