Towards the Avoidance of Counterfeit Memory: Identifying the DRAM Origin

11/08/2019 ∙ by B. M. S. Bahar Talukder, et al. ∙ 0

Due to the globalization in the semiconductor supply chain, counterfeit dynamic random-access memory (DRAM) chips/modules have been spreading worldwide at an alarming rate. Deploying counterfeit DRAM modules into an electronic system can have severe consequences on security and reliability domains because of their sub-standard quality, poor performance, and shorter life span. Besides, studies suggest that a counterfeit DRAM can be more vulnerable to sophisticated attacks. However, detecting counterfeit DRAMs is very challenging because of their nature and ability to pass the initial testing. In this paper, we propose a technique to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM) to detect and prevent counterfeit DRAM modules. A silicon evaluation shows that the proposed method reliably identifies off-the-shelf DRAM modules from three major manufacturers.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 6

page 8

page 9

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

With the globalization of the semiconductor supply chain and the growth of the semiconductor market value, counterfeit integrated circuits (ICs) have become an established threat to the semiconductor community [1, 2, 3, 4, 5]. Counterfeit electronic parts and the risks associated with them have been increasing rapidly, which is reflected in the recent news [1, 2, 3, 4]. Many commercially available memory chips are fabricated worldwide in untrusted facilities and, therefore, a counterfeit memory chip/module can easily enter into the supply chain in different formats: recycled, re-marked, tampered, out-of-spec, forged-documented, defective, cloned, overproduced etc. [1, 6, 2, 7, 8, 9]. Recent studies show that the global market share of counterfeit IC is worth billion, and of which is contributed by memory chips [6, 2].

The inclusion of counterfeit components in an electronic system can endanger personal and national privacy, sabotage critical infrastructure, and damage the viability of entire business sectors because of their sub-standard quality, poor performance, and a shorter life-span [1, 7, 8, 9, 6]. A counterfeit chip can fail any time after being deployed in the system, or they can be exploited to leak sensitive information or to allow remote access and endanger the integrity, confidentiality, and safety of a system by performing invasive or non-invasive fault-injection attacks [10, 11]. Furthermore, recent experimental studies suggest that some DRAM modules are more vulnerable to rowhammer attack, a method of changing the restricted memory contents by repeated access to their adjacent rows [11], because of their poor resiliency against noise, interference, etc.

A single solution to detect or prevent counterfeiting is unrealistic because of the diversity of counterfeit types, sources, and refinement techniques [1, 7, 8, 9]. Several discrete countermeasures have been proposed by the industry and academic researchers, which can be categorized into two major types: (i) electrical-based testing and (ii) physical-inspection based testing [1, 2, 6, 7, 8, 9]. Some solutions are applicable to chips that are already in the market, and some solutions are integrated with the original chips for future tracking or metering [1, 2, 6, 7, 8, 9]. Most of the solutions are ineffective for memory chips because they might require expensive equipment, expensive testing set-up, maintenance of an expensive database, and exhaustive enrollment process [2, 6, 12]. Besides, most physical-inspection based solutions are invasive and therefore, not applicable for mass-volume detection [2]. For mass-volume verification and low-cost testing, electrical-based testing is required that is non-invasive [6]. However, a non-invasive solution for counterfeit DRAM identification is extremely difficult because they may remain functional at the time of purchase and pass standard product qualification tests. Also, most existing solutions focus on a single counterfeit type (e.g., detecting recycled chips) [1, 2, 12]. Furthermore, current extensive regulations require a series of expensive testing methodologies [6, 2]. Therefore, a proper solution is required to identify counterfeit memory chips before deploying them in mission-, safety-, and security-critical systems.

In this paper, we propose a machine-learning-based technique to identify the origin of a DRAM manufacturer along with DRAM specification (i.e., density, grade, etc., see Sec.

III for details) by exploiting DRAM latency (the required time to move charge from one location to another location in DRAM [13, 14, 15, 16]) variations to detect and prevent major counterfeit types. The major contributions of this paper include:

  • We propose a framework to identify the origin of the DRAM manufacturer by exploiting the facts that the architectural, layout, and manufacturing process variations are reflected in latency variations. The framework is also capable of verifying specification of individual DRAM module.

  • We extract the most appropriate features from the latency-based erroneous patterns in DRAM modules to amplify the variations among manufacturers and specifications.

  • We propose a machine learning approach to determine the origin of the DRAM manufacturer based on the extracted features. The same method also separates DRAM modules of different specifications that are from the same manufacturer.

  • We validate our proposed framework with off-the-shelf memory modules (commercial grade) from three major manufacturers- Micron, Samsung, and SK Hynix [17].

  • We validate the robustness of our proposed technique against temperature and voltage variations.

The rest of the paper is organized as follows. In Section II, we present the background of DRAM architecture, read/write operation, low-latency induced errors. We also present a set of motivations for our proposed framework in Section II. We highlight our major objectives and necessary assumptions in Section III. We propose the manufacturer identification framework in Section IV. The experimental results are presented and discussed in Section V. We highlight the major limitations and the scopes of our proposed work in Section VI. We conclude our article in Section VII.

Ii Background and Motivations

Ii-a DRAM Architecture and Latency Variations

A DRAM system can have one module or several modules depending on the memory requirement. A DRAM module is divided into one or multiple ranks [13, 18, 19]. Each rank consists of several DRAM chips; and together, they provide a wide data-bus (usually 64 bits). The DRAM memory structure is analogous to a 2-D memory cell array. For simplicity, we can consider that each bit of the 64-bit word comes from 64 individual cell arrays. The rows of the DRAM are known as wordline (or page). The columns are known as bitline, and the chip density determines the total number of rows. The bitlines are connected to the row-buffer, a series of sense-amplifiers. Several DRAM cells are connected to a wordline. A DRAM cell consists of two components- an access transistor and a capacitor to hold the charge. The access transistor connects the capacitor with a bitline and is controlled by the wordline. The state of charge in the capacitor determines the memory content (i.e., ‘1’ or ‘0’). Depending on the memory architecture, DRAM memory cells can be categorized into true-cell and anti-cell [19]. A true-cell stores logic ‘1’ with a fully charged capacitor and ‘0’ with an empty capacitor. On the other hand, an anti-cell stores ‘0’ with a fully charged capacitor and ‘1’ with an empty state. However, the stored charge in the capacitor leaks away, which leads to an incorrect reading after a certain amount of time. So, to ensure the integrity, the content of a DRAM cell needs to be refreshed periodically before the memory contents flip. This time interval is known as the Retention time, which is 32 or 64 milliseconds (ms) [18]. A failure to refresh before the retention time can alter the memory content.

To write/access the cell content, the column (or bitline) voltage need to be initiated at a specific reference voltage ().

Fig. 1: DRAM timing at reading cycle [13].

Fig. 1 presents a simplified version of DRAM read operation. A read operation starts with an ACTIVATE (ACT) command executed by the memory controller. is called the Activation

latency which is required to activate (turn ‘ON’) the access transistor properly. The activated access transistor creates a conducting path between the storage capacitor and the bitline. The charge stored in the capacitor perturbs the bitline voltage. The sense-amplifier senses the perturbed voltage and amplifies it to an appropriate binary value. At this moment, the memory controller applies the READ command to read the data and fetch it to the data bus. The minimum time latency between the READ command and the first data bit to appear in data-bus is called

Column Access Strobe latency or CAS latency (). DRAM’s read operation is a destructive process. Therefore, the charge on the DRAM storage capacitor needs to be restored after each successful reading. The time required to activate an access transistor and to restore the charge on the corresponding storage capacitor is known as the Row Active latency or Restoration latency (). At the end of the restoration process, the memory controller again applies the PRE command to re-initiate all the bitlines for the next read/write operation. The PRE command precharges all bitlines to . The time required to precharge all bitlines properly is called Precharge Time (). The PRE command also deactivates all previously activated access transistor. The is the total time required to read a DRAM row properly; this total time is called Row Cycle Time ().

Usually, the DRAM manufacturer specifies a set of timing parameters for reliable read and write operation [18]. At the reduced timing latency below the standard value, we experience unreliable read and write operations, which is different from one module to another [18, 13, 14]. In our proposed method, we capture the architectural, layout and manufacturing process variations by exploiting the errors originated at the reduced Activation latency ().

Ii-B Counterfeit, Existing Work, and Motivations

The modern horizontal semiconductor supply chains involve several parties to reduce the fabrication cost and time to market [1, 2, 6, 20, 21]. In this model, a chip is designed in one place while fabricated in a different place. Because of traveling IPs in different formats and involvement of untrusted parties, the modern semiconductor supply chain suffers from counterfeiting (such as hardware trojan or malicious change in third-party IP or chip layout, cloning IPs/ICs, remarking, etc.) [1, 21, 5, 22]. Fig. 2 shows the IC/DRAM design flow for authentic-chip and pirated-chip production cycle. The untrusted party (the third-party IP developer, the foundry, the assembly, the distributor, etc.) can perform counterfeiting at different phases of the manufacturing process. An untrusted party can send out overproduced, and out-of-spec/defective ICs/DRAM chips to the market. The untrusted party also can clone the original chip by stealing IPs or by reverse-engineering (from a post-fabricated product) to avoid research and development (R&D) costs. Recycled ICs also can be added to the supply chain at different stages (e.g., in the foundry or the assembly). Below, we summarize (but not limited to) the motivations of our proposed work.

Fig. 2: (a) Authentic-chip production cycle vs. (b) counterfeit-chip production cycle [21].

i) Existing countermeasures and their limitations: In 2015, the Department of Defense imposed several rules to stop entering counterfeit components in the defense supply chain [6]. These rules create more accountability and require proper testing standards along with maintaining a database if the electronic components are acquired from the untrusted party. Researchers, industries, and several organizations have developed several test plans or standards that require a series of testing methods. Visual inspection, X-ray imaging, scanning electron microscopy (SEM), energy disruptive spectroscopy, terahertz spectroscopy, etc., are the most common physical inspection-based techniques that are used to detect counterfeit chips [1, 7, 8, 9]. Some imaging techniques capture the internal features of a sample and might be very effective to identify certain counterfeit types. However, these physical inspection-based techniques usually require expensive tool, long test time for sample collection and imaging, subject matter experts [1]. Curve trace testing (CTT), parameter testing, burn-in testing, aging-based analysis, etc. are the most common electrical test methods that can be used to identify counterfeit components [23, 24]. Existing burn-in and aging analysis-based techniques partially destructive because months to years of the device are consumed from the accelerated aging. The parameter testing is useful but requires expensive test setup and complex test programs. On the other hand, the CTT (electrical testing to capture damaged packages, broken or damaged wires, cracked die, etc.) is only useful for detecting recycled ICs [2, 6].

Researchers also have proposed pre-fabrication techniques to prevent counterfeiting such as hardware metering ([1, 25]), secure split test (SST) ([5]), placing on-chip sensors ([23, 24, 2, 26]), electronic chip ID ([1]), DNA marking ([27]), RFID-based tracking ([28]), blockchain-based traceability ([29]), PUF-based techniques ([10, 30, 14, 31, 32, 33]), etc. Hardware metering and SST are used to provide post-fabrication control but require hardware changes and complex supply chain management. Besides, each of the chips needs to go through the unlocking process, which is tedious and adds extra steps in the supply chain. On the other hand, on-chip sensors are used to monitor the device degradation but need some additional sensors and monitoring units. ECID tags each chip with a unique ID by adding some non-programmable memory (such as OTP or ROM). The ECID-based solution is susceptible to tampering. In DNA marking technique, a mixed plant DNA is used to create a new DNA sequence [27]. Later, this sequence is applied with the ink to mark the chip package. However, this technique suffers from a complex authentication scheme. For the PUF-based technique, the unique ID generated from each chip can be used to identify authentic chip. However, the PUF-based techniques require an extensive database for registration purposes. The registration and authentication procedures are exhaustive as well. The DRAM memory itself can be used as a PUF, but the uniqueness of PUF can make the solution very challenging. Moreover, most of the existing solutions address a single counterfeit type.

Our proposed machine-learning based technique has some advantages compared to other possible manufacturer identification techniques:

  • In the proposed machine-learning based technique, we store minimal information (a few statistical parameters) to attest and detect a large group of memory modules/chips. On the other hand, for example, in PUF-based technique, we need to create a golden/reference dataset by accumulating all challenge-response pairs for an individual memory module/chip.

  • Our proposed technique does not need any exhaustive registration processes. Analyzing a small number of samples from a large group of modules is sufficient enough to reveal the detail statistical information of that group.

  • Furthermore, the machine-learning based technique can serve some particular purpose; for example, the user might want to test the authenticity of the purchased device without knowing any details of chip design. In such a case, the user does not need to have exclusive access to any sensitive information (e.g., the challenge-response database of PUF-based scheme).

  • This technique does not require any hardware modification unlike many existing techniques such as: hardware metering, SST, on-chip sensor-based authentication, ECID, etc. [1].

  • The proposed solution is invasive and less expensive compared to some other techniques.

ii) Importance of attesting the DRAM origin: Attesting the origin of the foundry or the manufacturer is a critical need to (a) enforce the license agreement, (b) ensure and track the quality of the chip, (c) rank the manufacturer based on the quality and durability of their products, (d) protect the intellectual property, (e) ensure accountability, and (f) stop the spread of counterfeit memory chips worldwide. Counterfeiters usually hide the origin of the foundry, fake the quality of the original memory modules/chips, and infringe on the rights of the original manufacturer [3, 4, 7, 8, 9, 5]. On the other hand, verification of individual DRAM module’s specification can detect certain counterfeit types such as upgrading a DRAM module through remarking or forged documentation.

The existing techniques on attesting of the foundry rely on simulation or test data from fabrication and packaging facilities [7, 8]

. Unfortunately, in most cases, the testing data are not made publicly available and, therefore, a party that does not have access to those test data cannot make the classifier and (or) cannot verify the ratified foundry. In contrast, in our proposed technique, the DRAM chips can be authenticated based on trained classifier provided by the manufacturer or a trusted third party. In the proposed technique, the verifier does not require any prior knowledge of the manufacturing process. The classifier input, a set of features, can be easily evaluated in any low-cost embedded or FPGA-based system.

iii) Vulnerability of counterfeit memory chips: A counterfeit memory module can be more vulnerable to attacks because of their less resiliency against noise. For example, recent studies demonstrate that some DRAM modules possess inferior quality than others, which are more susceptible to rowhammer attack [11]. Our experimental results also suggest that a recycled DRAM chip is more vulnerable to rowhammer attack.

iv) Modification of serial presence detect (SPD) information: DRAM manufacturers provide the information of all DRAM timing parameters in a small read-only memory (ROM) which is integrated with the DRAM module [34]. It has been demonstrated that a counterfeiter can modify this information (aka SPD information) to make a DRAM authentic or superior [35]. These DRAM chips can pass the initial test but can cause critical failure of the system during runtime under some operating conditions that are considered safe [36].

Iii Objectives and Assumptions

The objective of this work is to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM) reliably by capturing all variabilities. The major variations to attest and identify the origin of the manufacturer include:

  • Architectural variations: Manufacturers usually optimize the DRAM architecture in various ways to support the specifications and product cost [37, 38]. For example, manufacturers shrink the die size to reduce the cost per cell, which can cause the DRAM more susceptible to noise, more vulnerable, and less robust. The minimum required latency parameters vary from one architecture to another. Therefore, for a given reduced timing latency, DRAMs from different manufacturers create a different amount of errors [13, 14, 38].

  • Layout variations: Chip layout variation from one manufacturer to another may originate from several sources such as chip area, floorplanning, placement, and routing, etc. [38, 39]. This layout variation may affect different electrical characteristics such as RC path delay, power utilization ( loss), noise margin, etc., which can be reflected in the DRAM latency parameters [13, 14].

  • Process variations: The intrinsic process variation can be either random or systematic [40, 41]. The random process variation can be considered as noise and varied among the chips fabricated on a single silicon wafer. On the other hand, the systematic process variation depends on the quality of the fabrication plant and also related to the microstructural locality and pattern. The process variation can lead to different error patterns at a given reduced latency parameter and can reveal the information about the fabrication plant and the microstructure.

Our proposed technique of identifying the memory manufacturer is based on the following assumptions.

  • Assumption on memory class: A manufacturer ships memory module with a part number on it, which contains the manufacturer information and chip specification, such as density, speed grade, package, temperature range, bus width, die generation, etc. [42]. In addition to part-number, a manufacturer also provides additional module specification on the module label [43], such as JEDEC PCB layout version [44], SPD version [34], manufacturing country, manufacturing lot number, etc. Timing parameters of the DRAM module are specified into SPD data [34]. In this work, two DRAM modules are considered as two different classes, if one of the following information is mismatched: i) manufacturer, ii) part number, and iii) PCB layout version/SPD data. A change in one specification can lead to different GDSIIs (related to the die generation, and specification), packaging, PCB layouts, or SPD data. Note that a manufacturer may send a single GDSII file to different fabrication plants. We assume that fabrication plants with the same GDSII follow similar design rules to minimize the effect of systematic process variations.

    In this article, ‘sample’, ‘positive sample’, and ‘negative sample’ mean memory module under test, memory module that originally belong to the target class, and memory modules that originally do not belong to the classifier target class (i.e., belong to the outlier region), respectively.

  • Assumption on data training, and verification: We extract different features to capture the architectural, layout, and process variation. These features are trained to learn a statistical model. In our proposed scheme, the manufacturer or a trusted party is responsible for training the statistical model and releasing it for public use. We also assume that, while training the statistical model for a particular memory class, manufacturers do not have any statistical information from other memory classes (i.e., from negative class). However, in practice, the manufacturer may collect a few random samples from other classes. Training statistical model with some negative examples might be beneficial, but it is almost impossible to collect all samples from all negative classes because of the diversity of memory chips/modules and several manufacturers. We also assume that the chips/modules that are used for the enrollment in the proposed technique are authentic. The regular consumers should able to verify their purchased DRAM class by only using the statistical model. We also assume that consumers do not have any knowledge on memory architecture and manufacturing process.

Iv Proposed Method

To extract all possible variabilities, we reduce the DRAM timing latency and obtain the signatures (i.e., the error pattern or fail bit count) that reflect the architectural, layout, and process variations. Below, we present a framework to identify the DRAM class that involves several steps.

Step 1: Data acquisition. The experimental results show that the latency-induced error pattern depends on the data written into the memory, the amount of latency reduction, and the DRAM module [45]. To capture the maximum variations among the memory classes, we write four different sets of data to the memory module: (i) Data set 1: solid data pattern (all 1’s), (ii) Data set 2: inverse solid data pattern (all 0’s), (iii) Data set 3: column stripe data pattern (101010), (iv) Data set 4: inverse column stripe data pattern (010101). Then, each data set is read back from the DRAM module at the reduced Activation time () to capture module dependent erroneous outputs.

Step 2: Feature selection.

It is crucial to select the optimum number of features since the performance of classifiers is sensitive to the choice of the features and features’ attributes such as correlation, noise, and other factors. In this step, we will select the key features that can effectively capture architectural, layout, and process variations observed in DRAM since they directly impact the accuracy, computation time, and storage (of golden data) of our proposed technology. The classification models are created based on a total of 26 features collected from the four sets of data. Features are extracted from the whole data that is read out from one page. A single bank from 1GB memory module contains 16k+ pages per bank (eight banks per module), and for the case of a 2GB memory module, each bank includes 32k+ pages. Each memory page contains 1,024 words and each word contains 64-bits of data. The data collected (at reduced ) from each memory pages are then rearranged into a 1,02464 (denoted as of size , where, number of words in a page, number of bits in each word) binary array. Moreover, for each page, we create another array, (same size of ) which tracks the location of flipped bits. Note that, the , if is flipped with respect to the actual data that is written to the DRAM otherwise, it will be 0. The following features have been chosen from each page to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM).
Feature 1 (): The total number of flips, also known as failed bit count (FBC), is used to capture the data dependency, process variation, and layout variation of the DRAM chips. The silicon results show that the FBC counts change from one DRAM module to another module.
Feature 2 (): The subset of FBC bits that are flipped to logic 1.
Feature 3 (): The compression ratio () depends on the distribution of ones and zeros in a string (i.e., randomness). The compression ratio is defined as Eq. 1.

(1)

Where and are the sizes of the uncompressed and compressed data respectively.

Our preliminary experimental results show that the compression ratio of varies from one manufacturer to another. We compress data using standard ZLIB library [46] and then compared the data size with the original data. The ZLIB library is optimized for the minimal computational overhead while compressing the data.

Feature 4 (): The whole block of is divided into a set of smaller blocks (each block is of size and denoted by

). The standard deviation on the FBCs in these

s are considered as a feature. This feature captures the spatial locality of FBC along the dimension . The higher value of standard deviation represents a greater spatial locality.
Feature 5 (): The block is divided into a smaller block, (of size ) and then FBC is counted on each of the smaller blocks. Then we choose the standard deviation of those FBCs as the feature . The spatial locality along the dimension is captured with this feature .
Feature 6 (): Like , we calculate the standard deviation of FBCs on 64 blocks (of size ). This feature captures the fact that some cells of each 64-bit words are more error-prone than others.
Feature 7 (): Like , we calculate the standard deviation of FBCs on 1024 blocks (of size ). This feature explores the fact that some bitlines are more error-prone than others.

All features except the is extracted from all four data sets. The feature is only extracted from the dataset 3 and dataset 4 (see Step 1). Choosing block-size for through is correlated to the DRAM organization. For example, we choose a block size of () for to capture the variations among the chips in a DRAM module. Our tested DRAM modules consist of four or eight chips, and each chip shares or blocks. We use block () height of 8 to extract average variations among the chips to ensure consistency among classes.

Step 3: Machine-learning algorithms for detecting the DRAM origin. After extracting the most suitable feature, we develop a machine-learning based technique to identify counterfeit DRAM modules. In our proposed technique, we use one-class classifier. Although one-class classifier is a more complex statistical problem, recent works demonstrated that it is more advantageous compared to other machine learning based techniques while detecting counterfeit ICs [47, 48, 8, 49]. On the other hand, in the traditional binary-class classifier, if the statistical diversity is enormous in the negative samples, the classifier might provide poor decision boundary due to the small negative train data [50, 51]. In such a scenario, it will be very expensive or even impossible to collect data from the negative class covering the wide statistical diversity. This situation is particularly true for counterfeit IC detection as counterfeit ICs can be introduced from a wide variety of sources (see Sec. II-B). On the contrary, the one-class classifier [50, 51, 52, 53, 54]

is trained by only positive class samples. In our proposed method, we use Support Vector Data Description (SVDD)

[50, 51] to detect the outliers of a specific class. SVDD creates a spherical decision boundary in feature-space around the train dataset of a given class. For a given training data , Tax et al. [51] solved the following optimization problem given by Eq. 2.

(2)

Here, is a slack variable and is the mapping function from the lower dimension to a higher dimension. and are the radius and center of the encircling boundary, and is the regularization parameter. A smaller value of causes more training samples to be treated as an outlier. A sample will be considered as an outlier if . However, Eq. 2 can be efficiently solved by the Eq. 3.

(3)

Here, is the kernel function (i.e., ). In our case, we have chosen the radial basis kernel function (Eq. 4) [55]

. The radial basis function is useful when the data are not linearly separable.

(4)

In Eq. 4 is a free parameter. A larger value of enables the classifier to capture more complex attributes of the training data. On the other hand, the classifier model might suffer from overfitting problem if the value of is too large. However, the and can be optimized more efficiently by introducing artificial outliers and applying k-fold cross-validation [56]. Moreover, the classifier accuracy can be increased by introducing some real negative examples during training [51].

Step 4: Constructing a framework to detect DRAM manufacturer. Fig. 3 presents the proposed framework to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM). In the proposed framework, we assume that the manufacturer or a trusted party provides the classifier model to the consumer and also defines a threshold for Positive Page Rate (). The positive page rate () is defined as follows-

(5)

In Fig. 3, the steps, shown in the blue region, are performed by the OEM (Original Equipment Manufacturer), and the steps shown in the green region are performed at the consumer end. All other steps (covered by the orange region) can be processed in either consumers’ system or manufacturers’ system. Initially, the OEM or a trusted party trains a classifier based on all page data that are captured from one or multiple DRAM samples of the target class. The OEM or trusted party should also specify the number of memory pages that need to be tested from a memory module to prove its authenticity. Then, based on the sample statistics, the OEM should choose a threshold () to decide whether a DRAM is manufactured by them or not. If the from the test module is higher than the threshold, then the memory module should be considered as authentic. The selection of the threshold value and the number of test pages () depend on the quality of the classifier and the manufacturing process. Higher process variations might cause a large statistical diversity on the manufactured memory modules and may increase the chance of miss-classification. Besides, a larger process variation may lead to a higher statistical variation among the memory pages from the same DRAM module. In such a case, we might need more randomly sampled memory pages (i.e., a larger value of ) to capture all architectural and manufacturing process variations of a DRAM module. The choice of mostly depends on the quality of classifier. Fig. 3(a) shows that the distribution of from positive samples and negative samples have an overlapping region. In such case, it is not possible to select a that creates a clear boundary between the positive samples and the negative samples. On the other hand, if the distribution of the is mutually exclusive (Fig. 3(b)), selecting a within the interval [, ] will separate positive and negative samples. Therefore, the ideal goal should be, maximizing the separation between and for a suitable value of during classification. As it is difficult/impossible to collect the negative class data that covers the whole distribution (discussed in Step 3), the should be defined with the highest possible value (i.e., ). In our proposed scheme, the OEM should train a classifier , corresponding to a specific memory class and make the classifier parameter public. Then, the user should choose random test pages from the memory module that is under test. The general information given with the classifier should enable the user to extract features form those selected pages. Then, for each of those test pages, the OEM/user should test the extracted features using the classifier . If the (calculated from Eq. 5) is higher than the threshold , the memory module should be marked as authentic. Otherwise, it should be identified as a counterfeit one.

Fig. 3: The proposed framework that is used to prove the authenticity of the origin of the DRAM manufacturer along with specification.
(a)
(b)
Fig. 4: Selecting for case- (a) when the distribution of and are overlapped, (b) when the distribution of and are mutually exclusive.

V Results and Analysis

In our experiment, we have collected data from 25 commercial off-the-shelf single rank DDR3 SODIMMs (small outline dual in-line memory module) from 3 major DRAM manufacturers (see Table 1) [17]. We have tagged the memory class based on the part number, the Garber version (reference PCB layout version [44]), and the SPD [34] data (see Table 1). Among the first six classes, we found at least one mismatch in their SPD data (detailed of SPD data is not presented in this article). On the other hand, the last two classes only differed by their PCB layout version and SPD version. From each memory module, we have collected data from all memory banks (each DRAM module contains eight banks). The testing platform has been implemented using a Xilinx Virtex ML605 evaluation board with SoftMC [57]. Data have been written and fetched from the DRAM memory module with two 32-byte data bursts. For all memory modules, we have observed error patterns below of Activation time (the recommended Activation time is in between to [18]). In this work, we have conducted our experiment with a of Activation time which should be achievable by most of the system. In order to quantify the robustness of our proposed technique, we have evaluated our proposed method in four different operating condition- i) nominal voltage (v) and room temperature (C) (NVRT), ii) high voltage and room temperature (HVRT), iii) low voltage and room temperature (LVRT), and iv) nominal voltage and high temperature (NVHT). For HVRT and LVRT, we have changed the input voltage () by % as most of the memory controllers limit the voltage ripple within % [58]. For NVHT, we have changed the operating temperature by C from the room temperature.

Manufacturer
Part
Name 222M1: MT4JSF12864HZ-1G4D1, M2: MT8JSF12864HZ-1G4F1, S1: M471B2873EH1-CF8, S2: M471B2873GB0-CH9, S3: M471B5773DH0-CH9, H1: HMT325S6BFR8C-H9;
M1, M2, S2: 1GB 1333MT/s, S1: 1GB 1066MT/s, S3, H1: 2GB 1333MT/s
Country
Origin
Quantity
SPD-Garber
Version
Class
tag
Micron M1 China 2 10-C1 1
M2 Singapore 3 10-B1 2
China 4
Samsung S1 China 1 10-B1 3
S2 China 1 11-B2 4
S3 China 4 11-B2 5
Philippines 3
SK Hynix H1 Korea 5 10-B1 6
China 1 11-B2 7
Korea 1
TABLE I: Memory modules used in the data set.

Fig. 5 presents the spatial locality of failed bits in a randomly chosen page form each memory class at NVRT operating condition. From the scatter plot, we observe that the error pattern is different for different classes. Note that, the PCB layout version only differs class 6 and class 7 and the subtle difference is difficult to understand from the figure (Fig. 4(a)). In Fig. 4(b)

, we have presented the spatial locality of failed bits on two random pages from the same memory module of the same class. Although there is some similarity in their texture, the pattern is not consistent. The features extracted from these samples (as discussed in Sec.

IV) are still capable of separating these classes.

(a)
(b)
Fig. 5: (a) Spatial locality of failed bits from a randomly chosen page from each class,
(b) Spatial locality of randomly chosen two pages from same memory modules.

From each memory page, we have extracted a total of 26 features as described in Sec. IV

. We have applied these 26 features directly to train and test the classifier. However, we have used the Linear Discriminant Analysis (LDA), a linear transformation

[59], to provide the best visualization of the class separability. The LDA projects the data into a lower dimension feature-space by keeping the maximum separability among the classes. In the LDA, the lower dimension and the higher dimension features are linearly dependent. The data distribution in lower dimension feature-space is presented in Fig. 6. In this figure, we have only considered the most significant 5 dimensions ( and

) in the new feature-space that provides the maximum separability (explained variance). From the figure, we observe that each of the class forms a cluster in the feature space, which enables the separation of manufacturers.

Fig. 6: Visualizing data in feature-space.

To demonstrate our proposed method, we trained one-class SVDD classifier (as discussed in Sec. IV) for each class where we assume that the manufacturer does not have any prior knowledge of the memory modules from other class (See Sec. III). The classifier was only trained at NVRT operating condition, and the same classifier was used to test the data from other operating conditions. Training one class classifier is a more complex statistical problem compared to the multi-class problem. We used LIBSVM library to implement the one class classifier [60]. For each class, we selected only one module to train the classifier (using 26 features from all pages collected at NVRT condition) and then tested all the pages from the rest of the 24 modules with the trained classifier with all operating conditions.

To validate our algorithm, we have chosen all possible combinations of training and testing data sets. In Table II, we have presented the result from the one-class classifier. The third, fourth, and fifth columns of the table represent the mean, the standard deviation, and the minimum from the positive samples for each classifier ( is calculated from each test module). The sixth, seventh, and eighth columns of the table represent the mean, the standard deviation, and the maximum from the negative samples. For the ideal case, the and should be 100% and 0% respectively. The standard deviation for both cases should be 0%. A larger gap between the and provides us the flexibility of choosing appropriate values of and for identifying the origin of the manufacturers along with specification with high confidence (Sec. IV). Our silicon results provide a satisfactory difference between the and , which can be further improved by learning statistical model with more positive samples and/or introducing negative samples. Table II also presents that a small change in voltage and temperature has a very insignificant effect on classifier performance. This is expected because a small change in voltage or temperature has a negligible effect on Activation time. [14, 13, 36, 61].

Class Tag

Operating
Condition

1 NVRT 0.00 0.00 0.00 0.04 0.26 1.77
HVRT 0.00 0.00 0.00 0.03 0.20 1.37
LVRT 0.00 0.00 0.00 0.03 0.22 1.51
NVHT 0.00 0.00 0.00 0.05 0.31 2.08
2 NVRT 99.07 1.16 95.40 0.00 0.02 0.17
HVRT 98.04 3.54 87.60 0.00 0.01 0.10
LVRT 99.09 0.98 96.49 0.00 0.02 0.19
NVHT 99.33 0.58 97.53 0.00 0.01 0.07
3* NVRT 0.00 0.01 0.06
HVRT 0.00 0.01 0.06
LVRT 0.00 0.01 0.05
NVHT 0.00 0.01 0.07
4* NVRT 0.00 0.00 0.00
HVRT 0.00 0.00 0.00
LVRT 0.00 0.00 0.00
NVHT 0.00 0.00 0.00
5 NVRT 84.19 6.92 59.79 0.38 1.02 6.8
HVRT 84.74 7.16 59.31 0.41 1.10 7.19
LVRT 84.19 6.06 60.92 0.40 1.02 6.7
NVHT 82.56 7.63 57.00 0.38 1.03 6.96
6 NVRT 90.29 9.31 69.58 1.58 4.16 25.91
HVRT 90.35 9.39 68.98 1.54 4.14 25.78
LVRT 81.98 9.49 69.74 1.69 4.52 28.65
NVHT 90.32 9.31 69.17 1.52 3.80 23.64
7 NVRT 73.81 10.46 66.41 1.56 4.73 21.72
HVRT 74.22 9.36 68.11 1.61 4.91 22.98
LVRT 71.55 14.67 61.18 1.56 4.75 21.19
NVHT 76.01 6.53 71.39 1.53 4.72 22.15

*For class 3 and class 4, we have only one sample which is used to train the statistical model. There is no positive test sample left for these two classes.

TABLE II: Results from the one-class classifier.

A suspicious DRAM module: From the results shown in Table 3, for class 1, we observe that the is 0% (the ideal is 100%). Note that we have two samples available for this class: one is used for training, and another one is for testing. Therefore, we suspect that one of them is counterfeit. Fig. 6(a) presents the spatial locality of failed bits from 2 random pages from those two samples. The results show that they have distinct FBC properties. Furthermore, the dissimilarities found in visual inspection (Fig. 6(b)) suggests that one of them might be counterfeit (i.e., from a fake manufacturer). The layout difference between these two modules suggests that the reference layout version should be different for these two modules. However, the reference layout version is described as ‘C1’ on both modules’ label. From the SPD data, we have found that the reference raw card (i.e., layout) version is specified as ‘C’ (which represents- ‘C0’, ‘C1’, ‘C2’ etc.) for both modules. For further investigation, we have checked the layout provided by the JEDEC [44] and found that the second module layout version is ‘C2’ instead of ‘C1’ (as shown in Fig. 6(b)). Therefore, we conclude that the second module is either from the fake manufacturer or mislabeled (with layout version ‘C1’).

(a)
(b)
Fig. 7: (a) Spatial locality of erroneous bits of 2 random pages of each sample from Class 1,
(b) Visual appearance of each sample from Class 1 (Module 2 is suspicious).

Vi Limitations and Future Work

Our proposed method can be used to detect various counterfeit types. However, the proposed work cannot identify overproduction from the same foundry [5]. In the future, we will extend our technique for other volatile and non-volatile memory chips (e.g., flash memory, SRAM, etc. [62, 63]). Selecting a robust set of features to improve the accuracy might be another direction of our current research. In such a case, we might need to use more than one entropy source to capture a better variance among classes. In this article, we have only used data error obtained at the reduced activation latency.

Since our current work only exploits the learning ability of a one-class classifier, we will explore additional machine learning techniques, such as ensemble learning and classifier fusion, for improved generalization across a broader set of manufacturers in future work. We will also explore additional features and filtering, wrapper, and embedded feature analysis techniques to better understand the impact of each feature on identifying a DRAM manufacturer.

Vii Conclusion

In this paper, we proposed a simple non-invasive and low-cost scheme for identifying the origin of a DRAM manufacturer and verifying individual DRAM’s specification. The proposed method exploits the DRAM latency variations to capture the architectural, layout, and process variations. At first, we chose the most appropriate features from the DRAM signature, and then we used a one-class classifier to verify the memory class without knowing the information from other classes (i.e., other manufacturers).

Acknowledgment

This work was supported by the National Science Foundation under Grant Number CNS-1850241. We would like to thank UAH for filing patent, UAH reference: UAH-P-18038.

References

  • [1] U. Guin et al., “Counterfeit Integrated Circuits: A Rising Threat in the Global Semiconductor Supply Chain,” in Proceedings of the IEEE, vol. 102, no. 8, pp. 1207-1228, 2014.
  • [2] D. J. Forte and R. S. Chakraborty, “Counterfeit Integrated Circuits: Threats, Detection, and Avoidance,” CHES 2018.
  • [3] “Counterfeit DRAM chip ring found,” Available: https://www.cnet.com/news/counterfeit-dram-chip-ring-found [Accessed: 08-Aug-2019].
  • [4] “Counterfeit Product Alert,” Available: https://thecounterfeitreport.com/product/483/Micron-20Elpida-DRAM-Memory-Chips.html.
  • [5] M. T. Rahman et al., “CSST: Preventing distribution of unlicensed and rejected ICs by untrusted foundry and assembly.” In 2014 IEEE International symposium on defect and fault tolerance in VLSI and nanotechnology systems (DFT), pp. 46-51. IEEE, 2014.
  • [6] U. Guin, N. Asadizanjani, and M. Tehranipoor, “Standards for Hardware Security,” GetMobile: Mobile Comp. and Comm. 23, 1 (2019), 5-9.
  • [7] J. B. Wendt, F. Koushanfar, and M. Potkonjak, “Techniques for Foundry Identification,” In Proceedings of the 51st Annual Design Automation Conference (DAC’14), ACM, Article 208, 6 pages.
  • [8] A. Ahmadi et al., “A machine learning approach to fab-of-origin attestation,” In Proceedings of the 35th International Conference on Computer-Aided Design (p. 92).
  • [9] R. L. Helinski et al., “Electronic forensic techniques for manufacturer attribution,” In Hardware Oriented Security and Trust (HOST), 2016 IEEE International Symposium on (pp. 139-144).
  • [10] A. Schaller et al., “Intrinsic Rowhammer PUFs: Leveraging the Rowhammer effect for improved security,” 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2017.
  • [11] M. Lanteigne, “How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware,” Third I/O Inc., Mar. 2016, Available: www.thirdio.com/rowhammer.pdf [Accessed: 08-Aug-2019].
  • [12] Z. Guo et al., “SCARe: An SRAM-Based Countermeasure Against IC Recycling,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems 26, no. 4 (2018): 744-755.
  • [13] K. K. Chang et al., “Understanding latency variation in modern DRAM chips: Experimental characterization, analysis, and optimization,” ACM SIGMETRICS Performance Evaluation Review (Vol. 44, No. 1, pp. 323336), 2016.
  • [14] J. S. Kim et al., “The DRAM Latency PUF: Quickly Evaluating Physical Unclonable Functions by Exploiting the Latency-Reliability Trade-off in Modern DRAM Devices”, 24th International Symposium on High-Performance Computer Architecture, 2018.
  • [15] B. M. S. B. Talukder et al., “PreLatPUF: Exploiting DRAM Latency Variations for Generating Robust Device Signatures.” IEEE Access 7 (2019): 81106-81120.
  • [16] B. M. S. B. Talukder et al., “Exploiting DRAM Latency Variations for Generating True Random Numbers.” 2019 IEEE International Conference on Consumer Electronics (ICCE). IEEE, 2019.
  • [17] “DRAM Market to Shrink Substantially in 2019, IHS Markit Reveals,” IHS Markit Online Newsroom, 27-Mar-2019. Available: https://news.ihsmarkit.com/press-release/dram-market-shrink-substantially-2019-ihs-markit-reveals, [Accessed: 04-Nov-2019].
  • [18] JEDEEC, “DDR3 SDRAM Standard,” July 2012.
  • [19] J. Liu et al., “An experimental study of data retention behavior in modern DRAM devices: Implications for Retention Time Profiling Mechanisms,” ACM SIGARCH Comp. Architecture News, vol. 41, no. 3, p. 60, 2013.
  • [20] B. Liu and G. Qu, “VLSI supply chain security risks and mitigation techniques: A survey,” Integration, the VLSI Journal, pp. 110, 2016.
  • [21] A. Basak and S. Bhunia, “P-Val: Antifuse-Based Package-Level Defense Against Counterfeit ICs,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 7, pp. 10671078, 2016.
  • [22]

    N. Karimian et al., “Genetic algorithm for hardware Trojan detection with ring oscillator network (RON).” In 2015 IEEE International Symposium on Technologies for Homeland Security, pp. 1-6, 2015.

  • [23] X. Zhang and M. Tehranipoor, “Design of On-Chip Lightweight Sensors for Effective Detection of Recycled ICs,” IEEE Transactions on Very Large Scale Integration Syst., vol. 22, no. 5, pp. 10161029, 2014.
  • [24] K. He, X. Huang, and S. X.-D. Tan, “EM-based on-chip aging sensor for detection and prevention of counterfeit and recycled ICs,” IEEE/ACM International Conference on Computer-Aided Design, 2015.
  • [25] Y. M. Alkabani and F. Koushanfar, “Active Hardware Metering for Intellectual Property Protection and Security”, 16th {USENIX} Security Symposium, Boston, MA, 2007.
  • [26] X. Zhang, N. Tuzzio, and M. Tehranipoor, “Identification of recovered ICs using fingerprints from a light-weight on-chip sensor,” Proceedings of the 49th Annual Design Automation Conference on - DAC 12, 2012.
  • [27] J. A. Hayward and J. Meraglia, “DNA Marking and Authentication: A unique, secure anti-counterfeiting program for the electronics industry,” ISM, vol. 2011, no. 1, pp. 000107000112, 2011.
  • [28] K. Elkhiyaoui, E.-O. Blass, and R. Molva, “CHECKER: On-site checking in RFID-based supply chains.” In Proceedings of the fifth ACM conference on security and privacy in wireless and mobile networks, pp. 173184. ACM, 2012.
  • [29] M. N. Islam, V. C. Patii, and S. Kundu, “On IC traceability via blockchain,” International Symposium on VLSI Design, Automation and Test (VLSI-DAT), 2018.
  • [30] S. Sutar et al., “D-PUF: An Intrinsically Reconfigurable DRAM PUF for Device Authentication and Random Number Generation,” ACM Trans. Embed. Comput. Syst. 17, 1, Article 17.
  • [31] F. Tehranipoor et al., “DRAM based Intrinsic Physical Unclonable Functions for System Level Security,” GLSVLSI 15, 2015.
  • [32] W. Xiong et al. , “Run-Time Accessible DRAM PUFs in Commodity Devices,” Lecture Notes in Computer Science Cryptographic Hardware and Embedded Systems CHES 2016, pp. 432–453, 2016.
  • [33] M. S. Hashemian et al., “A Robust Authentication Methodology using Physically Unclonable Functions in DRAM Arrays,” Design, Automation & Test in Europe Conference & Exhibition, 2015.
  • [34] JEDEC, “Serial Presence Detect (SPD), General Standard,” Available: https://www.jedec.org/sites/default/files/docs/4_01_02R19.pdf.
  • [35] Z. Kemble, “Modifying RAM SPD Data,” March, 2016. http://blog.zakkemble.net/modifying-ram-spd-data [Accessed: 08-Aug-2019].
  • [36] K. K. Chang et al., “Understanding reduced-voltage operation in modern dram devices: Experimental characterization, analysis, and mechanisms,” Proc. of the ACM on Measurement & Analysis of Comp. Sys., 1(1), 10.
  • [37] B. Jacob, S. W. Ng, and D. T. Wang, “Memory systems: cache, DRAM, disk,” Morgan Kaufmann, 2010.
  • [38] D. Lee et al., “Design-Induced Latency Variation in Modern DRAM Chips,” Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 1, no. 1, pp. 136, 2017.
  • [39] D. Clein, “CMOS IC layout: concepts, methodologies and tools,” Boston: Newnes, 2000.
  • [40] Y. Cao et al., “Design sensitivities to variability: extrapolations and assessments in nanometer VLSI,” 15th Annual IEEE International ASIC/SOC Conference, 2002.
  • [41] K. J. Kuhn et al., “Process Technology Variation,” IEEE Transactions on Electron Devices, vol. 58, no. 8, pp. 2197–2208, 2011.
  • [42] SK hynix, “DDR SDRAM MODULE PART NUMBERING,” Jun-2014, Available: https://www.skhynix.com/static/filedata/fileDownload.do?seq=190 [Accessed: 08-Aug-2019].
  • [43] SK hynix, “Technical Support,” Available: https://www.skhynix.com/eng/support/technicalSupport.jsp [Accessed: 08-Aug-2019].
  • [44] JEDEC, “Design Files for ddr3,” Available: https://www.jedec.org/standards-documents/focus/memory-module-designs-dimms/ddr3/all.
  • [45] S. Khan, D. Lee, and O. Mutlu, “PARBOR: An Efficient System-Level Technique to Detect Data-Dependent Failures in DRAM,” 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016.
  • [46] P. Deutsch and J-L. Gailly, “ZLIB Compressed Data Format Specification,” Available: http://www.ietf.org/rfc/rfc1950.txt.
  • [47] K. Huang et al., “Recycled IC Detection Based on Statistical Methods,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 6, pp. 947–960, 2015.
  • [48] O. Sinanoglu et al., “Reconciling the IC test and security dichotomy,” 2013 18Th Ieee European Test Symposium (Ets), 2013.
  • [49]

    K. Huang, J. M. Carulli, and Y. Makris, “Parametric counterfeit IC detection via Support Vector Machines,” IEEE Int. Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems, 2012.

  • [50] W.-C. Chang, C.-P. Lee, and C.-J. Lin, “A Revisit to Support Vector Data Description (SVDD),” Technical report 2013.
  • [51] D. M.J. Tax, and R. P.W. Duin, “Support Vector Data Description,” Machine Learning, vol. 54, no. 1, pp. 4566, 2004.
  • [52] B. Schölkopf et al., “New support vector algorithms,” Neural Computation, 12, 2000, 1207-1245
  • [53] E. Castillo et al., “Distributed One-Class Support Vector Machine,” Int. Journal of Neural Sys., vol. 25, no. 07, p. 1550029, 2015.
  • [54]

    S. S. Khan and M. G. Madden, “One-class classification: taxonomy of study and review of techniques,” The Knowledge Engineering Review, vol. 29, no. 03, pp. 345

    374, 2014.
  • [55] B. Schölkopf et al., “Comparing support vector machines with Gaussian kernels to radial basis function classifiers,” IEEE Transactions on Signal Processing, V. 45, 1997
  • [56] D. M. J. Tax, and R. P.W. Duin, “Uniform Object Generation for Optimizing One-class Classifiers,” Journal of Machine Learning Research 2, pp. 155173, 2001.
  • [57]

    H. Hassan et al., “SoftMC: A Flexible and Practical Open-Source Infrastructure for Enabling Experimental DRAM Studies,” IEEE Int. Symp. on High Performance Computer Architecture, 2017, pp. 241-252.

  • [58] Texas Instruments, “Complete DDR, DDR2 and DDR3 Memory Power Solution Synchronous Buck Controller, 3-A LDO, Buffered Reference for Embedded Computing Systems,” Nov. 2010, Available: http://www.ti.com/lit/ds/symlink/tps59116.pdf [Accessed: 08-Aug-2019].
  • [59] J. P. Cunningham, Z Ghahramani, “Linear Dimensionality Reduction: Survey, Insights, and Generalizations”, Journal of Machine Learning Research 16 (2015).
  • [60] C.-C. Chang and C.-J. Lin, “LIBSVM : a library for support vector machines,” ACM Trans. on Intelligent Sys. and Tech., 2:27:1–27, 2011.
  • [61] K. Chandrasekar et al.,“Exploiting Expendable Process-Margins in DRAMs for Run-Time Performance Optimization,” Design, Automation & Test in Europe Conference & Exhibition, 2014.
  • [62] M. T. Rahman et al., “Systematic correlation and cell neighborhood analysis of sram puf for robust and unique key generation.” Journal of Hardware and Systems Security 1, no. 2 (2017): 137-155.
  • [63] P. Kumari et al., “Independent detection of recycled flash memory: Challenges and solutions.” In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 89-95. IEEE, 2018.