Hiding Information in Flash Memory Yinglei Wang Wingkei
- Slides: 32
Hiding Information in Flash Memory • Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh • Cornell University • Tuan Tran
Introduction Steganography? Yes
Presentation Outline �Overview �Flash Memory Background �Information Hiding Algorithm �Evaluation �Conclusion 3
Overview �The goal of the hiding technique is to make the detection, retrieval, and removal of hidden information sufficiently time consuming for an attacker. 4
Overview Flash Interface Requirements for the technique �Work with flash and float-gate non-volatile memory which can read, program and erase to specific memory location. �Can be implemented as a software update. 5
Flash Memory Background Float Gate Transistors � The floating gate is an insulated conductor surrounded by oxide. � Information is stored as the presence or absence of trapped charge on the floating gate. 6
Flash Memory Background Float Gate Transistors �Flash cells without charge are read as 1. �Flash cells have charge are read as 0. �Single-Level Cells: one bit is stored per cell. �Multi-Level Cells: multiple bits are stored per cell. 7
Flash Memory Background Flash Organization and Operation �Read: transistor is turned on and the amount of current is detected. �Erase: pushes charge off the floating-gate by applying a large negative voltage on the control gate. �Write: stores charge on the floating-gate �Page: the smallest unit in which data is read or written �Block: the smallest unit for an erase operation �Flash does not provide bit-level write or erase. 8
Flash Memory Background Aging �The voltages involved place great stress on the device oxide, wearing out the device. �The bit is rendered non-operational, leaving it in a stuck-at state. �The program time that is required to flip a state from ‘ 1’ to ‘ 0’ for a cell tends to reduce. 9
Flash Memory Background Partial Programming �Program time: the time it takes to program a Flash cell. �Flash memory interface requires all bits in a page to be programmed together. �The program time only reveals how long programming the entire page takes. 10
Flash Memory Background Partial Programming �Partial program: aborting a program operation before completion. �Partial programs: will accumulate charge on the floating gate and eventually result in the cell entering a stable programmed state. �The number of partial program operations to flip a bit from 1 to 0 represents the program time for the bit. 11
Information Hiding Algorithm Overview �The program time is the time it takes for a bit to change from the erased state (1) to the programmed state (0). �Need to be able to intentionally change and control each bit’s program time. �Stress some bits within a page more than others by controlling the value written to it. 12
Information Hiding Algorithm Overview �The program times of individual bits vary significantly due to manufacturing variations. �Encode one bit of hidden information using many bits in Flash memory. �Use a key (hiding key) to select which Flash bits will be grouped together. 13
Information Hiding Algorithm: � Choose set of page/block. � Divide the bits into fixed size group. � The algorithm determines which value ( 0 or 1) need to be written. 14
Information Hiding Algorithm: � Decide on a N to exert on Flash. � N is chosen to ensure good BER. � Each page is programmed N time to imprint the payload into Flash. 15
Information Hiding Algorithm Recovery Algorithm: � Use partial programming to measure the program time. � Choose M such that at the end of M partial programs, more than half of the bits, are programmed. � If bits do not flip, its program time is set to constant. 16
Information Hiding Algorithm Recovery Algorithm: � Compute the median program time. � If bit’s program time is above the median, set it to 1. � If bit’s program time is below the median, set it to 0. � X is chosen empirically. 17
Information Hiding Algorithm Recovery Algorithm: � Divide bits into group. � Compute average program time for each group. � Bit’s payload is set to 1 if the average program time of the group is below Th, 0 otherwise. � Th: the average program times of the more-stressed and less-stressed groups 18
Evaluation Setup �Use custom Flash test board. �Use multiple types of memory flash chip. �Used the first 4, 096 bits of 16, 896 -bit pages. 19
Evaluation Robustness – Bit Error Rate �Bit Error Rate : metric for measuring robustness. �Hide a randomly generated message into Flash memory and compared the retrieved message with the original. �Select 5120 groups and 5000 PE cycles: BER = 0. 0029 20
Evaluation Robustness � BER decreases as the hiding stress increases. � More stress increases the program time difference between bits hiding 1 s and 0 s. 21
Evaluation Robustness � BER decreases with an increasing group size. � The capacity decreases as more physical bits are included. � the statistical variations among groups will decrease as the group size increases. 22
Evaluation Robustness � Neighboring pages have a strong influence on each other. � Subset of pages with specific interval K. � There is not much benefit to using a group size beyond 128 and a page interval beyond 4. 23
Evaluation Effectiveness � Aim to simulate the normal usage of the Flash chip. � In each program operation for the initial stress, random data are programmed. � As initial stress level increases, the BER also increases 24
Evaluation Performance �For hiding : �Throughput : 16. 6 bits/second. �Higher with smaller number of PE cycles or group. �For reading: �Throughput: 564 bit/second. �Higher if hiding scheme uses a smaller number of Flash bits to encode each hidden bit. 25
Evaluation Detectability �Information hiding scheme uses per-bit program time. �The hiding operation does not change normal Flash functions. �An attacker needs to rely on checking the analog properties of the Flash memory. 26
Evaluation Detectability � There is no visible pattern in per-page program time. � The program time of a page shows distinct values. � The program time values for each chip stay the same. 27
Evaluation Retrieval without the Hiding Key � 10% of Correct Group Members � Group size is a security parameter 28
Evaluation Erase Tolerance � Stress the chip after hiding info. � Program every bit of the page to 0. � BER is quite reasonable. 29
Evaluation Different Flash Models �Tested several different Flash memory models. �Chips from the same manufacturer perform similarly. �In MLC chip: �Bits split into a fast group and a slow group. �Only the faster programming bits work for info hiding. 30
Conclusion �Demonstrate a technique to hide information using the program time of individual bits in Flash memory. �Using groups of bits to store one bit of payload allows the technique to effectively hide information robustly with low bit error rates. �Without the key, measuring analog characteristics of the Flash chip can not reveals whether the chip contains hidden information. 31
Q&A 32
Yinglei wang
Digital photography with flash and no-flash image pairs
Flash memory lifetime
Nanoelectronics
Nand
Hpe memory driven flash
Ememory
Toshiba 1980 flash
Uil music memory practice test
Nand data retention
Information hiding principle
Information hiding adalah
Information hiding oop
Information hiding in software engineering
David lorge parnas
Information hiding
Semantic prototype
Explicit memory
Long term memory vs short term memory
Internal memory and external memory
Primary memory and secondary memory
Logical address
Which memory is the actual working memory?
Virtual memory
Virtual memory in memory hierarchy consists of
Eidetic memory vs iconic memory
Shared vs distributed memory
Long term memory
Models of ltm - frames
Information reproduced from memory can be assisted by cues
Memory is the persistence of learning over time
The hiding place chapter 9
Going into hiding gif
