Skip to Main Content
The ability to safely keep a secret in memory is central to the vast majority of security schemes, but storing and erasing these secrets is a difficult problem in the face of an attacker who can obtain unrestricted physical access to the underlying hardware. Depending on the memory technology, the very act of storing a 1 instead of a 0 can have physical side effects measurable even after the power has been cut. These effects can't be hidden easily, and if the secret stored on chip is of sufficient value, an attacker might go to extraordinary means to learn even a few bits of that information. The architecture has an interesting role to play here. Just as one uses architectural techniques to detect and correct errors, so too can one create efficient methods to hide critical bits from physical inspection. The authors present a first step toward this goal by focusing on a backbone of any hardware system: on-chip memory. They examine the relationship between security, area, and efficiency in these architectures and quantitatively examine the resulting systems through cryptographic analysis and microarchitectural impact. In the end, they find an efficient scheme in which, even if an adversary is able to inspect the value of a stored bit with a probabilistic error of only 5 percent, the system will be able to prevent that adversary from learning any information about the original uncoded bits with 99.9999999999 percent probability.