Loading [MathJax]/extensions/MathMenu.js
Intrinsic Rowhammer PUFs: Leveraging the Rowhammer effect for improved security | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2017 IEEE International Sympo...

Intrinsic Rowhammer PUFs: Leveraging the Rowhammer effect for improved security

PDF
Andre Schaller; Wenjie Xiong; Nikolaos Athanasios Anagnostopoulos; Muhammad Umair Saleem; Sebastian Gabmeyer; Stefan Katzenbeisser
All Authors

Abstract:

Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrins...Show More

Metadata

Abstract:

Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules - the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context - to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.
Published in: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
Date of Conference: 01-05 May 2017
Date Added to IEEE Xplore: 19 June 2017
ISBN Information:
DOI: 10.1109/HST.2017.7951729
Conference Location: Mclean, VA, USA
References is not available for this document.
Contents

I. Introduction

In recent years, attacks that exploit the Rowhammer effect have gained a lot of attention, as they can enable a plethora of security-related risks due to the wide-spread vulnerability imposed by the Rowhammer effect in today's DRAM modules. The phenomenon was first described by Kim et al. [1], who were able to induce so-called disturbance errors in high-density, commodity DRAM modules by repeatedly accessing uncached memory rows. Disturbance errors occur due to the charge coupling between DRAM cells, which accelerates charge leakage in adjacent rows, and eventually results in bits being flipped in so-called victim rows in DRAM, even though said victim rows were not explicitly accessed. The Rowhammer effect allows for breaking many software-based security mechanisms, as well as memory and process isolation, because it allows flipping memory bits, which would otherwise be protected by software-based access control mechanisms. Numerous papers have been published that use the Rowhammer effect in order to improve the identification of vulnerable DRAM cells or to implement various Rowhammer attacks [2]–[5].

Select All
1.
Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, et al., "Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors", ACM SIGARCH ComputerArchitecture News, pp. 361-372, 2014.
Google Scholar
2.
M. Seaborn and T. Dullien, "Exploiting the DRAM rowhammer bug to gain kernel privileges", Black Hat, 2015.
Google Scholar
3.
V. van der Veen, Y. Fratantonio, M. Lindorfer, D. Gruss, C. Maurice, G. Vigna, et al., "Drammer: Deterministic Rowhammer Attacks on Mobile Platforms", ACM Conference on Computerand Communications Security, 2016.
CrossRef Google Scholar
4.
Y. Xiao, X. Zhang, Y. Zhang and R. Teodorescu, "One bit flips one cloud flops: Cross-vm row hammer attacks and privilege escalation", USENIX Security Symposium, 2016.
Google Scholar
5.
K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida and H. Bos, "Flip feng shui: Hammering a needle in the software stack", USENIX Security Symposium, pp. 1-18, 2016.
Google Scholar
6.
W. Xiong, A. Schaller, N. A. Anagnostopoulos, M. U. Saleem, S. Gabmeyer, S. Katzenbeisser, et al., "Run-Time Accessible DRAM PUFs in Commodity Devices", International Conference on Cryptographic Hardware and Embedded Systems, pp. 432-453, 2016.
CrossRef Google Scholar
7.
D. Gruss, C. Maurice and S. Mangard, Rowhammer. js: A remote software-induced fault attack in javascript, 2015.
Google Scholar
8.
Z. B. Aweke, S. F. Yitbarek, R. Qiao, R. Das, M. Hicks, Y. Oren, et al., "ANVIL: Software-based protection against next-generation rowhammer attacks", International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 743-755, 2016.
CrossRef Google Scholar
9.
R. Qiao and M. Seaborn, "A new approach for rowhammer attacks", International Symposium on Hardware Oriented Security and Trust, pp. 161-166, May 2016.
View Article
Google Scholar
10.
S. Bhattacharya and D. Mukhopadhyay, "Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis", International Conference on Cryptographic Hardware and Embedded Systems, pp. 602-624, 2016.
CrossRef Google Scholar
11.
J. Guajardo, S. S. Kumar, G.-J. Schrijen and P. Tuyls, FPGA intrinsic PUFs and their use for IP protection, Springer, 2007.
Google Scholar
12.
G.-J. Schrijen and V. van der Leest, "Comparative analysis of SRAM memories used as PUF primitives", Conference on Design Automation and Test in Europe, pp. 1319-1324, 2012.
View Article
Google Scholar
13.
F. Tehranipoor, N. Karimina, K. Xiao and J. Chandy, "DRAM based Intrinsic Physical Unclonable Functions for System Level Security", Great Lakes Symposium on VLSI, pp. 15-20, 2015.
CrossRef Google Scholar
14.
J. Liu, B. Jaiyen, Y. Kim, C. Wilkerson and O. Mutlu, "An experimental study of data retention behavior in modern DRAM devices: Implications for retention time profiling mechanisms", ACM SIGARCH Computer Architecture News, pp. 60-71, 2013.
CrossRef Google Scholar
15.
T. Hamamoto, S. Sugiura and S. Sawada, "On the retention time distribution of dynamic random access memory (DRAM)", IEEE Transactions on Electron Devices, pp. 1300-1309, 1998.
View Article
Google Scholar
16.
B. Aichinger, "DDR memory errors caused by Row Hammer", High Performance Extreme Computing Conference, pp. 1-5, 2015.
CrossRef Google Scholar
17.
PandaBoard, [online] Available: http://www.pandaboard.org.
Google Scholar
18.
P. Jaccard, Etude comparative de la distribution florale dans une portion des Alpes et du Jura, Impr. Corbaz, 1901.
Google Scholar
19.
Y. Dodis, L. Reyzin and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data", International Conference on the Theory and Applications of Cryptographic Techniques, pp. 523-540, 2004.
Google Scholar
Contact IEEE to Subscribe
More Like This
Low Temperature Processed Two-Transistor- Two-Capacitor-Based Ferroelectric Random Access Memory

IEEE Transactions on Electron Devices

Published: 2014

In-Memory Unified TRNG and Multi-Bit PUF for Ubiquitous Hardware Security

IEEE Journal of Solid-State Circuits

Published: 2022

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.