Top Banner

Click here to load reader

Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran

Dec 22, 2015

ReportDownload

Documents

  • Slide 1
  • Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran
  • Slide 2
  • Introduction Steganography? Yes
  • Slide 3
  • Presentation Outline Overview Flash Memory Background Information Hiding Algorithm Evaluation Conclusion 3
  • Slide 4
  • Overview The goal of the hiding technique is to make the detection, retrieval, and removal of hidden information sufficiently time consuming for an attacker. 4
  • Slide 5
  • Overview Flash Interface Requirements for the technique Work with flash and float-gate non-volatile memory which can read, program and erase to specific memory location. Can be implemented as a software update. 5
  • Slide 6
  • Flash Memory Background Float Gate Transistors The floating gate is an insulated conductor surrounded by oxide. Information is stored as the presence or absence of trapped charge on the floating gate. 6
  • Slide 7
  • Flash Memory Background Float Gate Transistors Flash cells without charge are read as 1. Flash cells have charge are read as 0. Single-Level Cells: one bit is stored per cell. Multi-Level Cells: multiple bits are stored per cell. 7
  • Slide 8
  • Flash Memory Background Flash Organization and Operation Read: transistor is turned on and the amount of current is detected. Erase: pushes charge off the floating-gate by applying a large negative voltage on the control gate. Write: stores charge on the floating-gate Page: the smallest unit in which data is read or written Block: the smallest unit for an erase operation Flash does not provide bit-level write or erase. 8
  • Slide 9
  • Flash Memory Background Aging The voltages involved place great stress on the device oxide, wearing out the device. The bit is rendered non-operational, leaving it in a stuck-at state. The program time that is required to flip a state from 1 to 0 for a cell tends to reduce. 9
  • Slide 10
  • Flash Memory Background Partial Programming Program time: the time it takes to program a Flash cell. Flash memory interface requires all bits in a page to be programmed together. The program time only reveals how long programming the entire page takes. 10
  • Slide 11
  • Flash Memory Background Partial Programming Partial program: aborting a program operation before completion. Partial programs: will accumulate charge on the floating gate and eventually result in the cell entering a stable programmed state. The number of partial program operations to flip a bit from 1 to 0 represents the program time for the bit. 11
  • Slide 12
  • Information Hiding Algorithm Overview The program time is the time it takes for a bit to change from the erased state (1) to the programmed state (0). Need to be able to intentionally change and control each bits program time. Stress some bits within a page more than others by controlling the value written to it. 12
  • Slide 13
  • Information Hiding Algorithm Overview The program times of individual bits vary significantly due to manufacturing variations. Encode one bit of hidden information using many bits in Flash memory. Use a key (hiding key) to select which Flash bits will be grouped together. 13
  • Slide 14
  • Information Hiding Algorithm Hiding Algorithm: Choose set of page/block. Divide the bits into fixed size group. The algorithm determines which value ( 0 or 1) need to be written. 14
  • Slide 15
  • Information Hiding Algorithm Hiding Algorithm: Decide on a N to exert on Flash. N is chosen to ensure good BER. Each page is programmed N time to imprint the payload into Flash. 15
  • Slide 16
  • Information Hiding Algorithm 16 Recovery Algorithm: Use partial programming to measure the program time. Choose M such that at the end of M partial programs, more than half of the bits, are programmed. If bits do not flip, its program time is set to constant.
  • Slide 17
  • Information Hiding Algorithm 17 Recovery Algorithm: Compute the median program time. If bits program time is above the median, set it to 1. If bits program time is below the median, set it to 0. X is chosen empirically.
  • Slide 18
  • Information Hiding Algorithm 18 Recovery Algorithm: Divide bits into group. Compute average program time for each group. Bits payload is set to 1 if the average program time of the group is below Th, 0 otherwise. Th: the average program times of the more-stressed and less-stressed groups
  • Slide 19
  • Evaluation Setup Use custom Flash test board. Use multiple types of memory flash chip. Us ed the first 4,096 bits of 16,896-bit pages. 19
  • Slide 20
  • Evaluation Robustness Bit Error Rate Bit Error Rate : metric for measuring robustness. Hide a randomly generated message into Flash memory and compared the retrieved message with the original. Select 5120 groups and 5000 PE cycles: BER = 0.0029 20
  • Slide 21
  • Evaluation Robustness BER decreases as the hiding stress increases. More stress increases the program time difference between bits hiding 1s and 0s. 21
  • Slide 22
  • Evaluation Robustness BER decreases with an increasing group size. The capacity decreases as more physical bits are included. the statistical variations among groups will decrease as the group size increases. 22
  • Slide 23
  • Evaluation Robustness Neighboring pages have a strong influence on each other. Subset of pages with specific interval K. There is not much benefit to using a group size beyond 128 and a page interval beyond 4. 23
  • Slide 24
  • Evaluation Effectiveness Aim to simulate the normal usage of the Flash chip. In each program operation for the initial stress, random data are programmed. As initial stress level increases, the BER also increases 24
  • Slide 25
  • Evaluation Performance For hiding : Throughput :16.6 bits/second. Higher with smaller number of PE cycles or group. For reading: Throughput: 564 bit/second. Higher if hiding scheme uses a smaller number of Flash bits to encode each hidden bit. 25
  • Slide 26
  • Evaluation Detectability Information hiding scheme uses per-bit program time. The hiding operation does not change normal Flash functions. An attacker needs to rely on checking the analog properties of the Flash memory. 26
  • Slide 27
  • Evaluation Detectability There is no visible pattern in per-page program time. The program time of a page shows distinct values. The program time values for each chip stay the same. 27
  • Slide 28
  • Evaluation Retrieval without the Hiding Key 10% of Correct Group Members Group size is a security parameter 28
  • Slide 29
  • Evaluation Erase Tolerance Stress the chip after hiding info. Program every bit of the page to 0. BER is quite reasonable. 29
  • Slide 30
  • Evaluation Different Flash Models Tested several different Flash memory models. Chips from the same manufacturer perform similarly. In MLC chip: Bits split into a fast group and a slow group. Only the faster programming bits work for info hiding. 30
  • Slide 31
  • Conclusion Demonstrate a technique to hide information using the program time of individual bits in Flash memory. Using groups of bits to store one bit of payload allows the technique to effectively hide information robustly with low bit error rates. Without the key, measuring analog characteristics of the Flash chip can not reveals whether the chip contains hidden information. 31
  • Slide 32
  • Q & A 32