Laser Fault Injection in Memristor Arrays Enables 143% Output Perturbation and 99.7% Differential Fault Analysis

Memristor-based systems represent a promising pathway towards faster and more efficient artificial intelligence and neuromorphic computing, owing to their ability to perform complex calculations directly within the memory itself. Muhammad Faheemur Rahman and Wayne Burleson, from the University of Massachusetts Amherst, investigate a critical security vulnerability in these emerging architectures, demonstrating how laser beams can subtly manipulate the behaviour of memristor cells. Their research reveals that carefully targeted laser fault injection induces measurable changes in the system’s output, enabling an attacker to infer internal operating parameters with remarkable accuracy, potentially replicating the model or compromising its integrity through deliberate weight alterations. This work highlights a previously unrecognised attack surface in hardware accelerators and establishes a new threat model for securing future AI and machine learning systems.

Memristive crossbar arrays (MCA) are becoming increasingly important building blocks for in-memory computing and neuromorphic hardware, offering high density and parallel processing capabilities. However, the physical characteristics of their nonvolatile memory elements create new avenues for attack, particularly through fault injection techniques. This work investigates Laser Fault Injection as a method for inducing subtle changes in MCA-based architectures. Researchers present a detailed threat model where adversaries target memristive cells with laser beams to subtly alter their physical properties or outputs, revealing vulnerabilities in systems that rely on the integrity of memristive devices.

Laser Injection into Memristor Crossbars

Scientists developed a comprehensive simulation environment to evaluate the feasibility of Laser Fault Injection (LFI) attacks on memristive crossbar arrays (MCAs). The test architecture comprised a 256×128 array of memristors and selector transistors, fabricated using a 45nm CMOS process, incorporating realistic parasitic effects from metal interconnects. Recognizing the difficulty of targeting individual nanoscale memristors, the team modeled a realistic attack scenario using a laser with a controllable spot size ranging from 1 to 50μm. Initially, LFI was modeled as a localized current injected at specific points within the crossbar, allowing scientists to observe changes in column output currents.

By comparing these currents before and after fault injection, and modeling memristors as linear resistors with resistance values between 5 and 20 kΩ, the team applied a linear regression model to estimate the conductance of the affected cells, corresponding to the internal neural network weights. This approach demonstrated the potential to infer weights with up to 99. 7% accuracy. Further experiments shifted focus to whether injected current could actively alter stored weights. For this, scientists adopted a more realistic representation of memristor behavior that captures nonlinear and threshold-dependent characteristics.

Utilizing a current-controlled version of this model, aligned with laser-induced photocurrent injection, researchers ran simulations to determine whether injected currents could reliably change conductance values and identify appropriate attack parameters. The results showed that targeted weight alterations were possible, with a maximum compromise of approximately 143%. This work highlights the vulnerability of MCAs to physical attacks and underscores the need for stronger fault resilience and model protection in future analog accelerators.

Laser Injection Reveals and Reprograms Memristor Weights

This research demonstrates a significant vulnerability in memristive crossbar arrays, emerging technologies used for efficient computing. Scientists have shown that laser fault injection, a technique involving precisely targeted laser beams, can both reveal and alter the internal weights within these arrays. Through detailed simulations, the team established that even low-level laser currents, measured in microamperes, can induce detectable changes in output signals, enabling accurate inference of the stored weights. This exposes a pathway for adversaries to replicate the model and compromise data integrity.

Furthermore, the study reveals that stronger laser injections, ranging from 100 microamperes to 1. 2 milliamperes, can directly reprogram the memristors, permanently shifting their conductance and modifying the stored weights by as much as 143%. This ability to alter weights demonstrates a critical security risk, as attackers could manipulate the system’s functionality. The team acknowledges that the simulations were based on a specific 45nm CMOS technology node and a particular model of memristor behavior, which may not fully capture the behavior of memristors in all fabrication processes. Future work could explore the effectiveness of these attacks on physical hardware and investigate potential countermeasures to mitigate the identified vulnerabilities, such as error correction codes or shielding techniques.