slides

advertisement
•Yinglei Wang, Wing-kei Yu, Sarah Q. Xu,
Edwin Kan, and G. Edward Suh
• Cornell University
• Tuan Tran
Introduction
Steganography? Yes
Presentation Outline
 Overview
 Flash Memory Background
 Information Hiding Algorithm
 Evaluation
 Conclusion
3
Overview
 The goal of the hiding technique is to make the detection,
retrieval, and removal of hidden information sufficiently time
consuming for an attacker.
4
Overview
Flash Interface Requirements for the technique
 Work with flash and float-gate non-volatile memory which
can read, program and erase to specific memory location.
 Can be implemented as a software update.
5
Flash Memory Background
Float Gate Transistors
 The floating gate is an insulated conductor
surrounded by oxide.
 Information is stored as the presence or
absence of trapped charge on the floating gate.
6
Flash Memory Background
Float Gate Transistors
 Flash cells without charge are read as 1.
 Flash cells have charge are read as 0.
 Single-Level Cells: one bit is stored per cell.
 Multi-Level Cells: multiple bits are stored per cell.
7
Flash Memory Background
Flash Organization and Operation
 Read: transistor is turned on and the amount of current is detected.
 Erase: pushes charge off the floating-gate by applying a large negative
voltage on the control gate.
 Write: stores charge on the floating-gate
 Page: the smallest unit in which data is read or written
 Block: the smallest unit for an erase operation
 Flash does not provide bit-level write or erase.
8
Flash Memory Background
Aging
 The voltages involved place great stress on the device
oxide, wearing out the device.
 The bit is rendered non-operational, leaving it in a stuck-at
state.
 The program time that is required to flip a state from ‘1’ to
‘0’ for a cell tends to reduce.
9
Flash Memory Background
Partial Programming
 Program time: the time it takes to program a Flash cell.
 Flash memory interface requires all bits in a page to be
programmed together.
 The program time only reveals how long programming the
entire page takes.
10
Flash Memory Background
Partial Programming
 Partial program: aborting a program operation before completion.
 Partial programs: will accumulate charge on the floating gate and
eventually result in the cell entering a stable programmed state.
 The number of partial program operations to flip a bit from
1 to 0 represents the program time for the bit.
11
Information Hiding Algorithm
Overview
 The program time is the time it takes for a bit to change
from the erased state (1) to the programmed state (0).
 Need to be able to intentionally change and control each
bit’s program time.
 Stress some bits within a page more than others by
controlling the value written to it.
12
Information Hiding Algorithm
Overview
 The program times of individual bits vary significantly due
to manufacturing variations.
 Encode one bit of hidden information using many bits in
Flash memory.
 Use a key (hiding key) to select which Flash bits will be
grouped together.
13
Information Hiding Algorithm
Hiding Algorithm:
 Choose set of page/block.
 Divide the bits into fixed size group.
 The algorithm determines which
value ( 0 or 1) need to be written.
14
Information Hiding Algorithm
Hiding Algorithm:
 Decide on a N to exert on Flash.
 N is chosen to ensure good BER.
 Each page is programmed N time
to imprint the payload into Flash.
15
Information Hiding Algorithm
Recovery Algorithm:
 Use partial programming to measure
the program time.
 Choose M such that at the end of M
partial programs, more than half of
the bits, are programmed.
 If bits do not flip, its program time is
set to constant.
16
Information Hiding Algorithm
Recovery Algorithm:
 Compute the median program time.
 If bit’s program time is above the
median, set it to 1.
 If bit’s program time is below the
median, set it to 0.
 X is chosen empirically.
17
Information Hiding Algorithm
Recovery Algorithm:
 Divide bits into group.
 Compute average program time for
each group.
 Bit’s payload is set to 1 if the
average program time of the group is
below Th, 0 otherwise.
 Th: the average program times of the
more-stressed and less-stressed
groups
18
Evaluation
Setup
 Use custom Flash test board.
 Use multiple types of memory flash chip.
 Used the first 4,096 bits of 16,896-bit pages.
19
Evaluation
Robustness – Bit Error Rate
 Bit Error Rate : metric for measuring robustness.
 Hide a randomly generated message into Flash memory and
compared the retrieved message with the original.
 Select 5120 groups and 5000 PE cycles: BER = 0.0029
20
Evaluation
Robustness
 BER decreases as
the hiding stress increases.
 More stress increases the program
time difference between
bits hiding 1s and 0s.
21
Evaluation
Robustness
 BER decreases with
an increasing group size.
 The capacity decreases as
more physical bits are included.
 the statistical variations among
groups will decrease as the
group size increases.
22
Evaluation
Robustness
 Neighboring pages have a strong
influence on each other.
 Subset of pages with specific
interval K.
 There is not much benefit to using a
group size beyond 128 and
a page interval beyond 4.
23
Evaluation
Effectiveness
 Aim to simulate the normal usage
of the Flash chip.
 In each program operation for the
initial stress, random data
are programmed.
 As initial stress level increases,
the BER also increases
24
Evaluation
Performance
 For hiding :
 Throughput :16.6 bits/second.
 Higher with smaller number of PE cycles or group.
 For reading:
 Throughput: 564 bit/second.
 Higher if hiding scheme uses a smaller number of Flash bits
to encode each hidden bit.
25
Evaluation
Detectability
 Information hiding scheme uses per-bit program time.
 The hiding operation does not change normal Flash functions.
 An attacker needs to rely on checking the analog properties of
the Flash memory.
26
Evaluation
Detectability
 There is no visible pattern in
per-page program time.
 The program time of a page
shows distinct values.
 The program time values
for each chip stay the same.
27
Evaluation
Retrieval without the Hiding Key
 10% of Correct Group Members
 Group size is a security parameter
28
Evaluation
Erase Tolerance
 Stress the chip after hiding info.
 Program every bit of the page to 0.
 BER is quite reasonable.
29
Evaluation
Different Flash Models
 Tested several different Flash memory models.
 Chips from the same manufacturer perform similarly.
 In MLC chip:
 Bits split into a fast group and a slow group.
 Only the faster programming bits work for info hiding.
30
Conclusion
 Demonstrate a technique to hide information using the
program time of individual bits in Flash memory.
 Using groups of bits to store one bit of payload allows the
technique to effectively hide information robustly with low
bit error rates.
 Without the key, measuring analog characteristics of the
Flash chip can not reveals whether the chip contains hidden
information.
31
Q&A
32
Download