This chapter introduces NeuroHammer, a hardware attack on memristive crossbar arrays. The attack induces bit-flips by combining the V/2 scheme with thermal crosstalk that speeds SET kinetics. A dual-simulation workflow evaluates feasibility. COMSOL extracts thermal coupling ( \(\alpha \) ) and device thermal resistance. Cadence Virtuoso with a modified JART VCM model uses these \(\alpha \) values to emulate crosstalk in circuits. Key factors are mapped: pulse length, electrode spacing, ambient temperature, and attack patterns. Results show fewer pulses are needed with longer pulses, tighter spacing, and higher temperature. Passive arrays are vulnerable. In 1T1R arrays, leakage through access transistors can re-enable risk, depending on device variability and technology node. Pseudo 1T1R shows strong immunity due to missing shared electrodes. A case study links the crossbar simulator to gem5 and demonstrates RSA-CRT key leakage by flipping bits in ReRAM caches. Limitations and open defenses are outlined, including measurement-based calibration and countermeasures for future work.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Deliberately Flipping Bits in Memristive Crossbar Arrays

  • Felix Staudigl,
  • Rainer Leupers

摘要

This chapter introduces NeuroHammer, a hardware attack on memristive crossbar arrays. The attack induces bit-flips by combining the V/2 scheme with thermal crosstalk that speeds SET kinetics. A dual-simulation workflow evaluates feasibility. COMSOL extracts thermal coupling ( \(\alpha \) ) and device thermal resistance. Cadence Virtuoso with a modified JART VCM model uses these \(\alpha \) values to emulate crosstalk in circuits. Key factors are mapped: pulse length, electrode spacing, ambient temperature, and attack patterns. Results show fewer pulses are needed with longer pulses, tighter spacing, and higher temperature. Passive arrays are vulnerable. In 1T1R arrays, leakage through access transistors can re-enable risk, depending on device variability and technology node. Pseudo 1T1R shows strong immunity due to missing shared electrodes. A case study links the crossbar simulator to gem5 and demonstrates RSA-CRT key leakage by flipping bits in ReRAM caches. Limitations and open defenses are outlined, including measurement-based calibration and countermeasures for future work.