Alam Muhtasim
1*
Mousam Hossain
2
Soheil Salehi
1*The final, formatted version of the article will be published soon.
ORIGINAL RESEARCH article
Front.Electron.
Sec. Integrated Circuits and VLSI
Volume 5 - 2024 |
doi: 10.3389/felec.2024.1409548
This article is part of the Research Topic Spintronics Devices for Computing in a Beyond-CMOS era View all articles
S-Tune: SOT-MTJ Manufacturing Parameters Tuning for Secure Next Generation of Computing
Provisionally accepted- 1 University of Arizona, Tucson, Arizona, United States
- 2 University of Central Florida, Orlando, Florida, United States
Hardware-based acceleration approaches for Machine Learning (ML) workloads have been embracing the significant potential of post-CMOS switching devices to attain reduced footprint and/or energy-efficient execution relative to transistor-based GPU and/or TPU-based accelerator architectures. Meanwhile, the promulgation of fabless IC chip manufacturing paradigms has heightened the hardware security concerns inherent in such approaches. Namely, unauthorized access to various supply chain stages may expose significant vulnerabilities resulting in malfunctions including subtle adversarial outcomes via the malicious generation of differentially-corrupted outputs. Whereas the Spin-Orbit Torque Magnetic Tunnel Junction (SOT-MTJ) is a leading spintronic device for use in ML accelerators, as well as holding security tokens, their manufacturingonly security exposures are identified and evaluated herein. Results indicate a novel vulnerability profile whereby an adversary without access to the circuit netlist could differentially-influence the machine learning application's behavior. Specifically, ML recognition outputs can be significantly swayed via a global modification of oxide thickness (Tox) resulting in bit-flips of the weights in the crossbar array, thus corrupting the recognition of selected digits in MNIST dataset differentially creating an opportunity for an adversary. With just 0.05% of bits in crossbar having a flipped resistance state, digits '4' and '5' show the highest overall error rates, and digit '9' exhibit the lowest impact, with recognition accuracy of digits '2', '3', and '8' unaffected by changing the oxide thickness of SOT-MTJs uniformly from 0.75 nm to 1.2 nm without modifying the netlist nor even having access to the circuit design itself. Exposures and mitigation approaches to such novel and potentially damaging manufacturing-side intrusions are identified, postulated, and quantitatively assessed.
Keywords: hardware supply chain security, emerging switching devices, Machine learning accelerators, SOT-MRAM, Semiconductor fabrication
Received: 30 Mar 2024; Accepted: 22 Jul 2024.
Copyright: © 2024 Muhtasim, Hossain, Mastrangelo, Demara and Salehi. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
* Correspondence:
Alam Muhtasim, University of Arizona, Tucson, 85721, Arizona, United States
Soheil Salehi, University of Arizona, Tucson, 85721, Arizona, United States
Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.