TrappeD: DRAM Trojan Designs for Information Leakage and Fault Injection Attacks
This addresses security vulnerabilities in DRAM memories for hardware and system designers, though it is incremental as it builds on known Trojan and DRAM attack concepts.
The paper investigates how advanced DRAM circuit features like wordline underdrive and overdrive can be repurposed by adversaries using Trojans to launch attacks such as Denial-of-Service, information leakage, and fault injection, with simulation results showing increased wordline voltage causing retention failure for DoS and demonstrations on RocketChip SoC for information leakage.
In this paper, we investigate the advanced circuit features such as wordline- (WL) underdrive (prevents retention failure) and overdrive (assists write) employed in the peripherals of Dynamic RAM (DRAM) memories from a security perspective. In an ideal environment, these features ensure fast and reliable read and write operations. However, an adversary can re-purpose them by inserting Trojans to deliver malicious payloads such as fault injections, Denial-of-Service (DoS), and information leakage attacks when activated by the adversary. Simulation results indicate that wordline voltage can be increased to cause retention failure and thereby launch a DoS attack in DRAM memory. Furthermore, two wordlines or bitlines can be shorted to leak information or inject faults by exploiting the DRAM's refresh operation. We demonstrate an information leakage system exploit by implementing TrappeD on RocketChip SoC.