Abstract: Examples described herein provide for attestation of memory dies using a respective memory identifier of the memory die itself. A memory device may include a memory die with a memory array, attestation logic, and programmable circuitry that stores a memory identifier associated with the memory array. The attestation logic may generate an encryption key pair based on the memory identifier stored in the programmable circuitry. Advantageously, by attesting memory die using a memory identifier stored in programmable circuitry, examples of systems and methods described herein may provide increased security for data processed by memory die. For example, a non-attested or compromised memory die may be remediated. The attestation of memory dies may include attestation of memory dies on wireless devices, drones, vehicles, and/or Internet-of-Things devices.

Abstract: Examples of systems and methods described herein provide for erasing an encrypted key used for data access to a non-volatile memory device. A memory controller may generate an encrypted key for data access to non-volatile memory devices; and, to provide security of data stored on the non-volatile memory devices, the memory controller may store the encrypted key in a local cache of the memory controller. The encrypted key may be erased responsive to losing power or powering down of memory controller. Advantageously, the data stored at the non-volatile memory device may not be accessed when the memory controller (or a computing device implementing the memory controller) loses power. Accordingly, if a malicious actor were to physically remove (or steal) a computing device implementing the memory controller (e.g., a laptop computer), in an attempt to acquire the data, the data stored on the non-volatile memory devices could not be accessed.

Abstract: Methods, systems, and devices for measuring change in a channel characteristic to detect a memory device attack are described. A system, such as a vehicle system, May include a host device coupled with a memory device. The host device may transmit a first signal to the memory device and may receive, from the memory device, a second signal as feedback based on the first signal. The host device may determine a channel characteristic, such as a channel impedance measurement, based on the second signal received from the memory device. If the determined channel characteristic fails to satisfy a threshold (e.g., if the measured channel impedance fails to satisfy a reference value within a tolerance range), the host device may detect a potential attack on the memory device and may take corrective action, such as disabling one or more features of the memory device.

Abstract: Methods, systems, and devices for temperature change measurement to detect an attack on a memory device are described. A memory device may measure a rate of change for temperature readings at a dynamic random access memory (DRAM) component of the memory device (e.g., using sensors at the DRAM component). The memory device may compare the rate of change for the temperature to a threshold, for example, using circuitry, a threshold value stored in memory, or both. If the memory device determines that the rate of change for the temperature satisfies the threshold, the memory device may disable one or more features of the memory device to protect against a potential attack. For example, an attack on the memory device may be indicated by the change in temperature readings at the DRAM component, and the memory device may perform one or more protective measures based on detecting the temperature change.

Abstract: A method can include performing at least one glitch resistance operation and detecting, by a circuit included in a glitch detector coupled via a connection matrix to a first processing unit, an indication of a glitch on a memory system. The method can include notifying, via the connection matrix, at least a second processing unit of the detected indication of the glitch. The method can include subsequent to notifying at least the second processing unit, transmitting via the at least the second processing unit a glitch confirmation signal.

Abstract: Methods, systems, and devices for protective actions for a memory device based on detecting an attack are described. In some systems, a memory device may detect whether a fault is injected into the memory device. The memory device may apply a delay during boot up if a fault is detected. To ensure the delay is applied, the memory device may default to applying the delay and may remove an indication to apply the delay if a fault is not detected. Additionally or alternatively, the memory device may erase information from non-volatile memory during boot up, for example, if a fault is detected. The memory device may be configured to ensure at least a specific portion of memory resources (e.g., resources configured to store sensitive information) is erased during boot up. In some examples, the memory device may store data using a stream cipher to improve security of the data.

Abstract: Methods and apparatus for dynamically adjusting performance of partitioned memory. In one embodiment, the method includes receiving one or more configuration requests for the memory device, determining whether to grant the one or more configuration requests for the memory device, in response to the determining, implementing the one or more configuration requests within the memory device and operating the memory device in accordance with the implementing. The adjusting of the performance for the partitioned memory includes one or more of enabling/disabling refresh operations, altering a refresh rate for the partitioned memory, enabling/disabling error correcting code (ECC) circuitry for the partitioned memory, and/or altering a memory cell architecture for the partitioned memory. Systems and applications that may benefit from the dynamic adjustment of performance are also disclosed.

Abstract: Methods, systems, and devices for measuring change in a channel characteristic to detect a memory device attack are described. A system, such as a vehicle system, may include a host device coupled with a memory device. The host device may transmit a first signal to the memory device and may receive, from the memory device, a second signal as feedback based on the first signal. The host device may determine a channel characteristic, such as a channel impedance measurement, based on the second signal received from the memory device. If the determined channel characteristic fails to satisfy a threshold (e.g., if the measured channel impedance fails to satisfy a reference value within a tolerance range), the host device may detect a potential attack on the memory device and may take corrective action, such as disabling one or more features of the memory device.

Abstract: Methods, systems, and devices for voltage input and clock speed change determination to detect an attack are described. In some systems, a memory device may receive first signaling indicative of a first value for an input (e.g., voltage input, clock speed) to the memory device. The memory device may further receive second signaling indicative of a second (e.g., time-delayed) value for the input to the memory device. The memory device may detect a change to the input based on the first signaling and the second signaling. For example, the memory device may compare the first signaling to the second signaling, may compare a difference between the first signaling and the second signaling to a threshold, or both. If the input changes (e.g., by a threshold amount), the memory device may disable one or more features to protect against an attack on the memory device.

Abstract: Methods, systems, and devices for temperature change measurement to detect an attack on a memory device are described. A memory device may measure a rate of change for temperature readings at a dynamic random access memory (DRAM) component of the memory device (e.g., using sensors at the DRAM component). The memory device may compare the rate of change for the temperature to a threshold, for example, using circuitry, a threshold value stored in memory, or both. If the memory device determines that the rate of change for the temperature satisfies the threshold, the memory device may disable one or more features of the memory device to protect against a potential attack. For example, an attack on the memory device may be indicated by the change in temperature readings at the DRAM component, and the memory device may perform one or more protective measures based on detecting the temperature change.

Abstract: A method can include performing at least one glitch resistance operation and detecting, by a circuit included in a glitch detector coupled via a connection matrix to a first processing unit, an indication of a glitch on a memory system. The method can include notifying, via the connection matrix, at least a second processing unit of the detected indication of the glitch. The method can include subsequent to notifying at least the second processing unit, transmitting via the at least the second processing unit a glitch confirmation signal.

Abstract: Methods, systems, and devices for verification of a volatile memory, such as a dynamic random-access memory (DRAM), using a unique identifier (ID) are described. A memory device may store a unique ID for a DRAM component of the memory device in non-volatile memory (e.g., in the DRAM, external to the DRAM). A host device coupled with the memory device may store, to non-volatile memory at the host device, information for verifying the identity of the DRAM component, for example, based on the unique ID. The memory device and host device may perform a procedure for verification of the identity of the DRAM component using the unique ID of the DRAM and the verification information stored at the host device. If the host device detects that the DRAM has been replaced or modified based on the verification procedure, the host device may disable one or more features of the memory device.

Abstract: Apparatuses and methods for managing a coherent memory are described. These may include one or more algorithmic logic units (ALUs) and an input/output (IO) interface. The I/O interface may receive one or more commands and retrieve data from or write data to a memory device. Each command may contain a memory address portion associated with a memory device. The apparatus may also include a memory mapping unit and a device controller. The memory mapping unit may map the memory address to a memory portion of the memory device, and the device controller may communicate with the memory device to retrieve data from or write data to the memory device. The apparatus may be implemented as a processing element in a configurable logic block network, which may additionally include a control logic unit that receives programming instructions from an application and generate the one or more commands based on the instructions.

Abstract: Examples of systems and methods described herein provide for accessing memory devices and, concurrently, generating access codes using an authenticated stream cipher at a memory controller. For example, a memory controller may use a memory access request to, concurrently, perform translation logic and/or error correction on data associated with the memory access request; while also utilizing the memory address as an initialization vector for an authenticated stream cipher to generate an access code. The error correction may be performed subsequent to address translation for a write operation (or prior to address translation for a read operation) to improve processing speed of memory access requests at a memory controller; while the memory controller also generates the encrypted access code.

Abstract: A system includes a memory comprising a memory cell array configured to store data and a logging logic circuit configured to generate a log of detected faults or attacks on the memory cell array, and a host hosting a hypervisor. The hypervisor is configured to host a virtual machine, including managing data allocation for processes of the virtual machine to a first region of the memory cell array. The hypervisor is further configured to receive the log of detected faults or attacks? generated by the logging logic circuit. In response to a determination that the first region of the memory cell array has a detected fault or attack based on the log of detected faults or attacks, re-direct data allocation for the virtual machine to a second region of the memory cell array.

Abstract: A release mechanism is provided to connect to a cable connector, with the cable connector being latchable to a connector receptacle. The release mechanism includes a pull release to operatively couple to a latching mechanism of the cable connector to selectively release a latch of the latching mechanism from latching the cable connector to the connector receptacle when operatively coupled to the connector receptacle. The pull release is adapted to, at least in part, break apart in operation in response to a predetermined excess stress event on the pull release to facilitate protecting the cable connector from excessive stress due to the stress event.

Abstract: An example system includes a host computing device configured to host a first tenant and a second tenant, non-volatile memory configured to store data for the first tenant and data for the second tenant, and a memory controller including a cache of a volatile memory configured to store a first encrypted key associated with the first tenant used to access the data stored at the non-volatile memory and a second encrypted key associated with a second tenant used to access the data stored at the non-volatile memory. The memory controller further includes a processor having encryption logic configured to detect an attack on a portion of the cache storing the second encrypted key by the first tenant, and to erase the stored second encrypted key from the cache in response to detection of the attack.

Abstract: Methods, systems, and devices for verification of a volatile memory, such as a dynamic random-access memory (DRAM), using a unique identifier (ID) are described. A memory device may store a unique ID for a DRAM component of the memory device in non-volatile memory (e.g., in the DRAM, external to the DRAM). A host device coupled with the memory device may store, to non-volatile memory at the host device, information for verifying the identity of the DRAM component, for example, based on the unique ID. The memory device and host device may perform a procedure for verification of the identity of the DRAM component using the unique ID of the DRAM and the verification information stored at the host device. If the host device detects that the DRAM has been replaced or modified based on the verification procedure, the host device may disable one or more features of the memory device.

Abstract: An apparatus, and a method therefore, are described, the apparatus according to one embodiment including a security manager and a plurality of clusters of processing elements. Each cluster of the plurality of clusters includes a respective plurality of processing elements. A controller of the apparatus, which may include a security manager, may be configured to control the plurality of clusters to receive a first data stream and a second data stream, control a first plurality of processing elements in a first cluster to process the first data stream using a first security protocol, and control a second plurality of processing elements in a second cluster to process the second data stream using a second security protocol.

Abstract: Examples of systems and methods described herein provide for accessing memory devices and, concurrently, generating access codes using an authenticated stream cipher at a memory controller. For example, a memory controller may use a memory access request to, concurrently, perform translation logic and/or error correction on data associated with the memory access request; while also utilizing the memory address as an initialization vector for an authenticated stream cipher to generate an access code. The error correction may be performed subsequent to address translation for a write operation (or prior to address translation for a read operation) to improve processing speed of memory access requests at a memory controller; while the memory controller also generates the encrypted access code.