CN117149055A - Protective actions for memory devices based on detection attacks - Google Patents
Protective actions for memory devices based on detection attacks Download PDFInfo
- Publication number
- CN117149055A CN117149055A CN202310584031.5A CN202310584031A CN117149055A CN 117149055 A CN117149055 A CN 117149055A CN 202310584031 A CN202310584031 A CN 202310584031A CN 117149055 A CN117149055 A CN 117149055A
- Authority
- CN
- China
- Prior art keywords
- memory device
- memory
- program
- delay
- storage elements
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000001681 protective effect Effects 0.000 title abstract description 42
- 238000001514 detection method Methods 0.000 title abstract description 41
- 238000000034 method Methods 0.000 claims description 185
- 238000003860 storage Methods 0.000 claims description 125
- 239000003990 capacitor Substances 0.000 claims description 48
- 230000011664 signaling Effects 0.000 claims description 38
- 238000007599 discharging Methods 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 238000004378 air conditioning Methods 0.000 claims 9
- 230000008569 process Effects 0.000 description 39
- 230000006870 function Effects 0.000 description 19
- 230000008093 supporting effect Effects 0.000 description 19
- 230000004044 response Effects 0.000 description 17
- 230000004913 activation Effects 0.000 description 10
- 230000008859 change Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 10
- 230000002093 peripheral effect Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 239000000758 substrate Substances 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 239000000523 sample Substances 0.000 description 5
- 239000004065 semiconductor Substances 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000001934 delay Effects 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 2
- 229910045601 alloy Inorganic materials 0.000 description 2
- 239000000956 alloy Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000000969 carrier Substances 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 239000004020 conductor Substances 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000003111 delayed effect Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 239000002245 particle Substances 0.000 description 2
- 230000000630 rising effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- JBRZTFJDHDCESZ-UHFFFAOYSA-N AsGa Chemical compound [As]#[Ga] JBRZTFJDHDCESZ-UHFFFAOYSA-N 0.000 description 1
- ZOXJGFHDIHLPTG-UHFFFAOYSA-N Boron Chemical compound [B] ZOXJGFHDIHLPTG-UHFFFAOYSA-N 0.000 description 1
- 229910002601 GaN Inorganic materials 0.000 description 1
- 229910001218 Gallium arsenide Inorganic materials 0.000 description 1
- JMASRVWKEDWRBT-UHFFFAOYSA-N Gallium nitride Chemical compound [Ga]#N JMASRVWKEDWRBT-UHFFFAOYSA-N 0.000 description 1
- OAICVXFJPJFONN-UHFFFAOYSA-N Phosphorus Chemical compound [P] OAICVXFJPJFONN-UHFFFAOYSA-N 0.000 description 1
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 1
- 229910000577 Silicon-germanium Inorganic materials 0.000 description 1
- LEVVHYCKPQWKOP-UHFFFAOYSA-N [Si].[Ge] Chemical compound [Si].[Ge] LEVVHYCKPQWKOP-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 229910052785 arsenic Inorganic materials 0.000 description 1
- RQNWIZPPADIBDY-UHFFFAOYSA-N arsenic atom Chemical compound [As] RQNWIZPPADIBDY-UHFFFAOYSA-N 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 229910052796 boron Inorganic materials 0.000 description 1
- -1 but not limited to Substances 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 150000004770 chalcogenides Chemical class 0.000 description 1
- 239000013626 chemical specie Substances 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000005672 electromagnetic field Effects 0.000 description 1
- 230000005669 field effect Effects 0.000 description 1
- 230000008014 freezing Effects 0.000 description 1
- 238000007710 freezing Methods 0.000 description 1
- 229910052732 germanium Inorganic materials 0.000 description 1
- GNPVGFCGXDBREM-UHFFFAOYSA-N germanium atom Chemical compound [Ge] GNPVGFCGXDBREM-UHFFFAOYSA-N 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000001976 improved effect Effects 0.000 description 1
- 239000012212 insulator Substances 0.000 description 1
- 238000005468 ion implantation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 229910052751 metal Inorganic materials 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 150000002739 metals Chemical class 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 229910052698 phosphorus Inorganic materials 0.000 description 1
- 239000011574 phosphorus Substances 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 229910052594 sapphire Inorganic materials 0.000 description 1
- 239000010980 sapphire Substances 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 229910000679 solder Inorganic materials 0.000 description 1
- 239000007921 spray Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000004781 supercooling Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0614—Improving the reliability of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0632—Configuration or reconfiguration of storage systems by initialisation or re-initialisation of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Techniques For Improving Reliability Of Storages (AREA)
Abstract
The present application relates to a protective action for a memory device based on detection of an attack. In some systems, a memory device is able to detect whether a fault is injected into the memory device. The memory device can impose a delay during start-up if a fault is detected. To ensure that the delay is applied, the memory device can default to applying the delay and, if no failure is detected, can remove the indication that the delay is applied. Additionally or alternatively, the memory device can erase information from non-volatile memory during startup, for example, if a failure is detected. The memory device can be configured to ensure that at least a particular portion of memory resources (e.g., resources configured to store sensitive information) are erased during startup. In some examples, the memory device is capable of storing data using a stream cipher to improve security of the data.
Description
Cross reference to
U.S. patent application Ser. No. 18/104,079, entitled "protective action for memory device based on detection attack (PROTECTIVE ACTIONS FOR A MEMORY DEVICE BASED ON DETECTING AN ATTACK)" filed by BoehM (BOEHM) et al at 1 month 31 of 2023, and U.S. provisional patent application Ser. No. 63/347,861, entitled "protective action for memory device based on detection attack (PROTECTIVE ACTIONS FOR A MEMORY DEVICE BASED ON DETECTING AN ATTACK)" filed by BoehM (BOEHM) et al at 1 month 6 of 2022, each of which is assigned to its assignee and each of which is expressly incorporated herein by reference in its entirety.
Technical Field
The technical field relates to a protective action for a memory device based on detection of an attack.
Background
Memory devices are widely used to store information in a variety of electronic devices, such as computers, user devices, wireless communication devices, cameras, digital displays, and the like. Information is stored by programming memory cells within a memory device to various states. For example, a binary memory cell may be programmed to one of two support states, typically represented by a logic 1 or a logic 0. In some examples, a single memory cell may support more than two states, any of which may be stored. To access the stored information, the component may read (e.g., sense, detect, retrieve, identify, determine, evaluate) the state stored in the memory device. To store information, components may write (e.g., program, set, assign) states in a memory device.
There are various types of memory devices and memory cells including magnetic hard disks, random Access Memory (RAM), read Only Memory (ROM), dynamic RAM (DRAM), synchronous Dynamic RAM (SDRAM), static RAM (SRAM), ferroelectric RAM (FeRAM), magnetic RAM (MRAM), resistive RAM (RRAM), flash memory, phase Change Memory (PCM), self-selected memory, chalcogenide memory technology, and others. The memory cells may be described in terms of a volatile configuration or a non-volatile configuration. Memory cells configured in a non-volatile configuration can preserve a stored logic state for a long period of time even in the absence of an external power source. Memory cells configured in a volatile configuration may lose a stored state when disconnected from an external power source.
Disclosure of Invention
A method is described. The method may comprise: setting an indication to apply a delay to a program that activates the memory device; executing a first program that powers down the memory device, wherein the indication is maintained based at least in part on detecting a fault associated with the memory device; executing a second program that starts the memory device based at least in part on executing the first program that powers down the memory device; and applying the delay to the second program that activates the memory device based at least in part on the indication being set.
A method is described. The method may comprise: detecting that a fault is injected into the memory device; executing a program that starts the memory device; and based at least in part on detecting that the fault is injected into the memory device, writing one or more values to one or more capacitive storage elements of the memory device during the program to activate the memory device, the one or more capacitive storage elements configured to erase after activation based at least in part on the fault being detected.
A method is described. The method may comprise: executing a first program for starting the memory device; generating a key based at least in part on starting the first program of the memory device; receiving signaling from a host device indicating a command to access a set of data, the command being associated with an address; and executing a second program associated with encryption of the set of data based at least in part on the key, the address, and a stream cipher configured at the memory device.
An apparatus is described. The apparatus may include: a memory device; and logic coupled with the memory device and operable to cause the apparatus to: setting an indication to apply a delay to a program that activates the memory device; executing a first program that powers down the memory device, wherein the indication is maintained based at least in part on detecting a fault associated with the memory device; executing a second program that starts the memory device based at least in part on executing the first program that powers down the memory device; and applying the delay to the second program that activates the memory device based at least in part on the indication being set.
An apparatus is described. The apparatus may include: a memory device; and logic coupled with the memory device and operable to cause the apparatus to: detecting that a fault is injected into the memory device; executing a program that starts the memory device; and based at least in part on detecting that the fault is injected into the memory device, writing one or more values to one or more capacitive storage elements of the memory device during the program to activate the memory device, the one or more capacitive storage elements configured to erase after activation based at least in part on the fault being detected.
Drawings
FIG. 1 illustrates an example of a system for supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein.
FIG. 2 illustrates an example of a launch penalty program supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein.
Fig. 3 illustrates an example of a memory device configuration supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein.
Fig. 4 illustrates an example of an encryption process supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein.
Fig. 5-7 illustrate examples of process flows supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein.
FIG. 8 shows a block diagram of a memory device supporting detection attack-based protective actions for the memory device according to an example disclosed herein.
Fig. 9-11 show flowcharts illustrating methods for supporting detection attack based protective actions for a memory device according to examples disclosed herein.
Detailed Description
A system, such as an automotive system (e.g., a vehicle), may include a host device coupled with a memory device. The host device and the memory device may communicate information (e.g., commands, data) using signaling via one or more channels between the host device and the memory device. In some cases, an attack on a memory device may affect one or more aspects of the memory device (e.g., input from a host device to the memory device, measurements at the memory device, signaling at the memory device). For example, modifying (or otherwise affecting) a Printed Circuit Board (PCB) at the memory device (e.g., by adding an interposer, modifying wiring, modifying sockets, or some combination thereof) may cause a change (e.g., a sudden change) in the voltage input to the memory device, may affect a clock signal input to the memory device, or may affect some other input of the memory device. Additionally or alternatively, removing a memory device or a component of a memory device (e.g., a Dynamic Random Access Memory (DRAM) component) from a system may change one or more aspects of the DRAM component. In some examples, an unauthorized user (e.g., hacker, customer) may remove a memory device, such as a DRAM, or otherwise modify the memory device to capture secure communications or read secure information from the memory device (e.g., DRAM), among other examples. Detecting such an attack before or even while the attack is occurring may allow a memory device, such as a DRAM, to perform operations to mitigate theft of security or other information and prevent future theft of security or other information.
As disclosed herein, a system may support one or more techniques for protecting information at a memory device (e.g., a DRAM component of the memory device) in the event an attack is detected on the memory device. Potential attacks on the memory device may cause faults to be injected into the memory device. The memory device may support one or more techniques that detect that a fault is injected into the memory device, and if a fault is detected, a delay may be imposed during a startup procedure of the memory device. The delay may slow down attacks on the memory device, allow the memory device more time to perform protective actions during startup, or both, as well as other actions. To ensure that the delay is applied, the memory device may default to an indication of applying the delay at startup, and if no failure is detected, the memory device may remove the indication of applying the delay during a normal power down procedure. In this way (e.g., removing an indication of an applied delay if a fault is not detected, rather than adding an indication of an applied delay if a fault is detected) may improve the reliability of the system, as an attacker may not be able to avoid delays by resetting the memory device before a fault is detected (e.g., because such a reset avoids a normal power down procedure). Additionally or alternatively, if a failure is detected, the memory device may erase information from the non-volatile memory during startup. The memory device may be configured to ensure that at least a portion (e.g., a subset) of memory resources (e.g., resources configured to store sensitive or other information) are erased during startup. The memory device may be configured for sequentially erasing data during startup or for concurrently erasing data during startup. In some examples, the memory device may encrypt and decrypt data using stream ciphers to further improve the security of the data. Stream ciphers can efficiently support encryption processes without introducing significant delays (e.g., exceeding a delay threshold) into the access program. Any combination of such techniques may improve the security of data stored at the memory device, such as by encrypting the data while stationary, erasing the data in response to failure detection, delaying power-up in response to failure detection, or any combination thereof.
Features of the present disclosure are first described in the context of the system described with reference to fig. 1. Additional features of the present disclosure are discussed with reference to the programs, configurations, and encryption processes described with reference to fig. 2-4. Features of the present disclosure are described in the context of the process flows described with reference to fig. 5-7. These and other features of the present disclosure are further described and described with reference to apparatus diagrams and flow charts described with respect to detection attack-based protective actions for memory devices.
Fig. 1 illustrates an example of a system 100 supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. The system 100 may include a host device 105, a memory device 110, and a plurality of channels 115 coupling the host device 105 and the memory device 110. The system 100 may include one or more memory devices 110, but aspects of one or more memory devices 110 may be described in the context of a single memory device (e.g., memory device 110).
The system 100 may include portions of an electronic device, such as a computing device, a mobile computing device, a wireless device, a graphics processing device, a vehicle, or other system. For example, system 100 may illustrate aspects of a computer, laptop computer, tablet computer, smart phone, cellular phone, wearable device, internet connection device, vehicle controller, or the like. The memory device 110 may be a component of the system 100 operable to store data for one or more other components of the system 100.
Portions of system 100 may be examples of host device 105. Host device 105 may be an example of a processor (e.g., circuitry, processing components) that performs processes within the device using memory, such as within a computing device, a mobile computing device, a wireless device, a graphics processing device, a computer, a laptop computer, a tablet computer, a smart phone, a cellular phone, a wearable device, an internet connection device, a vehicle controller, a system on chip (SoC), or some other fixed or portable electronic device, among other examples. In some examples, host device 105 may refer to hardware, firmware, software, or a combination thereof that implements the functionality of external memory controller 120. In some examples, the external memory controller 120 may be referred to as a host (e.g., host device 105).
Memory device 110 may be a stand-alone device or component operable to provide physical memory addresses/space that may be used or referenced by system 100. In some examples, memory device 110 may be configured to work with one or more different types of host devices. Signaling between the host device 105 and the memory device 110 is operable to support one or more of: modulation schemes for modulating signals, various pin configurations for transferring signals, various form factors of the physical packaging of host device 105 and memory device 110, clock signaling and synchronization between host device 105 and memory device 110, timing conventions, or other functions.
The memory device 110 is operable to store data for the components of the host device 105. In some examples, the memory device 110 (e.g., operating as a secondary device to the host device 105, operating as a slave to the host device 105) may respond to and execute commands provided by the host device 105 through the external memory controller 120. Such commands may include one or more of write commands for write operations, read commands for read operations, refresh commands for refresh operations, or other commands.
The host device 105 may include one or more of an external memory controller 120, a processor 125, a basic input/output system (BIOS) component 130, or other components such as one or more peripheral components or one or more input/output controllers. Components of host device 105 may be coupled to each other using bus 135.
The processor 125 is operable to provide functionality (e.g., control functionality) to the system 100 or host device 105. The processor 125 may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or a combination of these components. In such examples, processor 125 may be an instance of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a General Purpose GPU (GPGPU), or a SoC, among other instances. In some examples, the external memory controller 120 may be implemented by the processor 125 or be part of the processor 125.
The BIOS component 130 may be a software component that includes a BIOS operating as firmware, which may initialize and run various hardware components of the system 100 or host device 105. The BIOS component 130 may also manage the flow of data between the processor 125 and various components of the system 100 or host device 105. The BIOS component 130 may include instructions (e.g., programs, software) stored in one or more of Read Only Memory (ROM), flash memory, or other non-volatile memory.
In some examples, the system 100 or host device 105 may include an I/O controller. The I/O controller may manage data communication between the processor 125 and peripheral components (e.g., input devices, output devices). The I/O controller may manage peripherals that are not integrated into the system 100 or host device 105 or integrated with the system 100 or host device 105. In some examples, an I/O controller may represent a physical connection (e.g., one or more ports) with external peripheral components.
In some examples, the system 100 or host device 105 may include an input component, an output component, or both. The input component may represent a device or signal external to the system 100 that provides information (e.g., signals, data) to the system 100 or components thereof. In some examples, the input component may include an interface (e.g., an interface between user interfaces or other devices). In some examples, the input component may be a peripheral device that interfaces to the system 100 via one or more peripheral components or may be managed by an I/O controller. The output component may represent a device or signal external to the system 100 that is operable to receive output from the system 100 or any of its components. Examples of output components may include a display, an audio speaker, a printing device, another processor on a printed circuit board, and others. In some examples, the output may be a peripheral device that interfaces to system 100 via one or more peripheral components or may be managed by an I/O controller.
The memory device 110 may include a device memory controller 155 and one or more memory dies 160 (e.g., memory chips) that support a capacity (e.g., desired capacity, specified capacity) for data storage. Each memory die 160 (e.g., memory die 160-a, memory die 160-b, memory die 160-N) may include a local memory controller 165 (e.g., local memory controller 165-a, local memory controller 165-b, local memory controller 165-N) and a memory array 170 (e.g., memory array 170-a, memory array 170-b, memory array 170-N). The memory array 170 may be a set of memory cells (e.g., one or more grids, one or more banks, one or more tiles, one or more sections), where each memory cell is operable to store one or more bits of data. The memory device 110 including two or more memory dies may be referred to as a multi-die memory or a multi-die package or a multi-chip memory or a multi-chip package.
The device memory controller 155 may include components (e.g., circuitry, logic) operable to control the operation of the memory device 110. The device memory controller 155 may include hardware, firmware, or instructions that enable the memory device 110 to perform various operations, and is operable to receive, transmit, or execute commands, data, or control information related to the components of the memory device 110. The device memory controller 155 is operable to communicate with one or more of the external memory controller 120, one or more memory dies 160, or the processor 125. In some examples, the device memory controller 155 may control operations of the memory devices 110 described herein in conjunction with a local memory controller 165 of the memory die 160.
In some examples, memory device 110 may receive information (e.g., data, commands, or both) from host device 105. For example, the memory device 110 may receive a write command that instructs the memory device 110 to store data for the host device 105 or a read command that instructs the memory device 110 to provide data stored in the memory die 160 to the host device 105.
The local memory controller 165 (e.g., local to the memory die 160) may include components (e.g., circuitry, logic) operable to control the operation of the memory die 160. In some examples, local memory controller 165 is operable to communicate (e.g., receive or transmit data or commands, or both) with device memory controller 155. The memory device 110 may not include a device memory controller 155, and the local memory controller 165 or the external memory controller 120 may perform various functions described herein. Thus, the local memory controller 165 is operable to communicate with the device memory controller 155, with other local memory controllers 165, or directly with the external memory controller 120 or the processor 125, or a combination thereof. Examples of components that may be included in the device memory controller 155 or the local memory controller 165, or both, may include a receiver for receiving a signal (e.g., from the external memory controller 120), a transmitter for transmitting a signal (e.g., to the external memory controller 120), a decoder for decoding or demodulating the received signal, an encoder for encoding or modulating a signal to be transmitted, or various other components operable to support the described operations of the device memory controller 155 or the local memory controller 165, or both.
The external memory controller 120 is operable to enable transfer of information (e.g., data, commands, or both) between components of the system 100 (e.g., between components of the host device 105 (e.g., the processor 125) and the memory device 110). The external memory controller 120 may handle (e.g., translate) communications exchanged between the components of the host device 105 and the memory device 110. In some examples, the external memory controller 120 or other components of the system 100 or host device 105 or functions thereof described herein may be implemented by the processor 125. For example, the external memory controller 120 may be hardware, firmware, or software implemented by the processor 125 or other components of the system 100 or host device 105, or some combination thereof. Although the external memory controller 120 is depicted as being external to the memory device 110, in some examples, the external memory controller 120 or functions thereof described herein may be implemented by one or more components of the memory device 110 (e.g., the device memory controller 155, the local memory controller 165), or vice versa.
Components of host device 105 may exchange information with memory device 110 using one or more channels 115. Channel 115 is operable to support communication between external memory controller 120 and memory device 110. Each channel 115 may be an example of a transmission medium that carries information between the host device 105 and the memory device 110. Each channel 115 may include one or more signal paths (e.g., transmission media, conductors) between terminals associated with components of the system 100. The signal path may be an example of a conductive path operable to carry a signal. For example, channel 115 may be associated with a first terminal (e.g., including one or more pins, including one or more pads) at host device 105 and a second terminal at memory device 110. Terminals may be examples of conductive input or output points of the devices of the system 100, and the terminals may be operable to serve as part of the channels.
Channels 115 (and associated signal paths and terminals) may be dedicated to conveying one or more types of information. For example, lanes 115 may include one or more Command and Address (CA) lanes 186, one or more clock signal (CK) lanes 188, one or more Data (DQ) lanes 190, one or more other lanes 192, or a combination thereof. In some examples, signaling may be communicated via channel 115 using Single Data Rate (SDR) signaling or Double Data Rate (DDR) signaling. In SDR signaling, one modulation symbol (e.g., signal level) of a signal may be registered for each clock cycle (e.g., on a rising or falling edge of a clock signal). In DDR signaling, two modulation symbols (e.g., signal levels) of a signal may be registered for each clock cycle (e.g., on both rising and falling edges of a clock signal).
In some examples, CA channel 186 is operable to transfer information, including control information (e.g., address information) associated with commands, between host device 105 and memory device 110. For example, the commands carried by CA channel 186 may include read commands having addresses of desired data. In some examples, CA channel 186 may include any number of signal paths (e.g., eight or nine signal paths) for conveying control information (e.g., commands or addresses).
In some examples, the clock signal channel 188 is operable to communicate one or more clock signals between the host device 105 and the memory device 110. The clock signal is operable to oscillate between a high state and a low state and may support coordination of actions (e.g., time) between the host device 105 and the memory device 110. In some examples, the clock signal may be single ended. In some examples, the clock signal may provide a timing reference for command and address operations of the memory device 110 or other full system operations of the memory device 110. The clock signal may thus be referred to as a control clock signal, a command clock signal, or a system clock signal. The system clock signal may be generated by a system clock, which may include one or more hardware components (e.g., oscillators, crystals, logic gates, transistors).
In some examples, the data channel 190 is operable to transfer information (e.g., data, control information) between the host device 105 and the memory device 110. For example, the data channel 190 may transfer information to be written to the memory device 110 (e.g., bi-directional) or information read from the memory device 110.
In some examples, one or more other channels 192 may include one or more Error Detection Code (EDC) channels. The EDC channel is operable to transmit error detection signals, such as checksums, to improve system reliability. The EDC channel may include any number of signal paths.
In some examples, the system 100 may be an example of an automotive system (e.g., a vehicle). For example, both host device 105 and memory device 110 may be components of a vehicle, and host device 105, memory device 110, or both may be further coupled with other components of the vehicle. In some cases, the system 100 may be vulnerable to attacks from hackers or other users. For example, a user (e.g., a hacker) may probe the memory device 110 (e.g., a DRAM bus or another type of memory device or component) to determine information from the memory device 110. In this way, a user may obtain secure information or components (e.g., firmware, keys, plaintext data) of the memory device 110 that are desired to be hidden from the user or not available to the user. The security information may be information stored at a device (e.g., a vehicle) or information communicated in a physiological system (e.g., between the vehicle and other devices or cloud components). In some cases, the user may manipulate information at the vehicle or may manipulate communication information to trigger a particular response, obtain particular data, or cause other responses at the memory device 110. In some examples, such manipulation may involve or cause a failure at the memory device 110. The fault may be any inconsistency identified at the memory device 110, such as an unexpected change in channel conditions, an unexpected change in temperature, an access error at the memory device 110, or any other occurring event at the memory device 110 that may potentially indicate an attack on the memory device 110.
A user (e.g., a hacker) may perform one or more different types of attacks in an attempt to obtain secure information at the memory device 110. In a first example, a user may physically remove memory device 110 or a portion of memory device 110 from system 100 (e.g., from a vehicle). For example, when the vehicle is off and the memory device 110 is in an idle state, the user may remove the memory device 110 and probe the memory device 110 for information (e.g., by detecting information on a DRAM or bus, by placing the memory device 110 into a reader to read the information, or by using some other technique). In some cases, a user may remove DRAM components at memory device 110 (e.g., from or as part of a PCB), may install an interposer with a drop cable, and may capture DRAM traffic using a protocol analyzer. In some other cases, a user may freeze the DRAM, other memory device components, or both (e.g., using one substance to supercool the memory device 110 relatively quickly), then remove the cooled memory device 110 and probe the removed memory device 110. For example, a user may remove a DRAM Ball Grid Array (BGA) component from a PCB, solder into a DRAM socket, and install a different DRAM in the socket. This different DRAM may be programmed with data during operation of the vehicle. After the memory device enters a lower power mode (e.g., sleep mode) (e.g., maintaining data in RAM), the user may supercool (e.g., with a freeze spray) the DRAM and remove the cooled DRAM. Supercooling DRAM may cause an array to retain at least some data for a longer period of time without performing refresh operations. The user may place the removed DRAM on another socket board, which may be unlocked or have additional test equipment to read the contents of the array, search for a key to decrypt the secure storage. A user may capture a significant amount of information (e.g., terabytes of data) over a period of time (e.g., one or more days) when memory device 110 is removed using one or more of these techniques.
In a second example, a user may probe the memory device 110 while the memory device 110 is in place within the system 100 (e.g., without removing the memory device 110 or a portion of the memory device 110 from the vehicle). For example, if the vehicle remains idle (e.g., parked) for a longer period of time (e.g., days or weeks), the user may detect the memory device 110 in place during a duration of days or more. Similar to the first example, a user may capture a significant amount of information (e.g., terabytes of data) over a period of time (e.g., one or more days) without removing the memory device 110 from the system 100.
In a third example, a user may install a third party device within the system 100 (e.g., disposed on a vehicle, such as without the owner of the vehicle's knowledge). The third party device may read or gather information from the memory device 110 and may transmit the information back to the user (e.g., in real time or according to some periodicity or triggering condition). In some cases, the added third party device may read the information while the vehicle is in operation. For example, a third party device may perform channel analysis on the memory device 110, the host device 105, or both using a DRAM logic analyzer or another component. The third party device may capture information and transmit the information to the user while the vehicle is parked, while the vehicle is operating, or a combination thereof.
Any of these attacks may cause a fault to be injected into memory device 110. For example, removing or freezing the DRAM may cause conditions at the DRAM to change significantly, causing the fault detector to determine that a fault associated with the DRAM has occurred. Similarly, probing the memory device 110 or installing a third party device within the system 100 may be detected by a fault detector. In some systems 100, a memory device 110 that detects a fault being injected into the memory device 110 may impose a delay during a startup procedure of the memory device 110. The delay may slow down attacks on the memory device 110, allow the memory device 110 more time to perform protective actions during startup, or both. To ensure that the delay is applied, the memory device 110 may default to applying the delay and may remove an indication of applying the delay if no failure is detected. In this way (e.g., removing an indication of an applied delay if a failure is not detected, rather than adding an indication of an applied delay if a failure is detected) may improve the reliability of the system 100 because an attacker cannot quickly reset the memory device 110 before a failure is detected in order to avoid the delay.
Additionally or alternatively, the memory device 110 may erase information from the non-volatile memory during startup, for example, if a failure is detected. The memory device 110 may be configured to ensure that at least a particular portion of memory resources (e.g., resources configured to store sensitive information) are erased during startup. The memory device 110 may be configured for sequentially erasing data during startup or for erasing data in parallel during startup. In some examples, the memory device may use a stream cipher to store data to improve security of the data. Stream ciphers can efficiently support encryption processes without introducing significant delays (e.g., exceeding a delay threshold) into the access program.
Although some examples may be described herein in terms of DRAM, ferroelectric RAM (FeRAM), or other capacitance-based memory types, it should be understood that aspects of the teachings herein may be applied to any memory device (e.g., various types and combinations of volatile memory, non-volatile memory, or some combination of both). Additionally, although some examples may be described herein in terms of vehicle and automotive systems, it should be understood that the teachings herein may be applied to any system and various examples beyond the scope of a vehicle context (which is merely one example implementation).
Fig. 2 illustrates an example of a launch penalty program 200 supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. The startup penalty program 200 may be executed by a memory device, such as the memory device 110 described with reference to fig. 1. The launch penalty program 200 may include one or more operations during runtime 205 and one or more operations during launch 210 (e.g., during the launch program). The launch penalty program 200 may allow the memory device to impose a default delay during the launch 210 that supports, for example, completing one or more protective actions during the launch 210 if an attack on the memory device is detected. The memory device may apply the delay using a clock or clock signal, a timer, a capacitor, or some other physical component, a logic component, or a combination thereof.
As described herein with reference to fig. 1, faults may be injected into a system (e.g., a system including a memory device, such as an automotive system) to bypass security checks, affect encryption operations, or both in order to circumvent security measures of the system. Such faults may allow a malicious user to obtain sensitive information stored at the memory device (e.g., information that is not desired to be able to be obtained by the malicious user). In some examples, the fault may affect a voltage at the memory device, a clock (e.g., a clock signal) at the memory device, an electromagnetic field at the memory device, a Bad Block Indication (BBI) at the memory device, laser-based operation at the memory device, other aspects, or any combination thereof. If the memory device or another device detects a failure, the memory device may perform one or more protective actions to prevent potential attacks on the memory device. For example, the memory device may be configured to erase (e.g., erase) specific data, keys, or both based on a fault to prevent the data from being acquired by a malicious user. Additionally or alternatively, the memory device may track the fault counter and may impose a relatively more severe penalty (e.g., more aggressive protective actions) if a threshold number of attacks (e.g., N faults) are detected. However, such protective actions may take a significant amount of time to perform. For example, to erase sensitive data at a memory device, the memory device may perform multiple erase operations, which may take a threshold amount of time. To support these operations, the memory device may impose a temporal penalty during start-up 210 during which, if a failure is detected, the memory device may perform one or more protective actions. Additionally or alternatively, applying a temporal penalty may slow down potential attacks. For example, fault injection may be probabilistic, where injection faults may have a relatively small likelihood of successfully bypassing safety measures. To overcome this, an attacker may inject a large number of faults (e.g., thousands or millions of faults) and perform a large number of resets (e.g., thousands or millions of resets) within a short time span (e.g., seconds, minutes, hours) to improve the likelihood of the fault bypassing the security measures. Slowing the boot time by imposing a boot penalty can significantly slow down the attack, thereby reducing the risk of the memory device or effectively changing the timeframe of the attack (e.g., from requiring hours or a day to bypass the security measures to requiring months to bypass the security measures). However, in some cases, an attacker may restart the memory device in an attempt to bypass the startup penalty.
Some other systems may set a bit in response to detecting a fault. This bit may be a non-volatile bit such that after power down and reboot (e.g., if the memory device is rebooted or otherwise reset), the system may trigger a delayed boot if the non-volatile bit is set. However, in such systems, an attacker may potentially power down the device before the bit is set. For example, an attacker may inject a fault into the device and power down the memory device and set the non-volatile bit to a particular value to trigger a delayed start before the memory device is able to detect the fault. In such examples of some other systems, an attacker may effectively bypass the protective actions supported by the memory device and may potentially obtain security information after restarting the memory device.
In contrast, the memory device may apply a default boot penalty during boot using boot penalty program 200. That is, the memory device may set the bit at boot 210 and may avoid deasserting the bit (e.g., setting the bit to a value indicating that no boot penalty is imposed) unless the memory device performs a normal reset or restart procedure. In this way, if an attacker resets the memory device as part of an attack, the memory device may not cancel the set bit and may apply a startup penalty by default, slowing down the attack on the memory device and allowing the memory device time to perform one or more protective actions.
Penalty bit 230 may be set to a default value (e.g., a "1" or another bit value) that indicates that the memory device applies a delay during startup 210. At run time 205, the memory device may use fault detector 215 to determine whether a fault is injected into the memory device. Fault detector 215 may be an instance of any physical component, logical component, or combination thereof configured to identify a fault. For example, the fault detector 215 may monitor a memory device or a system including a memory device for changes that potentially indicate modifications to the memory device (e.g., attacks on the memory device). The fault detector 215 may be coupled with an alarm latch 220. If fault detector 215 detects a fault, fault detector 215 may update alert latch 220 to indicate that the fault has been detected. In some examples, the memory device may close alert latch 220 (e.g., using an electrical signal generated by fault detector 215). The closed alarm latch may indicate that a fault has been detected at the memory device.
If the memory device executes the power down procedure 225, the memory device may check whether a fault has been detected using the alert latch 220 as part of the power down procedure 225 or based on the power down procedure 225. For example, the memory device may send a signal through the alert latch 220. If alert latch 220 indicates that a fault has been detected (e.g., if alert latch 220 is closed, the transmitted signal is allowed to pass through alert latch 220), the memory device may refrain from modifying the value of penalty bit 230. However, if the alert latch 220 indicates that a fault has not been detected (e.g., if the alert latch 220 is open), then at 245 the memory device may update the value of the penalty bit 230 (e.g., to a "0" or another bit value), which indicates that the memory device avoids imposing a delay during the startup 210. For example, the memory device may perform a standard boot procedure without additional delay, which may be referred to as a normal reset or normal reboot, and may improve the efficiency of the boot 210 of the memory device. In this way, if no fault is detected, the memory device deasserts the penalty bit 230 during the power down procedure 225, rather than during the startup 210. In this way, if an attacker resets the memory device in an attempt to conceal a fault injected into the memory device, the memory device may inadvertently skip checking the alarm latch 220 and-thus-may fail to unset the penalty bit 230, thereby adding a start-up delay by default as if a fault was detected.
During boot 210, the memory device may examine the value of penalty bit 230 to determine whether delay 235 is applied to boot 210. The memory device may store penalty bit 230 in non-volatile memory to ensure that the value of penalty bit 230 is maintained when the memory device is powered down. If penalty bit 230 is set to a first value (e.g., a default value such as "1" or "true"), then at 255, the memory device may apply delay 235 to boot 210. For example, the memory device may wait a threshold amount of time (e.g., N seconds or milliseconds) before completing the boot-up procedure. During N seconds or milliseconds, the memory device may refrain from performing the access operation or may refrain from responding to an access command received at the memory device (e.g., from a host device or other external device). In some cases, the memory device may perform other operations during the delay 235. For example, the memory device may perform protective actions such as erasing sensitive data or providing an encryption key for the retrieval of sensitive information. Additionally or alternatively, the memory device may suspend at least some functionality during the delay 235 (e.g., one or more types of operations performed on, by, or related to the memory device may be restricted). Upon completion of delay 235, the memory device may run 240 at 260. That is, the memory device may enter runtime 205 and operate normally, or the memory device may enter runtime 205 but support a limited set of commands or sensitive information (e.g., if the memory device performs certain protective actions during delay 235).
If penalty bit 230 is set to a second value (e.g., "0" or "false"), then at 250, the memory device may avoid applying delay 235. For example, penalty bit 230 may be set to a second value to indicate that no fault was detected during runtime 205, so the memory device may perform a normal reset procedure. Avoiding the application of delay 235 in such examples may improve the efficiency of the memory device by supporting low latency activation, as well as other benefits.
In either case (e.g., whether or not the memory device applies the delay 235), the memory device may reset the penalty bit 230 to a default value. For example, at 265, the memory device may set the penalty bit 230 to a default value (e.g., "1" or "true") during the boot 210, after the boot 210 completes, or after entering the runtime 205. Defaulting the penalty bit 230 back to the apply delay 235 prevents future attackers from resetting the memory device.
As described herein, penalty bit 230 may be an example of a bit stored in non-volatile memory, such as in Electrically Erasable Programmable Read Only Memory (EEPROM). Alternatively, the information of penalty bit 230 may be stored in other forms or using other components. For example, to prevent wear degradation, the memory device may use an on-die capacitor to apply delay 235 to start 210. In this example, the memory device may include a capacitor-based fault detection penalty circuit. The memory device may default to charging the capacitor, where the charged capacitor indicates the delay 235 is applied (e.g., the charged capacitor may be equivalent to setting penalty bit 230 to "1" or "true"). In particular, at start-up 210, the memory device may automatically charge the capacitor. For a normal reset or normal restart procedure (e.g., if the fault detector 215, the alarm latch 220, or both indicate that no fault was detected at run time 205), the memory device may discharge the capacitor during the power down procedure 225. During start-up 210, if the capacitor is charged, the memory device may apply a delay 235 (e.g., a threshold delay, which may be, for example, N seconds or milliseconds) at 255. If the capacitor is not charged (e.g., if the capacitor is discharged during a power failure), the memory device may avoid applying delay 235 at 250. In some examples, the capacitor discharge may be tuned to be greater than or equal to a threshold delay time N to ensure that the memory device is powered down for at least N seconds or milliseconds (for example), even if a normal reset or normal restart is performed. That is, if the memory device is powered down and no fault is detected, the memory device may trigger discharging the capacitor. However, if the start-up 210 is triggered at the memory device before the capacitor finishes discharging (e.g., after an amount of time less than the capacitor discharge time, which may be greater than or equal to N), the capacitor may still store a portion of the charge and may trigger the application delay 235 (e.g., due to the discharge not being complete). This may provide additional backup to enforce penalties in certain scenarios.
The duration N of delay 235 may be preconfigured at the memory device or dynamically determined or configurable. In some examples, the memory device may be configured with a delay duration N during setup. For example, the delay duration may be configured by industry or manufacturing standards or configurations or set based on one or more capabilities of the memory device (e.g., duration for performing one or more protective actions, duration for slowing down a memory device attack). Additionally or alternatively, the memory device may dynamically determine the delay duration. For example, the memory device may increase the delay duration based on the number of faults detected within the time window, the number of starts 210 performed within the time window, or some combination of these or other parameters. Additionally or alternatively, the delay duration may be configured, for example, by the host device or another device. In some examples, the memory device may additionally increase the discharge speed of the capacitor (e.g., capacitive storage element) to accelerate data erasure during startup of the memory device. Additionally or alternatively, the delay duration may support increasing the discharge of the capacitor during start-up.
Fig. 3 illustrates an example of a memory device configuration 300 supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. The memory device configuration 300 may be implemented at a memory device 305, the memory device 305 may be an example of the memory device 110 described with reference to FIG. 1. The memory device configuration 300 may support DRAM forced discharge based on a detected attack on the memory device 305. For example, the memory device configuration 300 may include a portion of memory configured to be erased if a fault is detected at the memory device 305 (potentially indicating an attack on the memory device 305). The memory device 305 may support one or more data erasure techniques to ensure that sensitive information stored at the memory device 305 is protected in the event that the memory device 305 is subject to a potential attack from a malicious user.
Memory device 305 may include or be an example of a DRAM. In some examples, the DRAM may store information in a non-volatile storage device, for example, using capacitive storage element 315. By using a non-volatile storage device, the DRAM may retain information stored in memory when the memory device 305 is powered down. However, maintaining such information may potentially pose a threat to the information when the memory device 305 enters a power down state. For example, a malicious user may probe the memory device 305 when the memory device 305 is powered down or perform other invasive attacks in order to extract Confidential Security Parameters (CSPs) from the memory device 305. Additionally or alternatively, the execution of a reboot or reset procedure by the memory device 305 may leave the data unprotected due to fault injection or other attacks. Thus, while maintaining data in non-volatile memory during a power down may improve data storage and latency, it may also introduce a potential threat to data security. Data security may be improved using data encryption, data initialization at power up, or both, but significant latency may be introduced into the system.
In some systems, the memory device 305 may detect that a fault is injected into the memory device 305. For example, the memory device 305 may use a fault detector or other method or technique to determine whether a fault is injected into the memory device 305. The fault may indicate a potential attack on the memory device 305. In response, the memory device 305 may erase the data from memory to ensure that the data cannot be retrieved by an attacker injecting the fault. For example, an attacker may reset the memory device 305 to attempt to acquire data stored at the memory device 305 using one or more faults injected into the memory device 305. If the memory device 305 detects one or more failures, the memory device 305 may execute a program during startup to erase data from the memory device 305. However, in some cases, the time available during startup may support erasing a subset of the DRAM rows at the memory device 305 during the startup procedure. That is, the memory device 305 may erase all data stored in the non-volatile memory at the memory device 305 using a first threshold time, but the startup procedure may occur within a second threshold time that is shorter than the first threshold time. In some examples, the second threshold time may be defined by some standard, such as a joint electronics engineering council (JEDEC) standard. As such, some other systems may not be able to erase all sensitive information from memory device 305 during startup based on the time to perform the erase.
In contrast, the memory device 305 may use the memory device configuration 300 to ensure that information (e.g., sensitive information) is erased from the memory device 305 if one or more faults are detected (e.g., a first fault is detected, a number of faults exceeding a threshold number are detected within a time window). The memory device 305 may include a plurality of memory banks 310, where each memory bank 310 may include a number of capacitive storage elements 315. For example, memory device 305 may include memory bank 310-a, memory bank 310-b, memory bank 310-c, and memory bank 310-d. In some examples, memory device 305 may configure a set of capacitive storage elements to erase after a failure is detected. For example, a bank 310-d may include capacitive storage elements 320 configured to be erased, while other banks 310 may include capacitive storage elements 315 that may or may not be erased in response to failure detection. In some cases, the data table defining the memory device configuration 300 may specify that a specified number of capacitive storage elements, memory cells, rows of memory cells, banks 310, or some combination thereof are to be erased at startup (e.g., automatically or in response to detecting one or more faults associated with the memory device 305). The memory device 305 may ensure that sensitive information, such as CSP or other sensitive information to be protected from potential attacker attacks, is stored in the capacitive storage element 320 configured for erasure, for example using a basic input/output system (BIOS), operating System (OS), software, hardware, firmware, or any combination of these or other components of the memory device 305.
If the memory device 305 receives information to be stored in the non-volatile memory, the memory device 305 may determine whether the information includes sensitive information. For example, the sensitive information may be associated with one or more security parameters or policies defining rules for storing information, erasing information, encrypting information, or any combination thereof. Based on the security parameters or policies, the memory device 305 may determine that those information to be stored include sensitive information and may correspondingly write the information to the capacitive storage element 320 configured for erasure (e.g., in a particular bank, such as banks 310-d). In some examples, the memory device 305 may automatically erase (e.g., overwrite with other bit values) sensitive information stored in the capacitive storage element 320 configured to erase during a startup procedure. In some other examples, if the memory device 305 detects one or more faults associated with the memory device 305, the memory device 305 may trigger the erasure of sensitive information stored in the capacitive storage element 320 configured for erasure during a startup procedure. The size of the memory resources configured to be erased may be configured such that the memory device 305 may ensure that the memory resources are erased during the boot up procedure based on a threshold time to execute the boot up procedure. Other memory resources may additionally be erased during startup, but memory device 305 may not guarantee erasure of such other memory resources. By writing sensitive information to particular memory resources of memory device 305 and ensuring that these memory resources are erased during startup (e.g., during limited time resources allocated for startup), memory device 305 may protect sensitive information stored at memory device 305 from attacks.
In some examples, the memory device 305 may be configured with a sequential erase command operator 325. The sequential erase command manipulator 325 may be an example of circuitry, logic, or both configured to perform an erase on a memory resource of the memory device 305. In some cases, the sequential erase command operator 325 may be coupled with or may be a component of a memory device controller of the memory device 305. The sequential erase command operator 325 may erase information stored at the memory device 305 sequentially (e.g., row by row). That is, the sequential erase command operator 325 may overwrite the capacitive storage element of the memory device 305 with a default or random value to erase information previously stored at the capacitive storage element. By using a sequential method in some examples, the sequential erase command operator 325 may ensure that a particular row of memory cells is erased before other rows of memory cells. Thus, the memory device 305 may ensure that one or more particular rows of memory cells including the capacitive storage element 320 configured to be erased are erased during a startup procedure (e.g., based on being erased first according to a sequence), while other rows of memory cells including the capacitive storage element 315 may or may not be erased during the startup procedure (e.g., depending on the amount of time available to perform an erase operation during the startup procedure).
In some other examples, the memory device 305 may be configured with one or more techniques for erasing the entire DRAM during start-up. In some cases, the memory device 305 may be configured with circuitry, logic, or both configured to completely erase the capacitive storage elements of the memory device 305 within a threshold time allocated for activation. For example, the memory device 305 may be structured to allow for a full DRAM erase after start-up if some conditions are detected. In one example, the memory device 305 may include multiple parallel erase command operators 330. Parallel erase command manipulator 330 may operate on a particular bank 310 and may use a particular power supply. Thus, the parallel erase command operator 330 may perform erase operations on the memory banks 310 in parallel, allowing the memory device 305 to reduce the latency involved in erase operations. By performing parallel erase operations, the memory device 305 may ensure that the memory resources of the DRAM are erased (e.g., overwritten with default or random bit values) within the time allocated for startup. As an example, the memory device 305 may include a first parallel erase command operator 330-a for erasing data stored in a first bank 310-a, a second parallel erase command operator 330-b for erasing data stored in a second bank 310-b, a third parallel erase command operator 330-c for erasing data stored in a third bank 310-c, and a fourth parallel erase command operator 330-d for erasing data stored in a fourth bank 310-d. In such examples, the memory device 305 may support erasing information from all (or a particular set of) capacitive storage elements 315 in the non-volatile memory during startup (e.g., automatically or in response to detecting a failure associated with the memory device 305). As such, the memory device 305 may write sensitive information to any memory resource within the memory device 305, rather than modifying a write operation to write sensitive information to a particular portion of the memory device 305 configured for erasure.
Additionally or alternatively, the memory device 305 may ensure erasure of sensitive information using techniques such as those described with reference to fig. 2. For example, the memory device 305 may apply a delay to the startup procedure in response to detecting one or more faults associated with the memory device 305. The delay may allow the startup procedure to span a threshold time sufficient to erase a particular subset of the capacitive storage elements 320 at the memory device 305 configured for erasure or to erase all of the capacitive storage elements 315 at the memory device 305.
Fig. 4 illustrates an example of an encryption process 400 supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. The encryption process 400 may be performed by a memory device, such as the memory device 110 described with reference to fig. 1. The encryption process 400 may include one or more operations during startup 405 (e.g., during a startup procedure) and one or more operations during runtime 415. The encryption process 400 may use the stream cipher 440 to encrypt and decrypt data. The stream cipher may be or include hardware configured at the memory device to reduce bandwidth and processing power for performing encryption at the memory device. This stream cipher 440 may protect data (e.g., all data, sensitive data associated with a security protocol) from potential attacks without adding significant overhead to access operations performed by the memory device.
During startup 405, the memory device may randomly or pseudo-randomly generate a key 420 for the stream cipher 440. The memory device may include a digital generator 410 (e.g., implemented in hardware, software, or a combination thereof) for determining the key 420. The memory device may temporarily store the key 420 for use during the runtime 415. In some examples, the memory device may store the key 420 in volatile memory. In some other examples, the memory device may store the key 420 in non-volatile memory configured to be erased after power down or startup. The memory device may store an indicator or key identifier from which the memory device may regenerate the key 420. If the memory device detects a failure associated with the memory device, in some cases, the memory device may erase the key 420, the key identifier, or any other information that would allow retrieval of the key 420. Thus, the memory device may erase the key 420 used to encrypt and correspondingly decrypt at least a portion of the data in the memory device, effectively rendering such data inaccessible to the host device (e.g., to protect the data from attacks).
During runtime 415, the memory device can use key 420 and stream cipher 440 to execute one or more encryption programs (e.g., encrypt or decrypt data). Additionally or alternatively, the memory device may use other parameters in the encryption process. For example, the memory device may receive a write command indicating data 430 to be stored at the memory device. The memory device may determine an address 425 at which to store data (e.g., an address for storing first bit data, an address for storing last bit data). The memory device may input a key 420, an address 425 (e.g., a Double Data Rate (DDR) address), or a combination thereof into the stream cipher 440 to obtain an output of the stream cipher 440. For example, the memory device may perform an exclusive-or (XOR) operation 435 or some other operation between the key 420 and the address 425 and may input the resulting set of bits into the stream cipher 440. The set of bits generated by the stream cipher 440 may similarly be combined (e.g., using XOR operations 445 or some other operation) with the data 430 (e.g., DDR data) to be written to the memory device to effectively encrypt the data 430. Such encrypted data may be stored at the indicated address 425 in the DRAM memory bank 450.
Similarly, during runtime 415, the memory device may receive a read command from the host device indicating an address 425 from which to read data 430 from a storage device at the memory device (e.g., in DRAM bank 450). The memory device may retrieve the key 420 from memory for decryption of the data 430. The memory device may input a key 420, an address 425 (e.g., a DDR address), or a combination thereof into the stream cipher 440 to obtain an output of the stream cipher 440. For example, the memory device may perform an XOR operation 435 or some other operation between the key 420 and the address 425 and may input the resulting set of bits into the stream cipher 440. The memory device may retrieve the encrypted data from the address 425 indicated by the read command and may combine the encrypted data with the output of the stream cipher 440 (e.g., using XOR operations 445 or some other operation) to decrypt the data and determine the data 430 (e.g., DDR data) for sending to the host device in response to the read command.
The stream cipher 440 may receive a set of input bits (e.g., based on the key 420, the address 425, or both) and may encrypt the input bits in the stream (e.g., one bit at a time) to obtain an output set of bits (e.g., a keystream) of the stream cipher 440. The keystream may be xored with data 430 to determine encrypted data (i.e., ciphertext). Stream cipher 440 may operate in real-time as any number of bits are entered into stream cipher 440. Stream cipher 440 may be an example of a synchronous stream cipher such that a previous encryption process performed by stream cipher 440 may not affect a current encryption process performed by stream cipher 440. In some cases, the stream cipher 440 may further use a randomly or pseudo-randomly generated random number or seed as a further input to the stream cipher 440. The generation of the keystream from key 420, address 425, a random number, or any combination thereof, may depend on the current state of stream cipher 440, such that encryption may be stateful. Stream cipher 440 may be implemented in hardware, software, or a combination thereof at a memory device. Since one bit is operated at a time, stream cipher 440 may reduce latency and processing resources associated with encryption at the memory device, allowing the memory device to provide a level of security to data written to DRAM bank 450 without adding significant overhead to access operations at the memory device.
The encryption process 400 may be implemented using the additional delay to startup described with reference to fig. 2, the technique for erasing data, the key 420, or both described with reference to fig. 3, or both. Such a combination of techniques may improve information security at the memory device. For example, the memory device may perform one or more protective actions associated with such techniques, such as based on detecting an attack on the memory device.
Fig. 5 illustrates an example of a process flow 500 for supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. Process flow 500 may be performed by the apparatus described with reference to fig. 1-4. For example, a memory device, such as memory device 110, may perform one or more aspects of process flow 500. In some examples, the memory device may be associated with a vehicle (e.g., a component of a vehicle). The memory device may include or be an example of a DRAM. Process flow 500 may support the initiation of a delay applied to a memory device, as described with reference to fig. 2. Alternative examples may be implemented in which some steps are performed in a different order or not performed at all. Additionally, some steps may include additional features not mentioned below.
Aspects of the process flow 500 may be implemented by a controller, as well as other components (e.g., a memory device controller). Additionally or alternatively, aspects of the process flow 500 may be implemented by logic coupled with a memory device. For example, logic may be operable to cause an apparatus to perform operations of process flow 500.
At 505, the memory device may set an indication that a delay is to be applied to a program that starts the memory device. In some examples, the memory device may write a first bit value (e.g., a default value) to a bit (e.g., a penalty bit) in the memory (e.g., non-volatile memory), where the first bit value indicates that the memory device applies a delay. For example, the memory device may default to setting the penalty bit to "true". In some other examples, the memory device may charge a capacitor to indicate by default that the memory device applies a delay.
At 510, the memory device may determine whether a failure is detected at the memory device. For example, the memory device may include the fault detector 215, the alert latch 220, or both described with reference to fig. 2 to detect a fault associated with the memory device. In some cases, a fault detector may monitor one or more aspects of a memory device or a system including a memory device to determine whether a fault is injected into the memory device. In some examples, the fault detector may detect a change or modification of the memory device that may potentially indicate an attack on the memory device.
If no fault is detected at 510, the memory device may avoid setting an alarm latch. However, if a fault is detected at 510, the memory device may set an alarm latch at 515. For example, the memory device may generate signaling indicating an alarm based on detecting a fault associated with the memory device. Setting an alarm latch or otherwise generating signaling indicating an alarm may be performed using one or more techniques. For example, the memory device may perform any process to store an indication that a fault was detected at 510. In some examples, the memory device may track the number of faults detected within a particular time window. If the memory device detects a number of failures associated with the memory device that exceeds a threshold during a duration, the memory device may maintain an indication that a delay is to be applied to a program that activates the memory device (e.g., by setting an alert latch).
At 520, the memory device may initiate a power down procedure. For example, the memory device may receive a power down command from a host device coupled with the memory device, or the memory device may initiate a power down procedure for some other reason. The memory device may execute a first program that powers down the memory device. At 525, the memory device may determine whether the alert latch is set, e.g., as part of a power down procedure. If the alert latch is set, the memory device may avoid modifying the indication of the applied delay. For example, the memory device may maintain an indication based on detecting that the fault is associated with the memory device at 510. In some examples, maintaining the indication may involve avoiding changing a bit value of a bit (e.g., a penalty bit) in the non-volatile memory or avoiding discharging a capacitor. However, if the alert latch is not set (e.g., indicating that no fault was detected at 510), then at 530 the memory device may modify the indication of the applied delay. For example, the memory device may set a bit in the non-volatile memory to a second bit value (e.g., set the penalty bit to "false"), or the memory device may discharge the capacitor. In some cases, the memory device may tune the discharge of the capacitor based on the duration of time the delay is applied during startup, based on the number of faults detected as being associated with the memory device, or based on both (e.g., a duration configured to discharge the capacitor below a charge threshold). The memory device may complete the power down procedure based on modifying an indication that a delay is applied during startup or determining not to modify an indication that a delay is applied during startup.
At 535, the memory device may initiate a boot up procedure. For example, the memory device may receive a boot command (e.g., from a host device). The memory device may execute a second program that starts the memory device based on executing a first program that powers down the memory device.
At 540, the memory device may determine whether an indication to apply a delay to a program that initiated the memory device is set. For example, the memory device may determine whether the penalty bit is set to a given value or state, such as "true. In some examples, the memory device may read a bit value of a bit (e.g., a penalty bit) in the non-volatile memory during a program that starts the memory device to determine whether to apply a delay to the start-up program. Additionally or alternatively, the memory device may check whether the capacitor is charged. If the penalty bit is set to a certain value or state (e.g., "false") or the capacitor is discharged, then the memory device may perform a normal startup procedure at 545. That is, the memory device may avoid applying a delay to a program that activates the memory device based on the memory device not storing an indication that the delay was applied (e.g., based on the bit value of a bit in the non-volatile memory (e.g., a penalty bit) being a second bit value or a capacitor being discharged). If the penalty bit is set to "true" or the capacitor is charged (e.g., maintains the charge level above the charge threshold), then at 550 the memory device may apply a startup penalty to the startup procedure. For example, the memory device may apply a delay to a second program that activates the memory device based on the indication being set. The memory device may apply a delay if the bit value of a bit in the non-volatile memory is set to a first bit value or the capacitor contains a charge above a charge threshold. The delay may be based on a configured delay value stored at the memory device. For example, the memory device may write data to the non-volatile memory indicating the duration of the delay, and may apply the delay based on the duration of the delay.
In some examples, the memory device may perform one or more corrective or protective actions during activation of the memory device (e.g., during an applied delay or at another time during an activation procedure). For example, the memory device may write one or more values to one or more capacitive storage elements of the memory device during a program that starts the memory device based on detecting that the fault is injected into the memory device. The one or more capacitive storage elements may be configured to erase after startup based on detecting a failure. For example, the one or more capacitive storage elements may be particular storage elements configured for protecting sensitive data. The memory device may write data received from the host device and associated with a security protocol (e.g., a security protocol defining that the associated data should be protected and erased if a failure is detected) to at least one of the one or more capacitive storage elements configured to be detected based on the failure and erased after startup based on the security protocol.
After a delay, the memory device may complete the boot up procedure. As part of completing the boot up procedure or after completing the boot up procedure, the memory device may again set an indication to apply a delay to the boot up procedure at 505.
Fig. 6 illustrates an example of a process flow 600 for supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. Process flow 600 may be performed by the apparatus described with reference to fig. 1-4. For example, a memory device, such as memory device 110, may perform one or more aspects of process flow 600. In some examples, the memory device may be associated with a vehicle (e.g., a component of a vehicle). The memory device may include or be an example of a DRAM. Process flow 600 may support erasing data from a memory device in accordance with one or more techniques, as described with reference to fig. 3. For example, a memory device may include a portion of memory dedicated to protecting information that may be erased during startup if a failure is detected at the memory device. Alternative examples may be implemented in which some steps are performed in a different order or not performed at all. Additionally, some steps may include additional features not mentioned below.
Aspects of the process flow 600 may be implemented by a controller, as well as other components (e.g., a memory device controller). Additionally or alternatively, aspects of the process flow 600 may be implemented by logic coupled with a memory device. For example, logic may be operable to cause an apparatus to perform operations of process flow 600.
At 605, the memory device may receive a write command. For example, the memory device may receive signaling from the host device indicating a write command for the data. In some cases, the data may be associated with a security protocol.
At 610, the memory device may determine whether the data is to be securely stored. For example, if the data is associated with a secure protocol, the memory device may direct the data to be stored in the secure storage device. The data associated with the security protocol may include CSP and other sensitive information. If the data is not securely stored (e.g., the data is not associated with a security protocol), then the memory device may write the data anywhere in memory at 615. That is, the memory device may perform a normal write procedure, such as using a normal addressing scheme to write data to the next available memory resources within the memory device. However, if the data is to be securely stored (e.g., the data is associated with a security protocol), then at 620 the memory device may write the data to a particular portion of the memory device, as described herein with reference to fig. 3. For example, the memory device may write data associated with the security protocol to at least one of a set of capacitive storage elements configured to erase after startup based on a fault being detected. The write may be responsive to a write command and based on a security protocol such that this data will be erased during startup if a failure is detected based on where the data is written within the memory device (e.g., which capacitive storage element stores the data).
At 625, the memory device may determine whether a failure of the memory device is detected. In some cases, the memory device may perform fault detection as described herein with reference to fig. 2 and 5. If no failure is detected, the memory device may refrain from indicating an erase of the DRAM. If a failure is detected, the memory device may set an erase indication of the DRAM at 630. For example, a memory device may detect a fault injected into the memory device. The memory device may set the erase indication by setting an alarm latch, updating a penalty bit, or performing some other function to indicate that sensitive data is erased during the next boot up procedure.
At 635, the memory device may execute a program that powers down the memory device. For example, the memory device may receive a power down command from the host device and may enter a low power consumption state in response to the command. At 640, the memory device may initiate a boot procedure, e.g., in response to a boot command received from the host device. The memory device may execute a program that starts the memory device.
At 645, the memory device may determine whether to erase data from the memory device, e.g., based on whether the erase indication is set. If the memory device detects a fault (e.g., one fault, the number of faults exceeding a threshold value within a time window), the memory device may erase data from the memory device. If not (e.g., if the erase indication is not set), the memory device may complete the program to activate the memory device at 665 without erasing the data from the memory.
If the memory device determines to erase data from memory, then at 650 the memory device may erase data from a particular portion of the DRAM. For example, the memory device may write one or more values to one or more capacitive storage elements of the memory device during a program that activates the memory device. The one or more values may be default or random values for removing data previously stored in the capacitive storage elements, effectively erasing previously stored data. The memory device may perform an erase based on detecting that a fault is injected into the memory device. The one or more capacitive storage elements may be configured to erase after startup based on detecting the failure. That is, the memory device may include a particular set of memory resources (e.g., one or more capacitive storage elements) configured to ensure that erasing occurs during startup if the memory device detects a failure. Other memory resources of the memory device may or may not be erased during startup in the event a failure is detected, depending on the amount of time resources, processing resources, or both, that may be used by the memory device to perform an erase operation during startup. In some cases, the one or more capacitive storage elements may correspond to a subset of each row of capacitive storage elements at the memory device, a subset of each bank of capacitive storage elements at the memory device, a subset of rows of capacitive storage elements at the memory device, a range of addresses of capacitive storage elements at the memory device, or some combination thereof. The one or more capacitive storage elements may include a subset of all capacitive storage elements of the memory device, and the number of capacitive storage elements in the subset may be based on a duration of a program that starts the memory device.
In some examples, the memory device may sequentially erase the data at 655. For example, the memory device may send signaling indicating one or more commands to one or more banks including one or more capacitive storage elements of the memory device and may execute the one or more commands at the one or more banks in sequence. Alternatively, at 660, the memory device may erase the data in parallel. For example, the memory device may send signaling indicating one or more commands to one or more banks that include one or more capacitive storage elements of the memory device and may execute the one or more commands at the one or more banks in parallel. Executing one or more commands may cause one or more values (e.g., zero values) to be written to one or more capacitive storage elements. In some cases, executing the commands in parallel across the memory banks may allow the memory device to erase all capacitive storage elements of the memory device (i.e., the one or more capacitive storage elements may include all capacitive storage elements of the memory device). The memory device may complete the process of starting the memory device at 665 after erasing data from the one or more capacitive storage elements.
Fig. 7 illustrates an example of a process flow 700 for supporting detection attack-based protective actions for a memory device in accordance with examples disclosed herein. Process flow 700 may be performed by the apparatus described with reference to fig. 1-4. For example, a memory device, such as memory device 110, may perform one or more aspects of process flow 700. In some examples, the memory device may be associated with a vehicle (e.g., a component of a vehicle). The memory device may include or be an example of a DRAM. Process flow 700 may support encryption techniques using stream ciphers, as described with reference to fig. 4. Alternative examples may be implemented in which some steps are performed in a different order or not performed at all. Additionally, some steps may include additional features not mentioned below.
Aspects of process flow 700 may be implemented by a controller, as well as other components (e.g., a memory device controller). Additionally or alternatively, aspects of process flow 700 may be implemented by logic coupled with a memory device. For example, logic may be operable to cause an apparatus to perform operations of process flow 700.
At 705, the memory device may execute a first program that starts the memory device. For example, the memory device may receive a command from the host device to activate the memory device.
At 710, the memory device may generate a key. The memory device may generate the key based on a program that starts the memory device. For example, the memory device may generate the key during or after startup. The key may be an example of a key that is randomly or pseudo-randomly generated based on the function used for random number generation.
At 715, the memory device may receive an access command. For example, the memory device may receive signaling from the host device indicating a command to access a set of data, the command being associated with an address (e.g., an address within a DRAM of the memory device). The memory device may execute a second program associated with encryption of the set of data based on the key, the address, and a stream cipher configured at the memory device.
If the access command is a read command, the memory device may read a set of encrypted bits from the memory device at the indicated address at 720. For example, the memory device may read a set of bits from one or more capacitive storage elements of the memory device based on the command to access the set of data including a command to read the set of data. The set of bits may be encrypted bits and the one or more capacitive storage elements may correspond to an address associated with the command. At 725, the memory device may use the key generated at 710 with the stream cipher to determine a keystream, as described with reference to fig. 4. For example, the memory device may input a value to the stream cipher to obtain an output of the stream cipher, where the value is based on a key and an address (e.g., according to an XOR operation). At 730, the memory device may decrypt the set of encrypted bits using the output of the stream cipher. For example, the memory device may perform an XOR operation on the set of bits read from the one or more capacitive storage elements and the output of the stream cipher to obtain the set of data. At 735, the memory device may transmit the decrypted bits in response to the read command. For example, the memory device may transmit second signaling indicating the set of data to the host device in response to a command to read the set of data.
If the access command is a write command, then at 740, the memory device may use the key generated at 710 with the stream cipher to determine a keystream, as described with reference to FIG. 4. For example, the memory device may input a value to the stream cipher to obtain an output of the stream cipher, where the value is based on the key and the address (e.g., combined using an XOR operation or other operation). At 745, the memory device may encrypt a set of bits using the output of the stream cipher. For example, the memory device may perform an XOR operation on the set of data and the output of the stream cipher to obtain a set of bits encrypted using the stream cipher. The set of data may be indicated by an access command, wherein the command to access the set of data includes a command to write the set of data (e.g., to memory of a memory device). At 750, the memory device may write the encrypted bits to the memory device. For example, the memory device may write the set of bits to one or more capacitive storage elements of the memory device (e.g., corresponding to an address associated with the command) based on the command being a write command.
Fig. 8 shows a block diagram 800 of a memory device 820 supporting detection attack-based protective actions for the memory device according to an example disclosed herein. Memory device 820 may be an example of aspects of the memory devices described with reference to fig. 1-7. Memory device 820, or various components thereof, may be an example of means for performing various aspects of the protective actions for a memory device based on detection attacks as described herein. For example, memory device 820 may include a default delay component 822, a failure detection component 824, a start component 826, a start delay component 828, an erase component 830, a key generation component 832, an access command component 834, an encryption component 836, a delay bit indicator component 838, a capacitor charging component 840, a signal generator 842, a secure storage component 844, a sequential erase component 846, a parallel erase component 848, a read command component 850, a stream cipher component 852, an XOR component 854, a write command component 856, a power down component 858, a capacitor discharging component 860, or any combination thereof. Each of these components may communicate with each other directly or indirectly (e.g., via one or more buses).
The default delay component 822 may be configured or otherwise support means for setting an indication to apply a delay to a program that activates the memory device. The fault detection component 824 may be configured or otherwise support means for executing a first program for powering down a memory device, wherein an indication is maintained based at least in part on detecting a fault associated with the memory device. The startup component 826 may be configured or otherwise support means for executing a second program that starts up the memory device based at least in part on executing a first program that powers down the memory device. The startup delay component 828 may be configured or otherwise support means for applying a delay to a second program of the startup memory device based at least in part on the indication being set.
In some examples, the delay bit indicator component 838 may be configured or otherwise support means for writing a first bit value to a bit in non-volatile memory during a second program of the memory device, wherein a bit in non-volatile memory having the first bit value includes an indication to apply a delay.
In some examples, the delay bit indicator component 838 may be configured or otherwise support means for reading a bit value of a bit in the non-volatile memory during a second program of the activated memory device, wherein the delay is applied to the second program of the activated memory device based at least in part on the bit value of the bit in the non-volatile memory being the first bit value.
In some examples, the fault detection component 824 may be configured or otherwise support means for failing to detect a second fault associated with the memory device after completion of a second program to boot the memory device. In some examples, the delay bit indicator component 838 may be configured or otherwise support means for writing a second bit value to a bit in non-volatile memory based at least in part on failing to detect that the second failure is associated with the memory device.
In some examples, power down component 858 may be configured or otherwise support means for executing a third program to power down the memory device after writing the second bit value to the bit in the non-volatile memory. In some examples, the startup component 826 may be configured or otherwise support means for executing a fourth program that starts the memory device based at least in part on executing a third program that powers down the memory device. In some examples, the activation component 826 may be configured or otherwise support means for avoiding applying a delay to a fourth program of the activation memory device based at least in part on the bit value of the bit in the non-volatile memory being the second bit value.
In some examples, the capacitor charging component 840 may be configured or otherwise support means for charging a capacitor during a second procedure of starting the memory device, wherein the capacitor includes an indication to apply a delay. In some examples, the delay is applied to the second program that activates the memory device based at least in part on determining that the capacitor is charged during the second program that activates the memory device.
In some examples, the fault detection component 824 may be configured or otherwise support means for failing to detect a second fault associated with the memory device after completion of a second program to boot the memory device. In some examples, the capacitor discharge component 860 may be configured or otherwise support means for discharging a capacitor based at least in part on failing to detect a second fault associated with a memory device.
In some examples, the capacitor discharge component 860 may be configured or otherwise support means for tuning the discharge of the capacitor based at least in part on the duration of the delay, the number of faults detected as being associated with the memory device, or both.
In some examples, the signal generator 842 may be configured or otherwise support means for generating signaling indicative of an alarm based at least in part on detecting a fault associated with a memory device, wherein the indication is maintained based at least in part on the signaling indicative of the alarm.
In some examples, the fault detection component 824 may be configured or otherwise support means for detecting that a number of faults associated with a memory device exceeds a threshold during a duration, wherein the indication is maintained based at least in part on the number of faults exceeding the threshold for the duration.
In some examples, the start-up delay component 828 may be configured or otherwise support means for writing data to the non-volatile memory indicating a duration of a delay, wherein the applying the delay is based at least in part on the duration of the delay.
In some examples, the fault detection component 824 may be configured or otherwise support means for detecting that a fault is injected into a memory device. In some examples, the startup component 826 may be configured or otherwise support means for executing a program that starts up the memory device. The erase component 830 may be configured or otherwise support means for writing one or more values to one or more capacitive storage elements of the memory device during a program of starting the memory device based at least in part on detecting a fault being injected into the memory device, the one or more capacitive storage elements configured to erase after starting based at least in part on the fault being detected.
In some examples, the secure storage component 844 may be configured or otherwise support means for receiving signaling from the host device indicating a write command for data associated with the secure protocol. In some examples, secure storage component 844 may be configured or otherwise support means for writing data associated with a secure protocol to at least one of one or more capacitive storage elements configured to erase after startup based at least in part on a fault being detected, wherein the write data is responsive to a write command and based at least in part on the secure protocol.
In some examples, the sequential erase component 846 may be configured or otherwise support means for sending signaling indicative of one or more commands to one or more banks including one or more capacitive storage elements of a memory device. In some examples, the sequential erase component 846 may be configured or otherwise support means for sequentially executing one or more commands at one or more memory banks, wherein one or more values are written to one or more capacitive storage elements based at least in part on executing the one or more commands.
In some examples, parallel erase component 848 may be configured or otherwise support means for sending signaling indicative of one or more commands to one or more banks including one or more capacitive storage elements of a memory device. In some examples, parallel erase component 848 may be configured or otherwise support means for executing one or more commands in parallel at one or more banks, wherein one or more values are written to one or more capacitive storage elements based at least in part on executing the one or more commands. In some examples, the one or more capacitive storage elements include all capacitive storage elements of the memory device based at least in part on executing the one or more commands in parallel at the one or more banks.
In some examples, the one or more capacitive storage elements correspond to a subset of each row of capacitive storage elements at the memory device, a subset of each bank of capacitive storage elements at the memory device, a subset of rows of capacitive storage elements at the memory device, a range of addresses of capacitive storage elements at the memory device, or a combination thereof. In some examples, the one or more capacitive storage elements include a subset of a plurality of capacitive storage elements of the memory device. In some examples, the number of capacitive storage elements in the subset is based at least in part on a duration of a program that activates the memory device.
In some examples, the startup component 826 may be configured or otherwise support means for executing a first program that starts the memory device. Key generation component 832 may be configured or otherwise support means for generating a key based at least in part on a first program that initiates a memory device. Access command component 834 may be configured or otherwise support means for receiving signaling from a host device indicating a command to access a set of data, the command being associated with an address. Encryption component 836 may be configured or otherwise support means for executing a second program associated with encryption performed on the set of data based at least in part on the key, the address, and a stream cipher configured at a memory device.
In some examples, read command component 850 may be configured or otherwise support means for reading a set of bits from one or more capacitive storage elements of a memory device based at least in part on a command to access the set of data including a command to read the set of data, wherein the set of bits is encrypted. In some examples, the stream cipher component 852 may be configured or otherwise support means for inputting a value to a stream cipher to obtain an output of the stream cipher, wherein the value is based at least in part on a key and an address. In some examples, XOR component 854 can be configured or otherwise support means for performing XOR operations on the set of bits read from one or more capacitive storage elements with the output of a stream cipher to obtain the set of data.
In some examples, read command component 850 may be configured or otherwise support means for transmitting second signaling indicative of the set of data to the host device in response to a command to read the set of data.
In some examples, the stream cipher component 852 may be configured or otherwise support means for inputting a value to a stream cipher to obtain an output of the stream cipher, wherein the value is based at least in part on a key and an address. In some examples, XOR component 854 can be configured or otherwise support means for performing XOR operations on the set of data and the output of a stream cipher to obtain a set of bits encrypted using the stream cipher. In some examples, the write command component 856 may be configured or otherwise support means for writing the set of bits to one or more capacitive storage elements of the memory device based at least in part on a command to access the set of data including a command to write the set of data.
In some examples, the key is generated based at least in part on functionality for random number generation.
Fig. 9 shows a flow chart illustrating a method 900 for supporting detection attack-based protective actions for a memory device in accordance with an example disclosed herein. The operations of method 900 may be implemented by the memory devices described herein or components thereof. For example, the operations of method 900 may be performed by a memory device, as described with reference to fig. 1-8. In some examples, a memory device may execute a set of instructions to control functional elements of the device to perform the described functions. Additionally or alternatively, the memory device may perform aspects of the described functions using dedicated hardware.
At 905, the method may include setting an indication that a delay is to be applied to a program that activates the memory device. Operation 905 may be performed in accordance with examples disclosed herein. In some examples, aspects of operation 905 may be performed by the default delay component 822 described with reference to fig. 8.
At 910, the method may include executing a first program that powers down the memory device, wherein the indication is maintained based at least in part on detecting that the fault is associated with the memory device. Operation 910 may be performed according to examples disclosed herein. In some examples, aspects of operation 910 may be performed by fault detection component 824 described with reference to fig. 8.
At 915, the method may include executing a second program that starts the memory device based at least in part on executing the first program that powers down the memory device. Operation 915 may be performed according to examples disclosed herein. In some examples, aspects of operation 915 may be performed by the initiation component 826 described with reference to fig. 8.
At 920, the method may include applying a delay to a second program that activates the memory device based at least in part on the indication being set. Operation 920 may be performed according to examples disclosed herein. In some examples, aspects of operation 920 may be performed by the start-up delay component 828 described with reference to fig. 8.
In some examples, an apparatus described herein may perform one or several methods, such as method 900. An apparatus may include features, circuitry, logic, means, or instructions (e.g., a non-transitory computer-readable medium storing instructions executable by a processor) or any combination thereof for performing the following aspects of the disclosure:
aspect 1: a method, apparatus, or non-transitory computer-readable medium comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: setting an indication to apply a delay to a program that activates the memory device; executing a first program that powers down the memory device, wherein the indication is maintained based at least in part on detecting a fault associated with the memory device; executing a second program that starts the memory device based at least in part on executing the first program that powers down the memory device; and applying the delay to the second program that activates the memory device based at least in part on the indication being set.
Aspect 2: the method, apparatus, or non-transitory computer-readable medium of aspect 1, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: writing a first bit value to a bit in a non-volatile memory during initiation of the second program of the memory device, wherein the bit in the non-volatile memory having the first bit value includes the indication that the delay is applied.
Aspect 3: the method, apparatus, or non-transitory computer-readable medium of aspect 2, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the method further includes reading a bit value of the bit in the non-volatile memory during a start-up of the second program of the memory device, wherein the delay is applied to the start-up of the second program of the memory device based at least in part on the bit value of the bit in the non-volatile memory being the first bit value.
Aspect 4: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 1-3, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: failure to detect a second failure associated with the memory device after completion of starting the second program of the memory device; and writing a second bit value to a bit in non-volatile memory based at least in part on failing to detect that the second fault is associated with the memory device.
Aspect 5: the method, apparatus, or non-transitory computer-readable medium of aspect 4, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: executing a third program that powers down the memory device after writing the second bit value to the bit in the non-volatile memory; executing a fourth program that starts the memory device based at least in part on executing the third program that powers down the memory device; and avoiding applying the delay to the fourth program that activates the memory device based at least in part on a bit value of the bit in the non-volatile memory being the second bit value.
Aspect 6: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 1-5, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: a capacitor is charged during the second procedure of activating the memory device, wherein the capacitor includes the indication that the delay is applied.
Aspect 7: the method, apparatus, or non-transitory computer-readable medium of aspect 6, wherein the delay is applied to the second program that activates the memory device based at least in part on determining that the capacitor is charged during the second program that activates the memory device.
Aspect 8: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 6-7, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: failure to detect a second failure associated with the memory device after completion of starting the second program of the memory device; and discharging the capacitor based at least in part on failing to detect that the second fault is associated with the memory device.
Aspect 9: the method, apparatus, or non-transitory computer-readable medium of aspect 8, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the discharging of the capacitor is tuned based at least in part on a duration of the delay, a number of faults detected as being associated with the memory device, or both.
Aspect 10: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 1-9, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: generating signaling indicative of an alarm based at least in part on detecting the fault associated with the memory device, wherein the indication is maintained based at least in part on the signaling indicative of the alarm.
Aspect 11: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 1-10, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: a number of faults associated with the memory device during a duration is detected to exceed a threshold, wherein the indication is maintained based at least in part on the number of faults exceeding the threshold for the duration.
Aspect 12: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 1-11, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: data indicative of a duration of the delay is written to a non-volatile memory, wherein the applying the delay is based at least in part on the duration of the delay.
Fig. 10 shows a flow chart illustrating a method 1000 for supporting detection attack-based protective actions for a memory device in accordance with an example disclosed herein. The operations of method 1000 may be implemented by the memory devices described herein or components thereof. For example, the operations of method 1000 may be performed by a memory device, as described with reference to fig. 1-8. In some examples, a memory device may execute a set of instructions to control functional elements of the device to perform the described functions. Additionally or alternatively, the memory device may perform aspects of the described functions using dedicated hardware.
At 1005, the method may include detecting that a fault is injected into the memory device. Operation 1005 may be performed in accordance with examples disclosed herein. In some examples, aspects of operation 1005 may be performed by the fault detection component 824 described with reference to fig. 8.
At 1010, the method may include executing a program that starts the memory device. Operation 1010 may be performed in accordance with examples disclosed herein. In some examples, aspects of operation 1010 may be performed by the initiation component 826 described with reference to fig. 8.
At 1015, the method may include writing one or more values to one or more capacitive storage elements of the memory device during a process of activating the memory device based at least in part on detecting a fault being injected into the memory device, the one or more capacitive storage elements configured to erase after activation based at least in part on the fault being detected. Operation 1015 may be performed according to examples disclosed herein. In some examples, aspects of operation 1015 may be performed by erase component 830 described with reference to fig. 8.
In some examples, an apparatus described herein may perform one or several methods, such as method 1000. An apparatus may include features, circuitry, logic, means, or instructions (e.g., a non-transitory computer-readable medium storing instructions executable by a processor) or any combination thereof for performing the following aspects of the disclosure:
aspect 13: a method, apparatus, or non-transitory computer-readable medium comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: detecting that a fault is injected into the memory device; executing a program that starts the memory device; and based at least in part on detecting that the fault is injected into the memory device, writing one or more values to one or more capacitive storage elements of the memory device during the program to activate the memory device, the one or more capacitive storage elements configured to erase after activation based at least in part on the fault being detected.
Aspect 14: the method, apparatus, or non-transitory computer-readable medium of aspect 13, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: receiving signaling from a host device indicating a write command for data associated with a security protocol; and writing the data associated with the security protocol to at least one of the one or more capacitive storage elements configured to erase after startup based at least in part on the fault being detected, wherein writing the data is responsive to the write command and based at least in part on the security protocol.
Aspect 15: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 13-14, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: send signaling indicating one or more commands to one or more banks including the one or more capacitive storage elements of the memory device; and sequentially executing the one or more commands at the one or more banks, wherein the one or more values are written to the one or more capacitive storage elements based at least in part on executing the one or more commands.
Aspect 16: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 13-14, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: send signaling indicating one or more commands to one or more banks including the one or more capacitive storage elements of the memory device; and executing the one or more commands in parallel at the one or more banks, wherein the one or more values are written to the one or more capacitive storage elements based at least in part on executing the one or more commands.
Aspect 17: the method, apparatus, or non-transitory computer-readable medium of aspect 16, wherein the one or more capacitive storage elements include all capacitive storage elements of the memory device based at least in part on executing the one or more commands in parallel at the one or more banks.
Aspect 18: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 13-16, wherein the one or more capacitive storage elements correspond to a subset of each row of capacitive storage elements at the memory device, a subset of each bank of capacitive storage elements at the memory device, a subset of rows of capacitive storage elements at the memory device, a range of addresses of capacitive storage elements at the memory device, or a combination thereof.
Aspect 19: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 13-18, wherein the one or more capacitive storage elements includes a subset of a plurality of capacitive storage elements of the memory device and a number of capacitive storage elements in the subset is based at least in part on a duration of time that the program of the memory device is initiated.
Fig. 11 shows a flow chart illustrating a method 1100 of supporting detection attack-based protective actions for a memory device in accordance with an example disclosed herein. The operations of method 1100 may be implemented by a memory device described herein or components thereof. For example, the operations of method 1100 may be performed by a memory device, as described with reference to fig. 1-8. In some examples, a memory device may execute a set of instructions to control functional elements of the device to perform the described functions. Additionally or alternatively, the memory device may perform aspects of the described functions using dedicated hardware.
At 1105, the method may include executing a first program that starts the memory device. Operation 1105 may be performed in accordance with examples disclosed herein. In some examples, aspects of operation 1105 may be performed by the initiation component 826 described with reference to fig. 8.
At 1110, the method may include generating a key based at least in part on starting a first program of the memory device. Operation 1110 may be performed in accordance with examples disclosed herein. In some examples, aspects of operation 1110 may be performed by key generation component 832 described with reference to fig. 8.
At 1115, the method may include receiving signaling from the host device indicating a command to access a set of data, the command associated with an address. Operation 1115 may be performed according to examples disclosed herein. In some examples, aspects of operation 1115 may be performed by the access command component 834 described with reference to fig. 8.
At 1120, the method may include executing a second program associated with encryption of the set of data based at least in part on the key, the address, and a stream cipher configured at the memory device. Operation 1120 may be performed according to examples disclosed herein. In some examples, aspects of operation 1120 may be performed by encryption component 836 described with reference to fig. 8.
In some examples, an apparatus described herein may perform one or several methods, such as method 1100. An apparatus may include features, circuitry, logic, means, or instructions (e.g., a non-transitory computer-readable medium storing instructions executable by a processor) or any combination thereof for performing the following aspects of the disclosure:
Aspect 20: a method, apparatus, or non-transitory computer-readable medium comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: executing a first program for starting the memory device; generating a key based at least in part on starting the first program of the memory device; receiving signaling from a host device indicating a command to access a set of data, the command being associated with an address; and executing a second program associated with encryption of the set of data based at least in part on the key, the address, and a stream cipher configured at the memory device.
Aspect 21: the method, apparatus, or non-transitory computer-readable medium of aspect 20, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: reading a set of bits from one or more capacitive storage elements of the memory device based at least in part on the command for accessing the set of data including a command to read the set of data, wherein the set of bits is encrypted; outputting a value to the stream cipher to obtain an output of the stream cipher, wherein the value is based at least in part on the key and the address; and performing an exclusive-or operation on the set of bits read from the one or more capacitive storage elements and the output of the stream cipher to obtain the set of data.
Aspect 22: the method, apparatus, or non-transitory computer-readable medium of aspect 21, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: second signaling indicating the set of data is transmitted to the host device in response to the command to read the set of data.
Aspect 23: the method, apparatus, or non-transitory computer-readable medium of aspect 20, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: outputting a value to the stream cipher to obtain an output of the stream cipher, wherein the value is based at least in part on the key and the address; performing an exclusive-or operation on the set of data and the output of the stream cipher to obtain a set of bits encrypted using the stream cipher; and writing the set of bits to one or more capacitive storage elements of the memory device based at least in part on the command to access the set of data including a command to write the set of data.
Aspect 24: the method, apparatus, or non-transitory computer-readable medium of any one of aspects 20-23, wherein the key is generated based at least in part on a function for random number generation.
It should be noted that the methods described herein describe possible implementations, and that the operations and steps may be rearranged or otherwise modified and other implementations are possible. Further, portions from two or more of the methods may be combined.
The information and signals described herein may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof. Some figures may illustrate signals as a single signal; however, the signals may represent a signal bus, where the bus may have various bit widths.
The terms "electronic communication," "conductive contact," "connection," and "coupling" may refer to a relationship between components that support signal flow between the components. Components may be considered to be in electronic communication (e.g., conductive contact, connection, coupling) with one another if there are any electrical paths (e.g., conductive paths) between the components that can support the flow of signals (e.g., charges, current voltages) between the components at any time. At any given time, the conductive paths between components in electronic communication (e.g., conductive contact, connection, coupling) with each other may be open or closed based on the operation of the device including the connected components. The conductive paths between connected components may be direct conductive paths between components, or the conductive paths between connected components may be indirect conductive paths that may include intermediate components (e.g., switches, transistors, or other components). In some examples, signal flow between connected components may be interrupted over a time, such as using one or more intermediate components (e.g., switches or transistors).
The term "coupled" refers to a condition that transitions from an open circuit relationship between components, wherein a signal is not currently able to pass between components (e.g., through a conductive path), to a closed circuit relationship between components, wherein a signal is able to pass between components (e.g., through a conductive path). When components, such as a controller, couple other components together, the components cause a change in the flow of signals between the other components through conductive paths that previously did not permit signal flow.
The term "isolated" refers to a relationship between components in which signals are not currently able to flow between the components. If there is an open circuit between the components, the components are isolated from each other. For example, when a switch positioned between two components is opened, the components separated by the switch are isolated from each other. When the controller isolates the two components, the controller causes a change in preventing the signal from flowing between the components using the conductive path that previously permitted the signal to flow.
The devices discussed herein, including memory arrays, may be formed on semiconductor substrates such as silicon, germanium, silicon-germanium alloys, gallium arsenide, gallium nitride, and the like. In some cases, the substrate is a semiconductor wafer. In other examples, the substrate may be a silicon-on-insulator (SOI) substrate, such as silicon-on-glass (SOG) or silicon-on-Sapphire (SOP), or an epitaxial layer of semiconductor material on another substrate. The conductivity of the substrate or sub-regions of the substrate may be controlled by doping with various chemical species including, but not limited to, phosphorus, boron or arsenic. Doping may be performed by ion implantation during initial formation or growth of the substrate or by any other doping method.
The switching components (e.g., transistors) discussed herein may represent Field Effect Transistors (FETs) and may include three terminal components including a source (e.g., source terminal), a drain (e.g., drain terminal), and a gate (e.g., gate terminal). The terminals may be connected to other electronic components by conductive materials (e.g., metals, alloys). The source and drain may be conductive and may include doped (e.g., heavily doped, degenerate) semiconductor regions. The source and drain may be separated by a doped (e.g., lightly doped) semiconductor region or channel. If the channel is n-type (e.g., majority carriers are electrons), the FET may be referred to as an n-type FET. If the channel is p-type (e.g., majority carriers are holes), the FET may be referred to as a p-type FET. The channel may be covered by an insulating gate oxide. Channel conductivity may be controlled by applying a voltage to the gate. For example, application of a positive or negative voltage to an n-type FET or a p-type FET, respectively, may cause the channel to become conductive. The transistor may be "on" or "active" when a voltage greater than or equal to the threshold voltage of the transistor is applied to the transistor gate. When a voltage less than the threshold voltage of the transistor is applied to the transistor gate, the transistor may be "turned off" or "deactivated".
The description set forth herein describes example configurations in connection with the figures and does not represent all examples that may be implemented or within the scope of the claims. The term "exemplary" as used herein means "serving as an example, instance, or illustration" rather than "preferred" or "preferred over" other examples. The detailed description includes specific details for providing an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described examples.
In the drawings, similar components or features may have the same reference numerals. Further, various components of the same type may be distinguished by following the reference label by a dash and a second label that distinguishes among the similar components. If only a first reference label is used in the specification, the description applies to any one of the similar components having the same first reference label irrespective of the second reference label.
The functions described herein may be implemented in hardware, software executed by a processor, firmware, or any combination thereof. If implemented in software that is executed by a processor, the functions may be stored on or transmitted over as one or more instructions, such as code, on a computer-readable medium. Other examples and implementations are within the scope of the disclosure and the appended claims. For example, due to the nature of software, the functions described herein may be implemented using software executed by a processor, hardware, firmware, hardwired, or a combination of any of these. Features that perform functions may also be physically located at various locations including being distributed such that portions of the functions are performed at different physical locations.
For example, the various illustrative blocks and modules described in connection with the disclosure herein may be implemented or performed with a processor, DSP, ASIC, FPGA, discrete gate logic, discrete transistor logic, discrete hardware components, other programmable logic devices, or any combination thereof, designed to perform the functions described herein. The processor may be an example of a microprocessor, a controller, a microcontroller, a state machine, or any type of processor. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
As used herein, including in the claims, an "or" used in a list of items (e.g., a list of items beginning with a phrase such as "at least one of …" or "one or more of …") indicates an inclusive list, such that, for example, a list of at least one of A, B or C means a or B or C or AB or AC or BC or ABC (i.e., a and B and C). Moreover, as used herein, the phrase "based on" should not be construed as referring to a set of closed conditions. For example, exemplary steps described as "based on condition a" may be based on both condition a and condition B without departing from the scope of the present disclosure. In other words, as used herein, the phrase "based on" should be interpreted in the same manner as the phrase "based at least in part on".
Computer-readable media includes both non-transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. Non-transitory storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, non-transitory computer-readable media may comprise RAM, ROM, EEPROM, compact Disk (CD) ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other non-transitory media that may be used to carry or store desired program code means in the form of instructions or data structures and that may be accessed by a computer or processor. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave are included in the media definition. Disk and disc, as used herein, includes CD, laser disc, optical disc, digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above are also included within the scope of computer-readable media.
The description herein is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the disclosure. Thus, the disclosure is not limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (20)
1. A method, comprising:
setting an indication to apply a delay to a program that activates the memory device;
executing a first program that powers down the memory device, wherein the indication is maintained based at least in part on detecting a fault associated with the memory device;
executing a second program that starts the memory device based at least in part on executing the first program that powers down the memory device; a kind of electronic device with high-pressure air-conditioning system
The delay is applied to the second program that activates the memory device based at least in part on the indication being set.
2. The method as recited in claim 1, further comprising:
writing a first bit value to a bit in a non-volatile memory during initiation of the second program of the memory device, wherein the bit in the non-volatile memory having the first bit value includes the indication that the delay is applied.
3. The method as recited in claim 2, further comprising:
the method further includes reading a bit value of the bit in the non-volatile memory during a start-up of the second program of the memory device, wherein the delay is applied to the start-up of the second program of the memory device based at least in part on the bit value of the bit in the non-volatile memory being the first bit value.
4. The method as recited in claim 1, further comprising:
failure to detect a second failure associated with the memory device after completion of starting the second program of the memory device; a kind of electronic device with high-pressure air-conditioning system
A second bit value is written to a bit in non-volatile memory based at least in part on failing to detect that the second fault is associated with the memory device.
5. The method as in claim 4, further comprising:
executing a third program that powers down the memory device after writing the second bit value to the bit in the non-volatile memory;
executing a fourth program that starts the memory device based at least in part on executing the third program that powers down the memory device; a kind of electronic device with high-pressure air-conditioning system
The delay is prevented from being applied to the fourth program that activates the memory device based at least in part on the bit value of the bit in the non-volatile memory being the second bit value.
6. The method as recited in claim 1, further comprising:
a capacitor is charged during the second procedure of starting the memory device, wherein the capacitor includes the indication of the delay applied.
7. The method of claim 6, wherein the delay is applied to the second program that activates the memory device based at least in part on determining that the capacitor is charged during the second program that activates the memory device.
8. The method as recited in claim 6, further comprising:
failure to detect a second failure associated with the memory device after completion of starting the second program of the memory device; a kind of electronic device with high-pressure air-conditioning system
The capacitor is discharged based at least in part on failing to detect that the second fault is associated with the memory device.
9. The method as recited in claim 8, further comprising:
the discharging of the capacitor is tuned based at least in part on a duration of the delay, a number of faults detected as being associated with the memory device, or both.
10. The method as recited in claim 1, further comprising:
generating signaling indicative of an alarm based at least in part on detecting the fault associated with the memory device, wherein the indication is maintained based at least in part on the signaling indicative of the alarm.
11. The method as recited in claim 1, further comprising:
a number of faults associated with the memory device during a duration is detected to exceed a threshold, wherein the indication is maintained based at least in part on the number of faults exceeding the threshold for the duration.
12. The method as recited in claim 1, further comprising:
data indicative of a duration of the delay is written to a non-volatile memory, wherein the applying the delay is based at least in part on the duration of the delay.
13. A method, comprising:
detecting that a fault is injected into the memory device;
executing a program that starts the memory device; a kind of electronic device with high-pressure air-conditioning system
One or more values are written to one or more capacitive storage elements of the memory device during the program of the memory device based at least in part on detecting the fault being injected into the memory device, the one or more capacitive storage elements configured to erase after startup based at least in part on the fault being detected.
14. The method as recited in claim 13, further comprising:
receiving signaling from a host device indicating a write command for data associated with a security protocol; a kind of electronic device with high-pressure air-conditioning system
The data associated with the security protocol is written to at least one of the one or more capacitive storage elements configured to erase after startup based at least in part on the fault being detected, wherein writing the data is responsive to the write command and based at least in part on the security protocol.
15. The method as recited in claim 13, further comprising:
send signaling indicating one or more commands to one or more banks comprising the one or more capacitive storage elements of the memory device; a kind of electronic device with high-pressure air-conditioning system
The one or more commands are sequentially executed at the one or more banks, wherein the one or more values are written to the one or more capacitive storage elements based at least in part on executing the one or more commands.
16. The method as recited in claim 13, further comprising:
send signaling indicating one or more commands to one or more banks comprising the one or more capacitive storage elements of the memory device; a kind of electronic device with high-pressure air-conditioning system
The one or more commands are executed in parallel at the one or more banks, wherein the one or more values are written to the one or more capacitive storage elements based at least in part on executing the one or more commands.
17. The method of claim 16, wherein the one or more capacitive storage elements include all capacitive storage elements of the memory device based at least in part on executing the one or more commands in parallel at the one or more banks.
18. The method of claim 13, wherein the one or more capacitive storage elements correspond to a subset of each row of capacitive storage elements at the memory device, a subset of each bank of capacitive storage elements at the memory device, a subset of rows of capacitive storage elements at the memory device, a range of addresses of capacitive storage elements at the memory device, or a combination thereof.
19. The method according to claim 13, wherein:
the one or more capacitive storage elements include a subset of a plurality of capacitive storage elements of the memory device; and is also provided with
The number of capacitive storage elements in the subset is based at least in part on a duration of time that the program of the memory device is activated.
20. A method, comprising:
executing a first program for starting the memory device;
generating a key based at least in part on starting the first program of the memory device;
receiving signaling from a host device indicating a command to access a set of data, the command being associated with an address; a kind of electronic device with high-pressure air-conditioning system
A second program associated with encryption of the set of data is executed based at least in part on the key, the address, and a stream cipher configured at the memory device.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US63/347,861 | 2022-06-01 | ||
| US18/104,079 US20230394143A1 (en) | 2022-06-01 | 2023-01-31 | Protective actions for a memory device based on detecting an attack |
| US18/104,079 | 2023-01-31 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117149055A true CN117149055A (en) | 2023-12-01 |
Family
ID=88884959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310584031.5A Pending CN117149055A (en) | 2022-06-01 | 2023-05-23 | Protective actions for memory devices based on detection attacks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117149055A (en) |
-
2023
- 2023-05-23 CN CN202310584031.5A patent/CN117149055A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11625170B2 (en) | Row hammer protection for a memory device | |
| US11258599B2 (en) | Stable physically unclonable function | |
| CN110998578B (en) | System and method for booting within a heterogeneous memory environment | |
| WO2007067221A2 (en) | Methods and apparatus for the secure handling of data in a microcontroller | |
| CN111723409B (en) | Integrated circuit, memory circuit and method for operating an integrated circuit | |
| US11984155B2 (en) | Updating program files of a memory device using a differential write operation | |
| US20230394143A1 (en) | Protective actions for a memory device based on detecting an attack | |
| WO2020197744A1 (en) | Secure communication in accessing a network | |
| CN117149055A (en) | Protective actions for memory devices based on detection attacks | |
| US20130125245A1 (en) | Apparatuses, integrated circuits, and methods for testmode security systems | |
| US20230205430A1 (en) | Verification of a volatile memory using a unique identifier | |
| US20230205874A1 (en) | Voltage input and clock speed change determination to detect attack | |
| US12001707B2 (en) | Host verification for a memory device | |
| US20220057960A1 (en) | Host verification for a memory device | |
| TWI815462B (en) | Method and apparatus supporting data invalidation for memory | |
| CN111125791A (en) | Memory data encryption method and device, CPU chip and server | |
| CN116361789A (en) | Training program change determination to detect attacks | |
| US20230334152A1 (en) | Temperature change measurement to detect attack | |
| US20230063890A1 (en) | Measuring change in a channel characteristic to detect memory device attack | |
| US20230418954A1 (en) | Detecting information modification in a memory system | |
| US20230208815A1 (en) | Security configurations for zonal computing architecture | |
| US20240061963A1 (en) | Partitioned cryptographic protection for a memory system | |
| US20230325507A1 (en) | Secure operating system update | |
| US20230350582A1 (en) | Data masking for memory | |
| CN116057506A (en) | Security techniques for low power modes of memory devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |