To address the vulnerability of memristor-based in-memory computing (IMC) weights to adversarial extraction—thereby threatening intellectual property (IP) rights—this paper proposes a lightweight hardware security scheme. The method integrates a key-driven weight permutor with watermark protection columns, enabling simultaneous confidentiality protection of weights and verifiable ownership authentication without modifying the underlying crossbar array architecture. Comprehensive simulations across 45 nm, 22 nm, and 7 nm CMOS technologies, using RF and MNIST datasets, demonstrate that the scheme incurs less than 10% overhead in area, latency, and power—significantly outperforming existing approaches. Crucially, it preserves the high energy efficiency inherent to IMC while providing strong security guarantees. This work establishes a scalable, on-chip security paradigm for protecting AI accelerator IP, bridging the gap between robust hardware security and efficient neuromorphic computing.

Memristive crossbar arrays enable in-memory computing by performing parallel analog computations directly within memory, making them well-suited for machine learning, neural networks, and neuromorphic systems. However, despite their advantages, non-volatile memristors are vulnerable to security threats (such as adversarial extraction of stored weights when the hardware is compromised. Protecting these weights is essential since they represent valuable intellectual property resulting from lengthy and costly training processes using large, often proprietary, datasets. As a solution we propose two security mechanisms: Keyed Permutor and Watermark Protection Columns; where both safeguard critical weights and establish verifiable ownership (even in cases of data leakage). Our approach integrates efficiently with existing memristive crossbar architectures without significant design modifications. Simulations across 45nm, 22nm, and 7nm CMOS nodes, using a realistic interconnect model and a large RF dataset, show that both mechanisms offer robust protection with under 10% overhead in area, delay and power. We also present initial experiments employing the widely known MNIST dataset; further highlighting the feasibility of securing memristive in-memory computing systems with minimal performance trade-offs.