Showing papers by "Ken Mai published in 2018"

Read Disturb Errors in MLC NAND Flash Memory

Abstract: This paper summarizes our work on experimentally characterizing, mitigating, and recovering read disturb errors in multi-level cell (MLC) NAND flash memory, which was published in DSN 2015, and examines the work's significance and future potential. NAND flash memory reliability continues to degrade as the memory is scaled down and more bits are programmed per cell. A key contributor to this reduced reliability is read disturb, where a read to one row of cells impacts the threshold voltages of unread flash cells in different rows of the same block. For the first time in open literature, this work experimentally characterizes read disturb errors on state-of-the-art 2Y-nm (i.e., 20-24 nm) MLC NAND flash memory chips. Our findings (1) correlate the magnitude of threshold voltage shifts with read operation counts, (2) demonstrate how program/erase cycle count and retention age affect the read-disturb-induced error rate, and (3) identify that lowering pass-through voltage levels reduces the impact of read disturb and extend flash lifetime. Particularly, we find that the probability of read disturb errors increases with both higher wear-out and higher pass-through voltage levels. We leverage these findings to develop two new techniques. The first technique mitigates read disturb errors by dynamically tuning the pass-through voltage on a per-block basis. Using real workload traces, our evaluations show that this technique increases flash memory endurance by an average of 21%. The second technique recovers from previously-uncorrectable flash errors by identifying and probabilistically correcting cells susceptible to read disturb errors. Our evaluations show that this recovery technique reduces the raw bit error rate by 36%.

A secure camouflaged logic family using post-manufacturing programming with a 3.6GHz adder prototype in 65nm CMOS at 1V nominal V DD

Abstract: With the continued globalization of the IC manufacturing supply chain, securing that supply chain is becoming increasingly difficult and this opens the door to a myriad of security threats such as unauthorized production, counterfeiting, IP theft, and hardware Trojan Horses. A parallel and related threat is posed by advanced reverse engineering capabilities, such that even chips manufactured at the most advanced technology nodes can be de-layered, imaged, and analyzed [1]. While various manufacturing methodologies and camouflaged gates have been proposed, none fully address these threats, especially in combination. To address these concerns, we use post-manufacturing programmable camouflaged logic topology to simultaneously obscure the design IP from the manufacturer as well as combat reverse engineering. The basis of the design is a threshold-voltage-defined (TVD) logic gate topology that solely uses different threshold voltage implants to determine the logic gate function [2]. Every gate has an identical physical layout and is post-manufacturing programmed with different threshold voltages for different Boolean functions using intentional directed hot-carrier injection (HCI). Similar intentional HCI techniques have previously been used to enhance SRAM margins, boost PUF reliability, and build TRNGs [3][4]. The design is fully compatible with standard CMOS logic processes, requiring no special layers, structures, or process steps.

Experimental characterization, optimization, and recovery of data retention errors in MLC NAND flash memory

Abstract: This paper summarizes our work on experimentally characterizing, mitigating, and recovering data retention errors in multi-level cell (MLC) NAND flash memory, which was published in HPCA 2015, and examines the work's significance and future potential. Retention errors, caused by charge leakage over time, are the dominant source of flash memory errors. Understanding, characterizing, and reducing retention errors can significantly improve NAND flash memory reliability and endurance. In this work, we first characterize, with real 2Y-nm MLC NAND flash chips, how the threshold voltage distribution of flash memory changes with different retention ages -- the length of time since a flash cell was programmed. We observe from our characterization results that 1) the optimal read reference voltage of a flash cell, using which the data can be read with the lowest raw bit error rate (RBER), systematically changes with its retention age, and 2) different regions of flash memory can have different retention ages, and hence different optimal read reference voltages. Based on our findings, we propose two new techniques. First, Retention Optimized Reading (ROR) adaptively learns and applies the optimal read reference voltage for each flash memory block online. The key idea of ROR is to periodically learn a tight upper bound of the optimal read reference voltage, and from there approach the optimal read reference voltage. Our evaluations show that ROR can extend flash memory lifetime by 64% and reduce average error correction latency by 10.1%. Second, Retention Failure Recovery (RFR) recovers data with uncorrectable errors offline by identifying and probabilistically correcting flash cells with retention errors. Our evaluation shows that RFR essentially doubles the error correction capability.

Secure chip odometers using intentional controlled aging

Abstract: Electronics counterfeiting is a significant and growing problem for electronics manufacturers, system integrators, and end customers. The widespread prevalence of counterfeit electronics in the manufacturing supply chain raises significant security concerns in both the defense and civilian sectors. The threat ranges from relatively simple IC remarking, in order to sell parts at a higher price or to recycle parts from discarded equipment, to wholesale reverse-engineering/copying of designs and manufacturing of cloned ICs and systems. To combat IC counterfeiting, we propose secure chip odometers to provide ICs with both a secure gauge of use/age and an authentication of provenance to enable simple, secure, robust differentiation between genuine and counterfeit parts. The secure chip odometers have chained binary aging elements (BAE) to measure use and age of the chip. In our proposed design, BAEs that use hot carrier injection (HCI) to measure age/use are designed and taped-out in a 65 nm bulk CMOS process. For characterization purposes, the taped-out chips have an array of 500 modular BAEs and a self-aging system with 16 modular BAEs. The modularity of the design provides 693 possible combinations for different stress current and current density values. The test chip dimensions are 1.2mm by 1.7mm with 78 pads, and each modular BAE has an area of 52.5μm2. They can be stressed with currents ranging from 40μA to 1.3mA at the 2.5V nominal stress voltage.

Characterizing, Exploiting, and Mitigating Vulnerabilities in MLC NAND Flash Memory Programming

Abstract: This paper summarizes our work on experimentally analyzing, exploiting, and addressing vulnerabilities in multi-level cell NAND flash memory programming, which was published in the industrial session of HPCA 2017, and examines the work's significance and future potential. Modern NAND flash memory chips use multi-level cells (MLC), which store two bits of data in each cell, to improve chip density. As MLC NAND flash memory scaled down to smaller manufacturing process technologies, manufacturers adopted a two-step programming method to improve reliability. In two-step programming, the two bits of a multi-level cell are programmed using two separate steps, in order to minimize the amount of cell-to-cell program interference induced on neighboring flash cells. In this work, we demonstrate that two-step programming exposes new reliability and security vulnerabilities in state-of-the-art MLC NAND flash memory. We experimentally characterize contemporary 1X-nm (i.e., 15--19nm) flash memory chips, and find that a partially-programmed flash cell (i.e., a cell where the second programming step has not yet been performed) is much more vulnerable to cell-to-cell interference and read disturb than a fully-programmed cell. We show that it is possible to exploit these vulnerabilities on solid-state drives (SSDs) to alter the partially-programmed data, causing (potentially malicious) data corruption. Based on our observations, we propose several new mechanisms that eliminate or mitigate these vulnerabilities in partially-programmed cells, and at the same time increase flash memory lifetime by 16%.

A compact energy-efficient pseudo-static camouflaged logic family

Abstract: Protecting hardware IP from reverse engineering threats is becoming increasingly challenging with advances in reverse engineering techniques. Different camouflaged logic families based on multi-Vt transistors have been recently proposed to combat reverse engineering threats. While multi-Vt based camouflaged logic gates offer cells that have an identical layout with multiple functionalities, they typically incur significant overheads in power, area, and delay. Moreover, amplifying the threshold voltage difference to logic levels while maintaining the noise margins needs careful analysis of PVT variations and mismatch. In this paper, a Pseudo-Static Camouflaged (PS-CAMO) logic family is proposed to improve the energy overheads of camouflaged logic gates while maintaining the reliability and yields of static CMOS logic gates. Post-layout simulations of a high-performance fully camouflaged S-box in a 65nm industrial CMOS process shows a 42% reduction in energy and a 26% reduction in area compared to a previously proposed Threshold Voltage Defined (TVD) camouflaged logic family.