skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Towards the Avoidance of Counterfeit Memory: Identifying the DRAM Origin
Due to globalization in the semiconductor supply chain, counterfeit dynamic random-access memory (DRAM) chips/modules have been spreading worldwide at an alarming rate. Deploying counterfeit DRAM modules into an electronic system can severely affect security and reliability domains because of their sub-standard quality, poor performance, and shorter life span. Besides, studies suggest that a counterfeit DRAM can be more vulnerable to sophisticated attacks. However, detecting counterfeit DRAMs is very challenging because of their nature and ability to pass the initial testing. In this paper, we propose a technique to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM) to detect and prevent counterfeit DRAM modules. A silicon evaluation shows that the proposed method reliably identifies off-the-shelf DRAM modules from three major manufacturers.  more » « less
Award ID(s):
1850241
PAR ID:
10137290
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
Page Range / eLocation ID:
111 to 121
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, Exploiting DRAM Latency Variations for Generating True Random Numbers)
    True random number generator (TRNG) plays a vital role in a variety of security applications and protocols. The security and privacy of an asset rely on encryption, which solely depends on the quality of random numbers. Memory chips are widely used for generating random numbers because of their prevalence in modern electronic systems. Unfortunately, existing Dynamic Random-access Memory (DRAM)-based TRNGs produce random numbers with either limited entropy or poor throughput. In this paper, we propose a DRAM-latency based TRNG that generates high-quality random numbers. The silicon results from Samsung and Micron DDR3 DRAM modules show that our proposed DRAM-latency based TRNG is robust (against different operating conditions and environmental variations) and acceptably fast. 
    more » « less
  2. ; ; (, Applied Sciences)
    The cells in dynamic random access memory (DRAM) degrade over time as a result of aging, leading to poor performance and potential security vulnerabilities. With a globalized horizontal supply chain, aged counterfeit DRAMs could end up on the market, posing a significant threat if employed in critical infrastructure. In this work, we look at the retention behavior of commercial DRAM chips from real-time silicon measurements and investigate how the reliability of DRAM cells degrade with accelerated aging. We analyze the retention-based errors at three different aging points to observe the design-induced variations, analyze the pattern dependency, and explore the impacts of accelerated aging for multiple DRAM vendors. We also investigate the DRAM chips’ statistical distribution to attribute the vital wear-out effects present in DRAM. We see a continuous increase in retention error as DRAM chips age and therefore infer that the aged retention signatures can be used to differentiate recycled DRAM chips in the supply chain. We also discuss the roles of device signature in DRAM aging and aging-related security implication on DRAM row-hammer error. 
    more » « less
  3. ; ; ; ; (, ACM SIGCOMM Workshop on Hot Topics in Networking)
    Congestion Control Algorithms (CCAs) impact numerous desirable Internet properties such as performance, stability, and fairness. Hence, the networking community invests substantial effort into studying whether new algorithms are safe for wide-scale deployment. However, operators today are continuously innovating and some deployed CCAs are unpublished - either because the CCA is in beta or because it is considered proprietary. How can the networking community evaluate these new CCAs when their inner workings are unknown? In this paper, we propose 'counterfeit congestion control algorithms' - reverse-engineered implementations derived using program synthesis based on observations of the original implementation. Using the counterfeit (synthesized) CCA implementation, researchers can then evaluate the CCA using controlled empirical testbeds or mathematical analysis, even without access to the original implementation. Our initial prototype, 'Mister 880,' can synthesize several basic CCAs including a simplified Reno using only a few traces. 
    more » « less
  4. (, Journal of Science Policy & Governance)
    The rapid growth of illicit supply chains during and after the Covid-19 pandemic reveals a need for effectively combating and preventing the cross-border movement of contraband, including but not limited to counterfeit goods. A proactive approach by companies along with public stakeholders, such as government agencies and individual consumers, toward disrupting illicit supply chains operating across borders is especially important during moments of global crisis when consumers are more susceptible to unknowingly purchasing substandard counterfeit products such as respirators. While marketplaces, platforms, and other legitimate businesses have worked to prevent movement of counterfeits and illicit goods through their services, the high adaptability and sophistication of counterfeiters requires more preventative and multistakeholder approaches. This article outlines a multidisciplinary and multilayered approach to detecting and disrupting illicit supply chains of counterfeit personal protective equipment (PPE) with a focus on respirators. It utilizes research conducted for a National Science Foundation (NSF) grant on Covid-19 related crime, including the advertising and sale of counterfeit respirators. One layer examines online content as seen by the end user and the activity of vendors or sellers used to advertise and sell counterfeit products. The research is also informed by data on the information, financial, and physical flows of counterfeit respirators obtained through a public-private partnership with George Mason University’s Terrorism, Transnational Crime and Corruption Center (TraCCC-GMU) and 3M, one of the largest manufacturers of respirators in the world. The article examines an important and relatively recent trend - how emerging technological shifts in the marketplace are affecting global security. Research from the TraCCC-GMU and 3M partnership, including a data sharing agreement, revealed that counterfeiters constantly change their modus operandi to continue selling illicit goods with impunity, facilitating illicit activity with the use and abuse of legitimate companies such as ecommerce marketplaces and social media. The article presents an overview of the current state of counterfeit supply chains and provides concrete policy recommendations on how legitimate companies can move beyond just removing listings but must also actively prevent these transnational crimes through innovative multidisciplinary approaches, advanced data analytics, and public awareness campaigns. The research also seeks to connect the dots to broader policy implications in terms of the legitimate economy and environmental sustainability. 
    more » « less
  5. ; ; ; ; ; ; (, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies)
    The proliferation of low-end low-power internet-of-things (IoT) devices in smart environments necessitates secure identification and authentication of these devices via low-overhead fingerprinting methods. Previous work typically utilizes characteristics of the device's wireless modulation (WiFi, BLE, etc.) in the spectrum, or more recently, electromagnetic emanations from the device's DRAM to perform fingerprinting. The problem is that many devices, especially low-end IoT/embedded systems, may not have transmitter modules, DRAM, or other complex components, therefore making fingerprinting infeasible or challenging. To address this concern, we utilize electromagnetic emanations derived from the processor's clock to fingerprint. We present Digitus, an emanations-based fingerprinting system that can authenticate IoT devices at range. The advantage of Digitus is that we can authenticate low-power IoT devices using features intrinsic to their normal operation without the need for additional transmitters and/or other complex components such as DRAM. Our experiments demonstrate that we achieve ≥ 95% accuracy on average, applicability in a wide range of IoT scenarios (range ≥ 5m, non-line-of-sight, etc.), as well as support for IoT applications such as finding hidden devices. Digitus represents a low-overhead solution for the authentication of low-end IoT devices. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email