CiMSAT: Exploiting SAT Analysis to Attack Compute-in-Memory Architecture Defenses

Abstract

Compute-in-memory (CiM) architecture is an emerging energyefficient processing paradigm that has attracted widespread attention in AI and Internet of Things (IoT) applications. To protect statically stored sensitive data in CiM, designers have implemented various hardware obfuscation techniques in CiM architectures. However, we observe that existing CiM obfuscation defense strategies are based on straightforward static-key deployment strategies, which pose vulnerabilities from the perspective of key-pruning algorithms for de-obfuscation.

This work proposes CiMSAT, a CiM de-obfuscation methodology based on Boolean satisfiability (SAT) theory. We conduct the first security analysis specifically tailored to the storage and mixed-signal computing features of CiM architecture, which are two key challenges to de-obfuscate existing state-of-the-art CiM defenses. To model storage units, we innovatively fit and utilize the “no-inference-value” obfuscated data for function approximation. To reconstruct mixed-signal circuits, we design bias-tolerant SAT to address the biases introduced by the approximation. With the proposed workflow, we investigate and evaluate all the existing 14 CiM obfuscation architectures using our de-obfuscation framework. We model a total of 176 defense vectors derived from different defense techniques and parameters, among which 158 (90%) can be de-obfuscated and returned the keys within 1,000 seconds and 172 (98%) defenses can be recovered within 105 seconds (approximately one day). We further reload the keys into CiM simulators with obfuscation, achieving an average of 97% and 95% accuracy recovery in widely adopted MNIST and CIFAR-10 classification applications in CiM obfuscation, respectively.