SCARE: Side Channel Attack on In-Memory Computing for Reverse Engineering

TL;DR

This paper demonstrates that in-memory computing architectures using RRAM are vulnerable to side channel attacks (SCARE) that can reveal proprietary functions without invasive reverse engineering, and proposes countermeasures to mitigate this risk.

Contribution

It introduces SCARE, a novel side channel attack method targeting in-memory computing architectures, and evaluates its effectiveness along with potential countermeasures.

Findings

SCARE can identify logic functions with fewer test patterns than brute force.

Power and timing signatures vary with input patterns, enabling function identification.

Countermeasures like redundant inputs and literal expansion increase adversarial effort.

Abstract

In-memory computing architectures provide a much needed solution to energy-efficiency barriers posed by Von-Neumann computing due to the movement of data between the processor and the memory. Functions implemented in such in-memory architectures are often proprietary and constitute confidential Intellectual Property. Our studies indicate that IMCs implemented using RRAM are susceptible to Side Channel Attack. Unlike conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCARE can reveal the sensitive IP implemented within the memory. Therefore, the adversary does not need to perform invasive Reverse Engineering to unlock the functionality. We demonstrate SCARE by taking recent IMC architectures such as DCIM and MAGIC as test cases. Simulation results indicate that AND, OR, and NOR gates (building blocks of complex functions) yield distinct power and timing signatures based on the number of inputs making them vulnerable to SCA. Although process variations can obfuscate the signatures due to significant overlap, we show that the adversary can use statistical modeling and analysis to identify the structure of the implemented function. SCARE can find the implemented IP by testing a limited number of patterns. For example, the proposed technique reduces the number of patterns by 64% compared to a brute force attack for a+bc function. Additionally, analysis shows improvement in SCAREs detection model due to adversarial change in supply voltage for both DCIM and MAGIC. We also propose countermeasures such as redundant inputs and expansion of literals. Redundant inputs can mask the IP with 25% area and 20% power overhead. However, functions can be found by greater RE effort. Expansion of literals incurs 36% power overhead. However, it imposes brute force search by the adversary for which the RE effort increases by 3.04X.