FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
|
|
- Agnes Reed
- 5 years ago
- Views:
Transcription
1 , suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
2 Motivation More resources per FPGA Multi-user environments: Amazon, Microsoft and introduce FPGA usage in cloud computing System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration Multi-tenant FPGAs
3 Motivation More resources per FPGA Multi-user environments: Amazon, Microsoft and introduce FPGA usage in cloud computing System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks... 1 Schellenberg et al., An Inside Job: Remote Power Analysis Attacks on FPGAs, DATE Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
4 Motivation More resources per FPGA Multi-user environments: Amazon, Microsoft and introduce FPGA usage in cloud computing System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks... Proof-of-Concept work: Successful DFA on AES 1 Schellenberg et al., An Inside Job: Remote Power Analysis Attacks on FPGAs, DATE Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
5 Threat model Shared FPGA fabric Shared Power Distribution Network (PDN)
6 Threat model Shared FPGA fabric Shared Power Distribution Network (PDN) Attacker and victim design logically isolated
7 Threat model Shared FPGA fabric Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface
8 Threat model Shared FPGA fabric Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface Chosen-Plaintext Attack scenario
9 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
10 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
11 Power Distribution Network (PDN) Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements)
12 Power Distribution Network (PDN) Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) Law of Inductance: V drop = I R + L di dt
13 Power Distribution Network (PDN) Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) Law of Inductance: V drop = I R + L di dt High current variation Power supply voltage variation
14 Power Distribution Network (PDN) Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) Law of Inductance: V drop = I R + L di dt High current variation Power supply voltage variation Lower supply voltage Timing faults
15 Malicious Logic Logic element to cause high current variation 2 : Ring Oscillators (ROs) 2 Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
16 Malicious Logic Logic element to cause high current variation 2 : Ring Oscillators (ROs) Oscillation Gate switching Current variation Voltage drop 2 Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
17 Malicious Logic Logic element to cause high current variation 2 : Ring Oscillators (ROs) Oscillation Gate switching Current variation Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) 2 Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
18 Malicious Logic Logic element to cause high current variation 2 : Ring Oscillators (ROs) Oscillation Gate switching Current variation Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) Calibration of fault injection parameters required VCC (V) VCC max recommended VCC min recommended Time (s) FPGA supply voltage VCC during frequency scan 2 Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
19 Malicious Logic Logic element to cause high current variation 2 : Ring Oscillators (ROs) Oscillation Gate switching Current variation Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) Calibration of fault injection parameters required VCC (V) Toggle frequency decrease VCC max recommended VCC min recommended Time (s) FPGA supply voltage VCC during frequency scan 2 Gnad et al., Voltage drop-based fault attacks on FPGAs using valid bitstreams, FPL 2017
20 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
21 Fault Injection and Analysis Differential Fault Analysis on AES 3 3 Piret et al., A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad, CHES 2003
22 Fault Injection and Analysis Differential Fault Analysis on AES 3 Original scheme: Single-byte faults before 8th round All output bytes faulty 3 Piret et al., A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad, CHES 2003
23 Fault Injection and Analysis Differential Fault Analysis on AES 3 Original scheme: Single-byte faults before 8th round All output bytes faulty Injection requires high precision Fault injection before 9th round 3 Piret et al., A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad, CHES 2003
24 Fault Injection and Analysis Differential Fault Analysis on AES 3 Original scheme: Single-byte faults before 8th round All output bytes faulty Injection requires high precision Fault injection before 9th round Successful injection can be verified 3 Piret et al., A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad, CHES 2003
25 Fault Injection and Analysis Attacker issues encryption request to get correct ciphertext
26 Fault Injection and Analysis Attacker issues encryption request to get correct ciphertext Attacker issues encryption requests while activating RO grid
27 Fault Injection and Analysis Attacker issues encryption request to get correct ciphertext Attacker issues encryption requests while activating RO grid Fault injection is calibrated until desired faults appear
28 Fault Injection and Analysis Attacker issues encryption request to get correct ciphertext Attacker issues encryption requests while activating RO grid Fault injection is calibrated until desired faults appear Calibration is done only once for a specific board
29 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
30 Experimental Setup RO grid ARM CPU FPGA boards: 3 Terasic DE1-SoC, 1 Terasic DE0-Nano-SoC 3 boards of the same type 2 different boards Show generality of attack Cyclone V FPGA and ARM Cortex-A9 on one chip Linux environment on ARM Cortex-A9 AES
31 Experimental Setup RO grid AES ARM CPU FPGA boards: 3 Terasic DE1-SoC, 1 Terasic DE0-Nano-SoC 3 boards of the same type 2 different boards Show generality of attack Cyclone V FPGA and ARM Cortex-A9 on one chip Linux environment on ARM Cortex-A9 Entire threat model in one SoC: Attacker and victim software on ARM core Respective IP cores on FPGA fabric
32 Experimental Setup RO grid AES ARM CPU FPGA boards: 3 Terasic DE1-SoC, 1 Terasic DE0-Nano-SoC 3 boards of the same type 2 different boards Show generality of attack Cyclone V FPGA and ARM Cortex-A9 on one chip Linux environment on ARM Cortex-A9 Entire threat model in one SoC: Attacker and victim software on ARM core Respective IP cores on FPGA fabric Fault injection on SoC, Key recovery on PC
33 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
34 Fault Injection Rate vs #RO #faults per million requests DE1-SoC-A Logic utilization by attacker design (% of total LUTs) Measured total amount of faults F tot Measured amount of usable faults F DFA Experiments on DE1-SoC, design fully constrained
35 Fault Injection Rate vs #RO #faults per million requests DE1-SoC-A Logic utilization by attacker design (% of total LUTs) Measured total amount of faults F tot Measured amount of usable faults F DFA Experiments on DE1-SoC, design fully constrained Evaluate usable (for DFA) faults and total amount of faults
36 Fault Injection Rate vs #RO #faults per million requests DE1-SoC-A Logic utilization by attacker design (% of total LUTs) Measured total amount of faults F tot Measured amount of usable faults F DFA Experiments on DE1-SoC, design fully constrained Evaluate usable (for DFA) faults and total amount of faults Injection rate increases with amount of ROs
37 Fault Injection Rate vs #RO #faults per million requests DE1-SoC-A Logic utilization by attacker design (% of total LUTs) Measured total amount of faults F tot Measured amount of usable faults F DFA Experiments on DE1-SoC, design fully constrained Evaluate usable (for DFA) faults and total amount of faults Injection rate increases with amount of ROs Injection accuracy decreases after a certain amount
38 Fault Injection Rate vs #RO DE1-SoC-A Extended experiments: 3 different boards #faults per million requests DE1-SoC-B DE1-SoC-C Logic utilization by attacker design (% of total LUTs)
39 Fault Injection Rate vs #RO DE1-SoC-A Extended experiments: 3 different boards #faults per million requests DE1-SoC-B All boards vulnerable, Calibration finds params DE1-SoC-C Logic utilization by attacker design (% of total LUTs)
40 Fault Injection Rate vs #RO DE1-SoC-A Extended experiments: 3 different boards #faults per million requests DE1-SoC-B DE1-SoC-C All boards vulnerable, Calibration finds params Process variation Different optimal #RO Logic utilization by attacker design (% of total LUTs)
41 Key Recovery on 5000 random keys #keys % 87.9% 95.6% 2.2% 2.9% 2.6% 0.1% 0.1% 0.1% 2.0% 8.7% 1.9% 0.0% 0.1% 0.5% 0.2% 0.0% 0.1% Recovered keys Amount of key candidates remaining for each key DE1-SoC-A DE1-SoC-B DE1-SoC-C Experiments on DE1-SoC with best fault injection configuration
42 Key Recovery on 5000 random keys #keys % 87.9% 95.6% 2.2% 2.9% 2.6% 0.1% 0.1% 0.1% 2.0% 8.7% 1.9% 0.0% 0.1% 0.5% 0.2% 0.0% 0.1% Recovered keys Amount of key candidates remaining for each key DE1-SoC-A DE1-SoC-B DE1-SoC-C Experiments on DE1-SoC with best fault injection configuration Majority of 5000 keys can be recovered
43 Key Recovery on 5000 random keys #keys % 87.9% 95.6% 2.2% 2.9% 2.6% 0.1% 0.1% 0.1% 2.0% 8.7% 1.9% 0.0% 0.1% 0.5% 0.2% 0.0% 0.1% Recovered keys Amount of key candidates remaining for each key DE1-SoC-A DE1-SoC-B DE1-SoC-C Experiments on DE1-SoC with best fault injection configuration Majority of 5000 keys can be recovered Unrecovered keys due to multi-byte faults
44 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
45 Discussion and Future Work Attack on fully constrained design on DE1-SoC with < 50% resources
46 Discussion and Future Work Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable Not all devices are equally vulnerable
47 Discussion and Future Work Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable Not all devices are equally vulnerable Alternatives to using ROs may exist
48 Discussion and Future Work Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable Not all devices are equally vulnerable Alternatives to using ROs may exist Attack may be extended to hard cores (ARM SoC)
49 Discussion and Future Work Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable Not all devices are equally vulnerable Alternatives to using ROs may exist Attack may be extended to hard cores (ARM SoC) Possible mitigation: Internal sensors Bitstream checking Voltage islands
50 Outline 1 Background 2 Fault Injection and Analysis 3 Experimental Setup 4 Results 5 Discussion and Future Work 6 Conclusion
51 Conclusion High precision fault injection on shared FPGAs is possible
52 Conclusion High precision fault injection on shared FPGAs is possible Logical isolation is not enough to prevent manipulation
53 Conclusion High precision fault injection on shared FPGAs is possible Logical isolation is not enough to prevent manipulation Threat model must be considered for FPGA multi-user environments
54 Conclusion High precision fault injection on shared FPGAs is possible Logical isolation is not enough to prevent manipulation Threat model must be considered for FPGA multi-user environments Mitigation may require new/modified hardware
55 Thank you for your attention!
56 Additional Slides Complete Scan Flow
57 Additional Slides Slack Dependent Analysis #faults per million requests Reported worst-case setup slack Reported best-case setup slack Reference worst-case setup slack on DE1-SoC for 0 fop = 111 MHz AES clock frequency f op (MHz) slack (ns) 1 2 3
58 Additional Slides Slack Dependent Analysis #faults per million requests Measured amount of usable faults FDFA Measured total amount of faults Ftot Reference worst-case setup slack on DE1-SoC for 0 fop = 111 MHz AES clock frequency f op (MHz) Reported worst-case setup slack Reported best-case setup slack slack (ns) 1 2 3
59 Additional Slides Injection Process VCC (V) aes_rst_n ro_ena 0 1 AES encryption starts V CC max recommended V CC min recommended RO activation toggles V CC fluctuation Time (µs) Externally measured FPGA supply voltage V CC during fault injection AES reset logic signal (active low) RO grid activation signal
60 Additional Slides RO Floorplan ROs Virtual Pins
61 Additional Slides Adder Test Design
Fault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications liyang@ice.uec.ac.jp Toshinori Fukunaga, Junko Takahashi NTT Information Sharing
More informationSho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi Fuji2 and Takafumi Aoki1
April 15, 2014 COSADE2014 A Multiple-fault Injection Attack by Adaptiv e Timing Control under Black-box Conditi ons and a Countermeasure Sho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi
More informationSystem-on-Chip Architecture for Mobile Applications. Sabyasachi Dey
System-on-Chip Architecture for Mobile Applications Sabyasachi Dey Email: sabyasachi.dey@gmail.com Agenda What is Mobile Application Platform Challenges Key Architecture Focus Areas Conclusion Mobile Revolution
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationClock Glitch Fault Injection Attacks on an FPGA AES Implementation
Journal of Electrotechnology, Electrical Engineering and Management (2017) Vol. 1, Number 1 Clausius Scientific Press, Canada Clock Glitch Fault Injection Attacks on an FPGA AES Implementation Yifei Qiao1,a,
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More information2-Oct-13. the world s most energy friendly microcontrollers and radios
1 2 3 EFM32 4 5 LESENSE Low Energy Sensor Interface Autonomous sensing in Deep Sleep LESENSE with central control logic ACMP for sensor input DAC for reference generation Measure up to 16 sensors Inductive
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationElectromagnetic Transient Fault Injection on AES
Electromagnetic Transient Fault Injection on AES Amine DEHBAOUI ¹, Jean-Max DUTERTRE ², Bruno ROBISSON ¹, Assia TRIA ¹ Fault Diagnosis and Tolerance in Cryptography Leuven, Belgium Sunday, September 9,
More informationFault Attacks on Embedded Software: Threats, Design, and Mitigation
Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More informationAutomatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers
Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers 1 June 2010 1 Block Ciphers 2 The tool 3 Applications 4 Conclusion Basics P Block cipher E K (P) Input: Plaintext
More informationDRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric
DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric Mingyu Gao, Christina Delimitrou, Dimin Niu, Krishna Malladi, Hongzhong Zheng, Bob Brennan, Christos Kozyrakis ISCA June 22, 2016 FPGA-Based
More informationComputing to the Energy and Performance Limits with Heterogeneous CPU-FPGA Devices. Dr Jose Luis Nunez-Yanez University of Bristol
Computing to the Energy and Performance Limits with Heterogeneous CPU-FPGA Devices Dr Jose Luis Nunez-Yanez University of Bristol Power and energy savings at run-time Power = α.c.v 2.f+g1.V 3 Energy =
More informationEM Analysis in the IoT Context: Lessons Learned from an Attack on Thread
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1, Ilya Kizhvatov 2 1 Virginia Tech 2 Radboud University Nijmegen CHES 2018 Outline 1 Introduction 2 Side-Channel Vulnerability
More informationProtecting Embedded Systems from Zero-Day Attacks
Protecting Embedded Systems from Zero-Day Attacks Professor Stephen Taylor Thayer School of Engineering at Dartmouth stnh.email@icloud.com (603) 727-8945 MicroArx.com Apiotics.com 1 Research Support Current
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationSimplify System Complexity
Simplify System Complexity With the new high-performance CompactRIO controller Fanie Coetzer Field Sales Engineer Northern South Africa 2 3 New control system CompactPCI MMI/Sequencing/Logging FieldPoint
More informationELECTROMAGNETIC FAULT INJECTION ON MICROCONTROLLERS
ELECTROMAGNETIC FAULT INJECTION ON MICROCONTROLLERS Nicolas Moro 1,3, Amine Dehbaoui 2, Karine Heydemann 3, Bruno Robisson 1, Emmanuelle Encrenaz 3 1 CEA Commissariat à l Energie Atomique et aux Energies
More information3D WiNoC Architectures
Interconnect Enhances Architecture: Evolution of Wireless NoC from Planar to 3D 3D WiNoC Architectures Hiroki Matsutani Keio University, Japan Sep 18th, 2014 Hiroki Matsutani, "3D WiNoC Architectures",
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationJUST ONE FAULT Persistent Fault Analysis on Block Ciphers
JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK 2018, Kolkata, India 15 Nov 2018 Table of Contents 1. 2. 3. 4. Introduction to Fault Attacks Persistent Fault
More informationA Fault Attack Against the FOX Cipher Family
A Fault Attack Against the FOX Cipher Family L. Breveglieri 1,I.Koren 2,andP.Maistri 1 1 Department of Electronics and Information Technology, Politecnico di Milano, Milano, Italy {brevegli, maistri}@elet.polimi.it
More informationALTERA FPGAs Architecture & Design
ALTERA FPGAs Architecture & Design Course Description This course provides all theoretical and practical know-how to design programmable devices of ALTERA with QUARTUS-II design software. The course combines
More informationA Novel Design Framework for the Design of Reconfigurable Systems based on NoCs
Politecnico di Milano & EPFL A Novel Design Framework for the Design of Reconfigurable Systems based on NoCs Vincenzo Rana, Ivan Beretta, Donatella Sciuto Donatella Sciuto sciuto@elet.polimi.it Introduction
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2, and Kazuo Ohta 1 1 Department of Informatics, The University of Electro-Communications
More informationFCUDA-SoC: Platform Integration for Field-Programmable SoC with the CUDAto-FPGA
1 FCUDA-SoC: Platform Integration for Field-Programmable SoC with the CUDAto-FPGA Compiler Tan Nguyen 1, Swathi Gurumani 1, Kyle Rupnow 1, Deming Chen 2 1 Advanced Digital Sciences Center, Singapore {tan.nguyen,
More informationA Framework for Rule Processing in Reconfigurable Network Systems
A Framework for Rule Processing in Reconfigurable Network Systems Michael Attig and John Lockwood Washington University in Saint Louis Applied Research Laboratory Department of Computer Science and Engineering
More informationFDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks
FDTC 21 Fault Diagnosis and Tolerance in Cryptography PACA on AES Passive and Active Combined Attacks Christophe Clavier Benoît Feix Georges Gagnerot Mylène Roussellet Limoges University Inside Contactless
More informationFPGA architecture and design technology
CE 435 Embedded Systems Spring 2017 FPGA architecture and design technology Nikos Bellas Computer and Communications Engineering Department University of Thessaly 1 FPGA fabric A generic island-style FPGA
More informationECE 636. Reconfigurable Computing. Lecture 2. Field Programmable Gate Arrays I
ECE 636 Reconfigurable Computing Lecture 2 Field Programmable Gate Arrays I Overview Anti-fuse and EEPROM-based devices Contemporary SRAM devices - Wiring - Embedded New trends - Single-driver wiring -
More informationAdaptive Voltage Scaling (AVS) Alex Vainberg October 13, 2010
Adaptive Voltage Scaling (AVS) Alex Vainberg Email: alex.vainberg@nsc.com October 13, 2010 Agenda AVS Introduction, Technology and Architecture Design Implementation Hardware Performance Monitors Overview
More informationFault Injection Attacks and Countermeasures
Fault Injection Attacks and Countermeasures Brněnské bezpečnostní setkávání, FEKT VUT Brno Jakub Breier 28 March 2018 Physical Analysis and Cryptographic Engineering Nanyang Technological University Singapore
More informationIntegrating FPGAs with Nengo. Xuan Choo, Ben Morcos Nengo Summer School 2018 (Jun 11, 2018)
Integrating FPGAs with Nengo Xuan Choo, Ben Morcos Nengo Summer School 2018 (Jun 11, 2018) FPGA Basics What is an FPGA? FPGA Basics What is an FPGA? Field programmable gate array FPGA Basics What is an
More informationA Building Block 3D System with Inductive-Coupling Through Chip Interfaces Hiroki Matsutani Keio University, Japan
A Building Block 3D System with Inductive-Coupling Through Chip Interfaces Hiroki Matsutani Keio University, Japan 1 Outline: 3D Wireless NoC Designs This part also explores 3D NoC architecture with inductive-coupling
More informationEnabling Flexible Network FPGA Clusters in a Heterogeneous Cloud Data Center
Enabling Flexible Network FPGA Clusters in a Heterogeneous Cloud Data Center Naif Tarafdar, Thomas Lin, Eric Fukuda, Hadi Bannazadeh, Alberto Leon-Garcia, Paul Chow University of Toronto 1 Cloudy with
More informationPractical DFA on AES. Marc Witteman CTO June 13, 2013
Practical DFA on AES Marc Witteman CTO June 13, 2013 DFA on AES, how hard is that? 2003 Gilles Piret and Jean-Jacques Quisquater 2 faults 2013 Christophe Giraud and Adrian Thillard 1 fault 2013 Riscure
More informationSignal Integrity Comparisons Between Stratix II and Virtex-4 FPGAs
White Paper Introduction Signal Integrity Comparisons Between Stratix II and Virtex-4 FPGAs Signal integrity has become a critical issue in the design of high-speed systems. Poor signal integrity can mean
More informationAn FPGA Architecture Supporting Dynamically-Controlled Power Gating
An FPGA Architecture Supporting Dynamically-Controlled Power Gating Altera Corporation March 16 th, 2012 Assem Bsoul and Steve Wilton {absoul, stevew}@ece.ubc.ca System-on-Chip Research Group Department
More informationDRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric
DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric Mingyu Gao, Christina Delimitrou, Dimin Niu, Krishna Malladi, Hongzhong Zheng, Bob Brennan, Christos Kozyrakis ISCA June 22, 2016 FPGA-Based
More informationSoC Systeme ultra-schnell entwickeln mit Vivado und Visual System Integrator
SoC Systeme ultra-schnell entwickeln mit Vivado und Visual System Integrator FPGA Kongress München 2017 Martin Heimlicher Enclustra GmbH Agenda 2 What is Visual System Integrator? Introduction Platform
More informationCS310 Embedded Computer Systems. Maeng
1 INTRODUCTION (PART II) Maeng Three key embedded system technologies 2 Technology A manner of accomplishing a task, especially using technical processes, methods, or knowledge Three key technologies for
More informationMinimizing Thermal Variation in Heterogeneous HPC System with FPGA Nodes
Minimizing Thermal Variation in Heterogeneous HPC System with FPGA Nodes Yingyi Luo, Xiaoyang Wang, Seda Ogrenci-Memik, Gokhan Memik, Kazutomo Yoshii, Pete Beckman @ICCD 2018 Motivation FPGAs in data centers
More informationFault Injection Attacks on Emerging Non-Volatile Memories
Lab of Green and Secure Integrated Circuit Systems (LOGICS) Fault Injection Attacks on Emerging Non-Volatile Memories Mohammad Nasim Imtiaz Khan and Swaroop Ghosh School of Electrical Engineering and Computer
More informationRevolutioni W zi h Wn e hgn e n F a Mi i s liu lsir u e ro e Cri I ti s Ic N al o t V A e n ri n O fi p c ti a o ti n oo
Formal Verification Revolutionizing Mission Critical Verification When Failure Is Not An Option Formal-based Security Verification www.onespin.com March 2016 HW Security Issues More Common Than Thought
More informationField Programmable Gate Array (FPGA) Devices
Field Programmable Gate Array (FPGA) Devices 1 Contents Altera FPGAs and CPLDs CPLDs FPGAs with embedded processors ACEX FPGAs Cyclone I,II FPGAs APEX FPGAs Stratix FPGAs Stratix II,III FPGAs Xilinx FPGAs
More informationMATLAB/Simulink 기반의프로그래머블 SoC 설계및검증
MATLAB/Simulink 기반의프로그래머블 SoC 설계및검증 이웅재부장 Application Engineering Group 2014 The MathWorks, Inc. 1 Agenda Introduction ZYNQ Design Process Model-Based Design Workflow Prototyping and Verification Processor
More information! Program logic functions, interconnect using SRAM. ! Advantages: ! Re-programmable; ! dynamically reconfigurable; ! uses standard processes.
Topics! SRAM-based FPGA fabrics:! Xilinx.! Altera. SRAM-based FPGAs! Program logic functions, using SRAM.! Advantages:! Re-programmable;! dynamically reconfigurable;! uses standard processes.! isadvantages:!
More informationApache s Power Noise Simulation Technologies
Enabling Power Efficient i Designs Apache s Power Noise Simulation Technologies 1 Aveek Sarkar VP of Support Apache Design Inc, A wholly owned subsidiary of ANSYS Trends in Today s Electronic Designs Low-power
More informationSecurity in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationECE 471 Embedded Systems Lecture 2
ECE 471 Embedded Systems Lecture 2 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 7 September 2018 Announcements Reminder: The class notes are posted to the website. HW#1 will
More informationSimplify System Complexity
1 2 Simplify System Complexity With the new high-performance CompactRIO controller Arun Veeramani Senior Program Manager National Instruments NI CompactRIO The Worlds Only Software Designed Controller
More informationSecure Device Manager for Intel Stratix 10 Devices Provides FPGA and SoC Security
white paper FPGA Secure Device Manager for Intel Stratix 10 Devices Provides FPGA and SoC Security The Secure Device Manager for Intel Stratix 10 devices provides a failsafe, strongly authenticated, programmable
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationCOL862 - Low Power Computing
COL862 - Low Power Computing Power Measurements using performance counters and studying the low power computing techniques in IoT development board (PSoC 4 BLE Pioneer Kit) and Arduino Mega 2560 Submitted
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationClock Speed Optimization of Runtime Reconfigurable Systems by Signal Latency Measurement
Department of Electrical Engineering Computer Engineering Helmut Schmidt University, Hamburg University of the Federal Armed Forces of Germany Meyer, Haase, Eckert, Klauer Clock Speed Optimization of Runtime
More informationOpen Platform for Developing and Testing Smart Grid Automation Systems. Igor Alvarado National Instruments Corp.
Open Platform for Developing and Testing Smart Grid Automation Systems Igor Alvarado National Instruments Corp. Panel 1: State of the Art: Modeling, Simulation, Testing and Calibration Facilities April
More informationGreen Lights Forever: Analyzing the Security of Traffic Infrastructure
Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader
More informationECE 459/559 Secure & Trustworthy Computer Hardware Design
ECE 459/559 Secure & Trustworthy Computer Hardware Design VLSI Design Basics Garrett S. Rose Spring 2016 Recap Brief overview of VHDL Behavioral VHDL Structural VHDL Simple examples with VHDL Some VHDL
More informationEVT/WOTE 09 AUGUST 10, Ersin Öksüzoğlu Dan S. Wallach
EVT/WOTE 09 AUGUST 10, 2009 Ersin Öksüzoğlu Dan S. Wallach VoteBox Full featured DRE voting machine Paper in USENIX Security Symposium 2008 2 Pre-rendered user interface simplifies the graphics subsystem
More informationHigh-Performance Integer Factoring with Reconfigurable Devices
FPL 2010, Milan, August 31st September 2nd, 2010 High-Performance Integer Factoring with Reconfigurable Devices Ralf Zimmermann, Tim Güneysu, Christof Paar Horst Görtz Institute for IT-Security Ruhr-University
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationHEAD HardwarE Accelerated Deduplication
HEAD HardwarE Accelerated Deduplication Final Report CS710 Computing Acceleration with FPGA December 9, 2016 Insu Jang Seikwon Kim Seonyoung Lee Executive Summary A-Z development of deduplication SW version
More informationBLIND FAULT ATTACK AGAINST SPN CIPHERS FDTC 2014
BLIND FAULT ATTACK AGAINST SPN CIPHERS FDTC 2014 Roman Korkikian, Sylvain Pelissier, David Naccache September 23, 2014 IN BRIEF Substitution Permutation Networks (SPN) Fault attacks Blind fault attack
More informationSoC Systeme ultra-schnell entwickeln mit Vivado und Visual System Integrator
SoC Systeme ultra-schnell entwickeln mit Vivado und Visual System Integrator Embedded Computing Conference 2017 Matthias Frei zhaw InES Patrick Müller Enclustra GmbH 5 September 2017 Agenda Enclustra introduction
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationVLSI Design Automation. Maurizio Palesi
VLSI Design Automation 1 Outline Technology trends VLSI Design flow (an overview) 2 Outline Technology trends VLSI Design flow (an overview) 3 IC Products Processors CPU, DSP, Controllers Memory chips
More informationPhysical Implementation
CS250 VLSI Systems Design Fall 2009 John Wawrzynek, Krste Asanovic, with John Lazzaro Physical Implementation Outline Standard cell back-end place and route tools make layout mostly automatic. However,
More informationCauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds
Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds Mohammad Ahmad, Read Sprabery, Konstantin Evchenko, Abhilash Raj, Dr. Rakesh Bobba, Dr. Sibin Mohan, Dr. Roy Campbell
More informationEnergy-Efficient Cache Design Using Variable-Strength Error-Correcting Codes
Energy-Efficient Cache Design Using Variable-Strength Error-Correcting Codes Alaa R. Alameldeen Ilya Wagner Zeshan Chishti Wei Wu Chris Wilkerson Shih-Lien Lu Intel Labs Overview Large caches and memories
More informationHigh-Performance FPGA PLL Analysis with TimeQuest
High-Performance FPGA PLL Analysis with TimeQuest August 2007, ver. 1.0 Application Note 471 Introduction f Phase-locked loops (PLLs) provide robust clock management and clock synthesis capabilities for
More informationResource 2 Embedded computer and development environment
Resource 2 Embedded computer and development environment subsystem The development system is a powerful and convenient tool for embedded computing applications. As shown below, the development system consists
More informationSEE Tolerant Self-Calibrating Simple Fractional-N PLL
SEE Tolerant Self-Calibrating Simple Fractional-N PLL Robert L. Shuler, Avionic Systems Division, NASA Johnson Space Center, Houston, TX 77058 Li Chen, Department of Electrical Engineering, University
More informationVLSI Test Technology and Reliability (ET4076)
VLSI Test Technology and Reliability (ET4076) Lecture 8(2) I DDQ Current Testing (Chapter 13) Said Hamdioui Computer Engineering Lab Delft University of Technology 2009-2010 1 Learning aims Describe the
More informationEITF35: Introduction to Structured VLSI Design
EITF35: Introduction to Structured VLSI Design Part 1.1.2: Introduction (Digital VLSI Systems) Liang Liu liang.liu@eit.lth.se 1 Outline Why Digital? History & Roadmap Device Technology & Platforms System
More informationGRVI Phalanx Update: Plowing the Cloud with Thousands of RISC-V Chickens. Jan Gray
If you were plowing a field, which would you rather use: two strong oxen or 1024 chickens? Seymour Cray GRVI Phalanx Update: Plowing the Cloud with Thousands of RISC-V Chickens Jan Gray jan@fpga.org http://fpga.org
More informationThe Xilinx XC6200 chip, the software tools and the board development tools
The Xilinx XC6200 chip, the software tools and the board development tools What is an FPGA? Field Programmable Gate Array Fully programmable alternative to a customized chip Used to implement functions
More informationOutline Marquette University
COEN-4710 Computer Hardware Lecture 1 Computer Abstractions and Technology (Ch.1) Cristinel Ababei Department of Electrical and Computer Engineering Credits: Slides adapted primarily from presentations
More informationMicrocomputer System Design
Microcomputer System Design COE305 Lab. What is a Microprocessor? A microprocessor is a multipurpose, clockdriven, register-based electronic device that reads binary instructions from a storage device
More information11. SEU Mitigation in Stratix IV Devices
11. SEU Mitigation in Stratix IV Devices February 2011 SIV51011-3.2 SIV51011-3.2 This chapter describes how to use the error detection cyclical redundancy check (CRC) feature when a Stratix IV device is
More informationSection 3. System Integration
Section 3. System Integration This section includes the following chapters: Chapter 9, Configuration, Design Security, and Remote System Upgrades in the Cyclone III Device Family Chapter 10, Hot-Socketing
More informationLab 3 Sequential Logic for Synthesis. FPGA Design Flow.
Lab 3 Sequential Logic for Synthesis. FPGA Design Flow. Task 1 Part 1 Develop a VHDL description of a Debouncer specified below. The following diagram shows the interface of the Debouncer. The following
More informationZynq-7000 All Programmable SoC Product Overview
Zynq-7000 All Programmable SoC Product Overview The SW, HW and IO Programmable Platform August 2012 Copyright 2012 2009 Xilinx Introducing the Zynq -7000 All Programmable SoC Breakthrough Processing Platform
More informationSynthesizable FPGA Fabrics Targetable by the VTR CAD Tool
Synthesizable FPGA Fabrics Targetable by the VTR CAD Tool Jin Hee Kim and Jason Anderson FPL 2015 London, UK September 3, 2015 2 Motivation for Synthesizable FPGA Trend towards ASIC design flow Design
More informationThe Use of Cloud Computing Resources in an HPC Environment
The Use of Cloud Computing Resources in an HPC Environment Bill, Labate, UCLA Office of Information Technology Prakashan Korambath, UCLA Institute for Digital Research & Education Cloud computing becomes
More informationAddressable Bus Buffer Provides Capacitance Buffering, Live Insertion and Nested Addressing in 2-WireBus Systems
Addressable Bus Buffer Provides Capacitance Buffering, Live Insertion and Nested Addressing in 2-WireBus Systems by John Ziegler Introduction The reliability of data processing, data storage and communications
More informationBlind Differential Cryptanalysis for Enhanced Power Attacks
Blind Differential Cryptanalysis for Enhanced Power Attacks Bart Preneel COSIC K.U.Leuven - Belgium bart.preneel(at)esat.kuleuven.be Joint work with Helena Handschuh Concept Differential cryptanalysis
More informationDifferential Fault Analysis on the AES Key Schedule
ifferential Fault Analysis on the AES Key Schedule Junko TAKAHASHI and Toshinori FUKUNAGA NTT Information Sharing Platform Laboratories, Nippon Telegraph and Telephone Corporation, {takahashi.junko, fukunaga.toshinori}@lab.ntt.co.jp
More informationRuntime Adaptation of Application Execution under Thermal and Power Constraints in Massively Parallel Processor Arrays
Runtime Adaptation of Application Execution under Thermal and Power Constraints in Massively Parallel Processor Arrays Éricles Sousa 1, Frank Hannig 1, Jürgen Teich 1, Qingqing Chen 2, and Ulf Schlichtmann
More informationAVR XMEGA Product Line Introduction AVR XMEGA TM. Product Introduction.
AVR XMEGA TM Product Introduction 32-bit AVR UC3 AVR Flash Microcontrollers The highest performance AVR in the world 8/16-bit AVR XMEGA Peripheral Performance 8-bit megaavr The world s most successful
More informationAnalysis and Design of Clock-glitch Fault Injection within an FPGA
Analysis and Design of Clock-glitch Fault Injection within an FPGA by Masoumeh Dadjou A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master
More informationLearning Outcomes. Spiral 3 1. Digital Design Targets ASICS & FPGAS REVIEW. Hardware/Software Interfacing
3-. 3-.2 Learning Outcomes Spiral 3 Hardware/Software Interfacing I understand the PicoBlaze bus interface signals: PORT_ID, IN_PORT, OUT_PORT, WRITE_STROBE I understand how a memory map provides the agreement
More informationFault-Based Attack of RSA Authentication
Fault-Based Attack of RSA Authentication, Valeria Bertacco and Todd Austin 1 Cryptography: Applications 2 Value of Cryptography $2.1 billions 1,300 employees $1.5 billions 4,000 employees $8.7 billions
More information