Showing 1–9 of 9 results for author: Khan, M N I

Analysis of Power-Oriented Fault Injection Attacks on Spiking Neural Networks

Authors: Karthikeyan Nagarajan, Junde Li, Sina Sayyah Ensan, Mohammad Nasim Imtiaz Khan, Sachhidh Kannan, Swaroop Ghosh

Abstract: Spiking Neural Networks (SNN) are quickly gaining traction as a viable alternative to Deep Neural Networks (DNN). In comparison to DNNs, SNNs are more computationally powerful and provide superior energy efficiency. SNNs, while exciting at first appearance, contain security-sensitive assets (e.g., neuron threshold voltage) and vulnerabilities (e.g., sensitivity of classification accuracy to neuron… ▽ More Spiking Neural Networks (SNN) are quickly gaining traction as a viable alternative to Deep Neural Networks (DNN). In comparison to DNNs, SNNs are more computationally powerful and provide superior energy efficiency. SNNs, while exciting at first appearance, contain security-sensitive assets (e.g., neuron threshold voltage) and vulnerabilities (e.g., sensitivity of classification accuracy to neuron threshold voltage change) that adversaries can exploit. We investigate global fault injection attacks by employing external power supplies and laser-induced local power glitches to corrupt crucial training parameters such as spike amplitude and neuron's membrane threshold potential on SNNs developed using common analog neurons. We also evaluate the impact of power-based attacks on individual SNN layers for 0% (i.e., no attack) to 100% (i.e., whole layer under attack). We investigate the impact of the attacks on digit classification tasks and find that in the worst-case scenario, classification accuracy is reduced by 85.65%. We also propose defenses e.g., a robust current driver design that is immune to power-oriented attacks, improved circuit sizing of neuron components to reduce/recover the adversarial accuracy degradation at the cost of negligible area and 25% power overhead. We also present a dummy neuron-based voltage fault injection detection system with 1% power and area overhead. △ Less

Submitted 10 April, 2022; originally announced April 2022.

Comments: Design, Automation and Test in Europe Conference (DATE) 2022

Comprehensive Study of Security and Privacy of Emerging Non-Volatile Memories

Authors: Mohammad Nasim Imtiaz Khan, Swaroop Ghosh

Abstract: At the end of Silicon roadmap, keeping the leakage power in tolerable limit and bridging the bandwidth gap between processor and memory have become some of the biggest challenges. Several promising Non-Volatile Memories (NVMs) such as, Spin-Transfer Torque RAM (STTRAM), Magnetic RAM (MRAM), Phase Change Memory (PCM), Resistive RAM (RRAM) and Ferroelectric RAM (FeRAM) are being investigated to addr… ▽ More At the end of Silicon roadmap, keeping the leakage power in tolerable limit and bridging the bandwidth gap between processor and memory have become some of the biggest challenges. Several promising Non-Volatile Memories (NVMs) such as, Spin-Transfer Torque RAM (STTRAM), Magnetic RAM (MRAM), Phase Change Memory (PCM), Resistive RAM (RRAM) and Ferroelectric RAM (FeRAM) are being investigated to address the above issues since they offer high density and consumes zero leakage power. On one hand, the desirable properties of emerging NVMs make them suitable candidates for several applications including replacement of conventional memories. On the other hand, their unique characteristics such as, high and asymmetric read/write current and persistence bring new threats to data security and privacy. Some of these memories are already deployed in full systems and as discrete chips and are believed to become ubiquitous in future computing devices. Therefore, it is of utmost important to investigate their security and privacy issues. Note that these NVMs can be considered for cache, main memory or storage application. They are also suitable to implement in-memory computation which increases system throughput and eliminates Von-Neumann Bottleneck. Compute-capable NVMs impose new security and privacy challenges that are fundamentally different than their storage counterpart. This work identifies NVM vulnerabilities, attack vectors originating from device level all the way to circuits and systems considering both storage and compute applications. We also summarize the circuit/system level countermeasures to make the NVMs robust against security and privacy issues. △ Less

Submitted 13 May, 2021; originally announced May 2021.

SCARE: Side Channel Attack on In-Memory Computing for Reverse Engineering

Authors: Sina Sayyah Ensan, Karthikeyan Nagarajan, Mohammad Nasim Imtia Khan, Swaroop Ghosh

Abstract: In-memory computing architectures provide a much needed solution to energy-efficiency barriers posed by Von-Neumann computing due to the movement of data between the processor and the memory. Functions implemented in such in-memory architectures are often proprietary and constitute confidential Intellectual Property. Our studies indicate that IMCs implemented using RRAM are susceptible to Side Cha… ▽ More In-memory computing architectures provide a much needed solution to energy-efficiency barriers posed by Von-Neumann computing due to the movement of data between the processor and the memory. Functions implemented in such in-memory architectures are often proprietary and constitute confidential Intellectual Property. Our studies indicate that IMCs implemented using RRAM are susceptible to Side Channel Attack. Unlike conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCARE can reveal the sensitive IP implemented within the memory. Therefore, the adversary does not need to perform invasive Reverse Engineering to unlock the functionality. We demonstrate SCARE by taking recent IMC architectures such as DCIM and MAGIC as test cases. Simulation results indicate that AND, OR, and NOR gates (building blocks of complex functions) yield distinct power and timing signatures based on the number of inputs making them vulnerable to SCA. Although process variations can obfuscate the signatures due to significant overlap, we show that the adversary can use statistical modeling and analysis to identify the structure of the implemented function. SCARE can find the implemented IP by testing a limited number of patterns. For example, the proposed technique reduces the number of patterns by 64% compared to a brute force attack for a+bc function. Additionally, analysis shows improvement in SCAREs detection model due to adversarial change in supply voltage for both DCIM and MAGIC. We also propose countermeasures such as redundant inputs and expansion of literals. Redundant inputs can mask the IP with 25% area and 20% power overhead. However, functions can be found by greater RE effort. Expansion of literals incurs 36% power overhead. However, it imposes brute force search by the adversary for which the RE effort increases by 3.04X. △ Less

Submitted 23 June, 2020; originally announced June 2020.

TrappeD: DRAM Trojan Designs for Information Leakage and Fault Injection Attacks

Authors: Karthikeyan Nagarajan, Asmit De, Mohammad Nasim Imtiaz Khan, Swaroop Ghosh

Abstract: In this paper, we investigate the advanced circuit features such as wordline- (WL) underdrive (prevents retention failure) and overdrive (assists write) employed in the peripherals of Dynamic RAM (DRAM) memories from a security perspective. In an ideal environment, these features ensure fast and reliable read and write operations. However, an adversary can re-purpose them by inserting Trojans to d… ▽ More In this paper, we investigate the advanced circuit features such as wordline- (WL) underdrive (prevents retention failure) and overdrive (assists write) employed in the peripherals of Dynamic RAM (DRAM) memories from a security perspective. In an ideal environment, these features ensure fast and reliable read and write operations. However, an adversary can re-purpose them by inserting Trojans to deliver malicious payloads such as fault injections, Denial-of-Service (DoS), and information leakage attacks when activated by the adversary. Simulation results indicate that wordline voltage can be increased to cause retention failure and thereby launch a DoS attack in DRAM memory. Furthermore, two wordlines or bitlines can be shorted to leak information or inject faults by exploiting the DRAM's refresh operation. We demonstrate an information leakage system exploit by implementing TrappeD on RocketChip SoC. △ Less

Submitted 3 January, 2020; originally announced January 2020.

RF-Trojan: Leaking Kernel Data Using Register File Trojan

Authors: Mohammad Nasim Imtiaz Khan, Asmit De, Swaroop Ghosh

Abstract: Register Files (RFs) are the most frequently accessed memories in a microprocessor for fast and efficient computation and control logic. Segment registers and control registers are especially critical for maintaining the CPU mode of execution that determinesthe access privileges. In this work, we explore the vulnerabilities in RF and propose a class of hardware Trojans which can inject faults duri… ▽ More Register Files (RFs) are the most frequently accessed memories in a microprocessor for fast and efficient computation and control logic. Segment registers and control registers are especially critical for maintaining the CPU mode of execution that determinesthe access privileges. In this work, we explore the vulnerabilities in RF and propose a class of hardware Trojans which can inject faults during read or retention mode. The Trojan trigger is activated if one pre-selected address of L1 data-cache is hammered for certain number of times. The trigger evades post-silicon test since the required number of hammering to trigger is significantly high even under process and temperature variation. Once activated, the trigger can deliver payloads to cause Bitcell Corruption (BC) and inject read error by Read Port (RP) and Local Bitline (LBL). We model the Trojan in GEM5 architectural simulator performing a privilege escalation. We propose countermeasures such as read verification leveraging multiport feature, securing control and segment registers by hashing and L1 address obfuscation. △ Less

Submitted 15 April, 2019; originally announced April 2019.

Multi-Bit Read and Write Methodologies for Diode-STTRAM Crossbar Array

Authors: Mohammad Nasim Imtiaz Khan, Swaroop Ghosh, Radha Krishna Aluru, Rashmi Jha

Abstract: Crossbar arrays using emerging non-volatile memory technologies such as Resistive RAM (ReRAM) offer high density, fast access speed and low-power. However the bandwidth of the crossbar is limited to single-bit read/write per access to avoid selection of undesirable bits. We propose a technique to perform multi-bit read and write in a diode-STTRAM (Spin Transfer Torque RAM) crossbar array. Simulati… ▽ More Crossbar arrays using emerging non-volatile memory technologies such as Resistive RAM (ReRAM) offer high density, fast access speed and low-power. However the bandwidth of the crossbar is limited to single-bit read/write per access to avoid selection of undesirable bits. We propose a technique to perform multi-bit read and write in a diode-STTRAM (Spin Transfer Torque RAM) crossbar array. Simulation shows that the biasing voltage of half-selected cells can be adjusted to improve the sense margin during read and thus reduce the sneak path through the half-selected cells. In write operation, the half-selected cells are biased with a pulse voltage source which increases the write latency of these cells and enables to write 2-bits while keeping the half-selected bits undisturbed. Simulation results indicate biasing the half-selected cells by 700mV can enable reading as much as 512-bits while sustaining 512x512 crossbar with 2.04 years retention. The 2-bit writing requires pulsing by 50mV to optimize energy. △ Less

Submitted 1 June, 2016; originally announced June 2016.

Attack resilient architecture to replace embedded Flash with STTRAM in homogeneous IoTs

Authors: Asmit De, Mohammad Nasim Imtiaz Khan, Swaroop Ghosh

Abstract: Spin-Transfer Torque RAM (STTRAM) is an emerging Non-Volatile Memory (NVM) technology that provides better endurance, write energy and performance than traditional NVM technologies such as Flash. In embedded application such as microcontroller SoC of Internet of Things (IoT), embedded Flash (eFlash) is widely employed. However, eFlash is also associated with cost. Therefore, replacing eFlash with… ▽ More Spin-Transfer Torque RAM (STTRAM) is an emerging Non-Volatile Memory (NVM) technology that provides better endurance, write energy and performance than traditional NVM technologies such as Flash. In embedded application such as microcontroller SoC of Internet of Things (IoT), embedded Flash (eFlash) is widely employed. However, eFlash is also associated with cost. Therefore, replacing eFlash with STTRAM is desirable in IoTs for power-efficiency. Although promising, STTRAM brings several new security and privacy challenges that pose a significant threat to sensitive data in memory. This is inevitable due to the underlying dependency of this memory technology on environmental parameters such as temperature and magnetic fields that can be exploited by an adversary to tamper with the program and data. In this paper, we investigate these attacks and propose a novel memory architecture for attack resilient IoT network. The information redundancy present in a homogeneous peer-to-peer connected IoT network is exploited to restore the corrupted memory of any IoT node when under attack. We are able to build a failsafe IoT system with STTRAM based program memory which allows guaranteed execution of all the IoT nodes without complete shutdown of any node under attack. Experimental results using commercial IoT boards demonstrate the latency and energy overhead of the attack recovery process. △ Less

Submitted 1 June, 2016; originally announced June 2016.

A Survey of TCP Reno, New Reno and Sack Over Mobile Ad-Hoc Network

Authors: Md Nazmul Islam Khan, Rashed Ahmed, Md. Tariq Aziz

Abstract: Transmission Control Protocol (TCP) is often preferred to be implemented at the transport layer of a Mobile Ad-hoc Network (MANET) because of its wide range of applications, which enjoys the advantage of reliable data transmission in the Internet. However, because of some unique characteristics of MANET, TCP cannot offer reliable services while using e-mail, internet search and file transmission i… ▽ More Transmission Control Protocol (TCP) is often preferred to be implemented at the transport layer of a Mobile Ad-hoc Network (MANET) because of its wide range of applications, which enjoys the advantage of reliable data transmission in the Internet. However, because of some unique characteristics of MANET, TCP cannot offer reliable services while using e-mail, internet search and file transmission in such a network. The research investigates how well the different versions of TCP respond to various performance differentials when subjected to different network stresses and topology changes, aside from identifying the most efficient and robust TCP version(s) for different MANET scenarios. Among several TCP variants, three types are considered important for the analysis, namely TCP Reno, TCP New Reno and TCP Selective Acknowledgment (SACK). In most cases, the TCP performance is found in our study to decrease when the node size and mobility rate is increased in the network. There is, however, exception to this. As our simulation results demonstrate, the increases in the node velocity sometimes help the TCP to attain a better performance. The study also reveals that out of the three variants, TCP SACK can adapt relatively well to the changing network sizes while TCP Reno performs most robustly in the presence of different mobility rates within MANET. △ Less

Submitted 9 February, 2012; originally announced May 2012.

Comments: 8 Figures, MANET

Journal ref: International Journal of Distributed and Parallel Systems (IJDPS), Volume 3(1) ISSN : 0976 - 9757 (2012) [Online]

Effect of Packet Delay Variation on Video-Voice over DiffServ-MPLS in IPv4-IPv6 Networks

Authors: Md. Tariq Aziz, Mohammad Saiful Islam, Md. Nazmul Islam khan, Adrian Popescu

Abstract: Over the last years, we have witnessed a rapid deployment of real-time applications on the Internet as well as many research works about Quality of Service (QoS), in particular IPv4 (Internet Protocol version 4). The inevitable exhaustion of the remaining IPv4 address pool has become progressively evident. As the evolution of Internet Protocol (IP) continues, the deployment of IPv6 QoS is underway… ▽ More Over the last years, we have witnessed a rapid deployment of real-time applications on the Internet as well as many research works about Quality of Service (QoS), in particular IPv4 (Internet Protocol version 4). The inevitable exhaustion of the remaining IPv4 address pool has become progressively evident. As the evolution of Internet Protocol (IP) continues, the deployment of IPv6 QoS is underway. Today, there is limited experience in the deployment of QoS for IPv6 traffic in MPLS backbone networks in conjunction with DiffServ (Differentiated Services) support. DiffServ itself does not have the ability to control the traffic which has been taken for end-to-end path while a number of links of the path are congested. In contrast, MPLS Traffic Engineering (TE) is accomplished to control the traffic and can set up end-to-end routing path before data has been forwarded. From the evolution of IPv4 QoS solutions, we know that the integration of DiffServ and MPLS TE satisfies the guaranteed QoS requirement for real-time applications. This paper presents a QoS performance study of real-time applications such as voice and video conferencing in terms of Packet Delay Variation (PDV) over DiffServ with or without MPLS TE in IPv4/IPv6 networks using Optimized Network Engineering Tool (OPNET). We also study the interaction of Expedited Forwarding (EF), Assured Forwarding (AF) traffic aggregation, link congestion, as well as the effect of performance metric such as PDV. The effectiveness of DiffServ and MPLS TE integration in IPv4/IPv6 network is illustrated and analyzed. This paper shows that IPv6 experiences more PDV than their IPv4 counterparts. △ Less

Submitted 20 March, 2012; v1 submitted 8 February, 2012; originally announced February 2012.

Comments: 21 Pages, 8 Figures; January 2012, Volume 3, Number 1 (IJDPS)