Cache-Out: Leaking Cache Memory Using Hardware Trojan

Mohammad Nasim Imtaiz Khan, Asmit De, Swaroop Ghosh

Research output: Contribution to journalArticle

Abstract

Data leakage is an important security concern in current systems. Existing data leakage prevention techniques assume that the underlying hardware platform is secure and free from tampering. In this work, we present Cache-Out, a class of system attacks involving hardware compromised with a Trojan embedded in the CPU. We assume that a memory Trojan trigger is present in L1 d-cache and gets activated if one particular address of L1 d-cache is hammered with a particular data pattern for a certain number of times. Once the Trojan is triggered, accessing another address delivers payloads, such as, read disturb, write disturb, retention failure, and information leakage. We mainly exploit the advanced circuit features employed in the peripherals of nanometer cache memories, such as wordline underdrive (WLUD) (prevents read disturb) and negative bitline (NBL) (assists write) for static RAM (SRAM) to deliver the payloads. Simulation indicates that WLUD and NBL manipulation can inject read and write failures, respectively. We also show that WLUD activation during write operation can inject write failure. Furthermore, NBL along with column multiplexing can also be leveraged to steal data. We validated Cache-Out using GEM5 architectural simulator. We propose L1 address obfuscation, read/write verification, scrambling error correcting code (ECC) bits, and trusted ECC as countermeasures. Results indicate that read/write verification incurs $7.56~\mu \text{m}~^{\mathrm{ 2}}$ of area and .1~\mu \text{W}/91.3~\mu \text{W}$ of static/dynamic power in 22-nm technology for a 64-bit word size.

Original languageEnglish (US)
Article number9061138
Pages (from-to)1461-1470
Number of pages10
JournalIEEE Transactions on Very Large Scale Integration (VLSI) Systems
Volume28
Issue number6
DOIs
StatePublished - Jun 2020

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Cache-Out: Leaking Cache Memory Using Hardware Trojan'. Together they form a unique fingerprint.

  • Cite this