- The paper introduces effective in-DRAM security primitives—SiMRA-TRNG achieving up to 16.05 Gb/s throughput and SiMRA-PUF with high response stability.
- The analysis quantifies significant security vulnerabilities, revealing up to 158× reduction in hammer counts and 6.5× faster timing channels compared to conventional methods.
- The study underscores the need for novel memory controller architectures to mitigate enhanced disturbance and timing attack risks in Processing-in-DRAM systems.
Memory-Centric Computing: System Security Opportunities and Risks in Processing-in-DRAM
Introduction
The processor-centric paradigm in computer architecture imposes significant performance and energy bottlenecks due to excessive data movement between CPUs and DRAM. Memory-centric computing, particularly Processing-in-DRAM (PiD), rearchitects the system by embedding computation capabilities directly into the memory substrate, reducing data transfer overheads and thereby potentially improving throughput, energy, and scalability across emerging data-centric workloads. The recharacterization of DRAM—from a passive store to an active computation-security substrate—introduces both novel security primitives as well as security and reliability threats. This paper rigorously analyzes these security opportunities and challenges, with an emphasis on secure primitive construction (true random number generators and physical unclonable functions) and the exacerbated risks related to read disturbance and memory-based timing attacks (2606.20786).
Security Primitives in Processing-in-DRAM
In-DRAM True Random Number Generation: SiMRA-TRNG
DRAM-based true random number generators (TRNGs) are attractive due to the ubiquity of DRAM across digital systems. The SiMRA-TRNG enables high-throughput random number generation by exploiting simultaneous multiple-row activation (SiMRA). The mechanism involves initializing DRAM rows with balanced data and then issuing a reduced-timing ACT→PRE→ACT command sequence, causing charge sharing between oppositely-held cell values on the same bitline. These opposing contributions perturb the bitline voltage toward the reference, resulting in non-deterministic amplification by the sense amplifier. The process efficiently extracts high-quality randomness directly within the DRAM device.
Figure 1: The SiMRA command sequence for in-DRAM random number generation, exploiting analog charge perturbation during simultaneous row activations.
Empirical analysis over 96 DDR4 COTS chips demonstrates a strong correlation between number of simultaneously activated rows and achieved entropy. Across tested density and die revisions, average 512-bit cache-block entropy monotonically increases with the number of activated rows—culminating in 40.41 bits at 32-row activation.
Figure 2: Entropy scaling with increasing numbers of activated rows and DRAM architectures, directly demonstrating SiMRA's efficacy.
Throughput comparisons versus state-of-the-art DRAM TRNGs (e.g., QUAC-TRNG) reveal SiMRA-TRNG's substantial practical benefits: up to 1.99× higher throughput at 8-row activation, with average throughputs reaching 16.05 Gb/s. The design balances initialization latency with entropy per operation: higher row count yields more entropy (and passes all NIST STS tests), but with a throughput/latency tradeoff due to more expensive preparation.
Figure 3: Throughput improvement of SiMRA-based TRNG over the prior art, as a function of simultaneously activated rows.
In-DRAM Physical Unclonable Functions: SiMRA-PUF
A robust runtime-accessible physical unclonable function (PUF) must yield device-unique, stable signatures at low latency without requiring power cycling or custom DRAM circuitry. The SiMRA-PUF leverages simultaneous charge sharing of oppositely-initialized DRAM rows, resolving in the sense amplifier to either random or stable logic states, depending on process variation.
Experimental evaluation on 112 COTS DDR4 chips quantifies stability (intra-Jaccard) and uniqueness (inter-Jaccard). SiMRA-PUF attains intra-Jaccard indices up to 94.86\% and inter-Jaccard as low as 2.37\%, effectively rivaling or surpassing previous high-throughput PUFs (e.g., Frac-based PUF). Notably, 2-row SiMRA-PUF achieves 5.75% lower evaluation latency, validating both practical deployability and suitability for runtime security protocols.
Figure 4: Intra- and inter-Jaccard indices for SiMRA-PUF reflecting strong response stability and uniqueness; scalability is shown across varying N-row activations.
Security Threats in Processing-in-DRAM
Amplified Read Disturbance: PuDHammer
Processing-in-DRAM, particularly through mechanisms that repeatedly or simultaneously activate multiple rows (e.g., fast analog operations, in-DRAM copy), fundamentally alters traditional disturbance equilibrium. PuDHammer characterizes the vulnerability amplification due to simultaneous/consecutive multiple row activation (SiMRA/CoMRA) on 316 DDR4 chips from four manufacturers.
Double-sided SiMRA-based hammering achieves an up to 158× reduction in the minimum hammer count to induce a bit flip (HCfirst​), dramatically lower than conventional double-sided RowHammer. This result directly underscores significantly heightened susceptibility to disturbance-induced corruption when using analog-optimized DRAM operations.
Figure 5: Distributional shift in HCfirst​ for SiMRA-based attacks relative to RowHammer, evidencing exponential vulnerability amplification.
Standard RowHammer mitigation, such as Per-Row Activation Counting (PRAC), incurs on average 48.26% system performance overhead when adapted to PuD contexts. This inefficiency indicates existing countermeasures are not scalable for robust, high-bandwidth PiD systems with widespread analog operations.
High-Throughput Timing Channels: IMPACT
By enabling direct main memory access and bypassing the cache hierarchy, PiD opens new high-throughput timing attack surfaces. IMPACT demonstrates that shared row-buffer timing—exploitable via PiM-enabled instructions and in-DRAM copy (RowClone)—can sustain covert and side-channels. The attack flow (IMPACT-PuM) achieves a communication throughput of 14.8 Mb/s, a 6.5× increase over prior memory-based covert channels. Genome privacy attacks using this channel leak private query characteristics at 7.6 Mb/s with 96% accuracy.
Figure 6: End-to-end IMPACT-PuM covert channel, demonstrating high-throughput transmission through orchestrated PiD memory accesses.
While four classes of defenses to eliminate the channel are evaluated, all incur substantial performance penalties, indicating that robust, low-overhead countermeasures for PiD-specific timing side-channels remain unsolved.
Implications and Outlook
DRAM's evolution to a compute-storage-security multi-role substrate compels a holistic reassessment of memory subsystem architecture. SiMRA-based security primitives provide backend, high-performance solutions for cryptography, authentication, and secure protocol bootstrapping—potentially transforming the trusted computing base by minimizing data exposure and removing reliance on external security coprocessors. Conversely, the same analog in-memory techniques exponentially heighten failure and exploitability risks: existing reliability boundaries are insufficient, while conventional security mitigations exhibit high system-level costs.
Adoption of PiD and related MCC architectures in AI and privacy-critical workloads will demand joint innovation in robust memory controller architectures, privilege and isolation enforcement for in-memory instructions, fine-grained access and activation tracking, and fundamentally new physical-layer resilience metrics. Future AI systems integrating or offloading security primitives to DRAM must jointly address system-level isolation, reliability, and side-channel containment.
Conclusion
This work provides a rigorous architectural and experimental investigation into the security consequences of memory-centric computing, focusing on Processing-in-DRAM. The demonstrated advancement in in-DRAM true random number generation and physically unclonable function construction exemplifies PiD's potential for efficient, secure primitive instantiation. At the same time, the paper uncovers and quantifies significantly enhanced read disturbance vulnerabilities and new high-throughput timing channel threats, challenging the viability of naïvely adopting PiD. Realizing the benefits and containing the risks of MCC and PiD demands a computing stack rearchitecture that treats memory as a security-critical compute substrate, not merely as passive storage. Widespread, secure deployment of PiD will require both recognition of these dualities and dedicated research across the entire system stack (2606.20786).