How multi-fault injection. of smart cards. Marc Witteman Riscure. Session ID: RR-201 Session Classification: Advanced
|
|
- Alfred Austin
- 5 years ago
- Views:
Transcription
1 How multi-fault injection breaks Title the of Presentation security of smart cards Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced
2 Imagine you could turn your BART EZ Rider fare card into a military CAC card 2
3 Objectives Get an overview of fault injection threats Learn about countermeasures Discover the possibilities of next generation fault injection methods 3
4 Agenda Fault Injection Countermeasures Method improvements Attacks in practice Wrap-up 4
5 Fault injection 5
6 Fault Attack channels Voltage glitching Clock glitching Optical glitching 6
7 Fault attack scenarios Some example attack scenarios Verification bypass Code dump Differential Fault Analysis 7
8 Tools Tools used for fault injection Hardware for glitch control Flash bulbs and lasers Software for experiment control 8
9 Countermeasures 9
10 Countermeasures Double checking Signature verification Traps Randomization Shields and sensors 10
11 Double checking short pin_check(byte* buffer) { if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check if(array_compare(pin,buffer,4)!= 0) { auth = FALSE; // PIN not ok at second check return 0x6986; } else { // PIN ok } } else { // PIN not ok at first check } 11
12 Double checking short pin_check(byte* buffer) { if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check if(array_compare(pin,buffer,4)!= 0) { Second check detects fault auth = FALSE; // PIN not ok at second check return 0x6986; } else { // PIN ok } } else { // PIN not ok at first check } Glitch forces acceptance of false PIN 12
13 Verify signatures short sign_and_verify(byte* buffer) { sign( buffer, signature ); if (verify( buffer, signature) { auth = TRUE; // signature verification success send( signature ); } // send signature return 0x9000; } // report success else { auth = FALSE; // signature verification fail return 0x6986; } // no signature transmission 13
14 Verify signatures short sign_and_verify(byte* buffer) { sign( buffer, signature ); if (verify( buffer, signature) { Glitch corrupts signature auth = TRUE; // signature verification success send( signature ); } // send signature return 0x9000; } // report success else { auth = FALSE; // signature verification fail return 0x6986; } // no signature transmission Verify detects corrupted signature 14
15 Traps byte result = SOME_VALUE; byte resultchecksum = ~SOME_VALUE; // create checksum if ((result ^ resultchecksum)!= 0xFF) fail(); // verify checksum 15
16 Traps Glitch corrupts value byte result = SOME_VALUE; byte resultchecksum = ~SOME_VALUE; // create checksum if ((result ^ resultchecksum)!= 0xFF) fail(); // verify checksum Trap may mute or kill card 16
17 short pin_check(byte* buffer) { // get random number in range int rnd = get_random( 256 ); while (rnd > 0) rnd--; // random delay if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) { Randomization Randomness introduced by Random delays (software loop) Cycle stealing (CPU skips clock cycle) Drifting clock 17
18 short pin_check(byte* buffer) { // get random number in range int rnd = get_random( 256 ); while (rnd > 0) rnd--; // random delay if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) { Random delay stops time-based glitches Randomization Randomness introduced by Random delays (software loop) Cycle stealing (CPU skips clock cycle) Drifting clock 18
19 Shields and Sensors Shields block optical glitches Sensors detect glitches 19
20 Method improvements 20
21 Limitations of common equipment Standard signal generators lack flexibility??? Laser cutters are coarse Diode lasers are divergent and weak Process control inefficient 21
22 Flexible glitch control hardware Improvements in design Smart triggering Effective diode lasers Efficient control software 22
23 m o d e v c c / c l k / l a s e r Glitch control hardware requirements and design Multi channel Clock, VCC (supply voltage) USB Control LCD Display Optical Precise low latency Trigger in Trigger out CPU + memory Glitch generator short pulses exact timing Adaptive configure remotely diverse triggers Smart card VCC Smart card CLK Smart card RST Smart card I / O Power monitor Glitch circuit with smart card CLK VCC Switch Monitor side channel Contact smart card Laser 23
24 Glitch control hardware implementation General-purpose high speed FPGA board mounted on top of dedicated PCB with analog and digital drivers and interfaces 24
25 Smart triggering, what for? Instruction to hit Variable delays stop time based glitch triggers 25
26 Smart triggering concept Real time comparison of signal arrays Use Sum of Absolute Differences 26
27 Smart triggering result Instruction to hit Trigger moment is now fixed to device behavior 27
28 Smart triggering on noisy signals? Noise hides useful signals 28
29 Spectrum of noisy signals Spectrum reveals signals obscured by noise High frequencies include distinguishing features 29
30 Frequency conversion of noisy signals High frequencies are difficult to sample Pattern matching easiest on DC components Frequency mixing and demodulation makes high frequent features detectable 30
31 Feature recognition in noisy signals Filtering produces detectable signal 31
32 Smart triggering architecture and implementation FPGA board combined with dedicated electronics Filter out Signal in Filter in Filter Trigger in Acquisition SAD processor (2 ) Trigger out (2 ) SAD out USB Control Reference signal (2x) 32
33 Diode laser requirements Lasers must support fast switching power control multiple colors Source: Sergei Skorobogatov 33 33
34 Diode laser system requirements System requirements Camera view Motorized XY stage Optics requirements Correct beam divergence Small spot size (~1 µm) Remote controllable parameters XY position Glitch timing & amplitude 34
35 Fault Injection Software Fault injection process requirements Configurable and repeatable Automated execution and logging 35
36 Attacks in practice 36
37 Attacks in practice Backside attacks Virtual imaging Real time multi glitching 37
38 38 Backside attacks (1)
39 39 Backside attacks (2)
40 Side channel observation after fault injection Behavior shifted in time 40
41 41 Virtual imaging
42 Diode lasers can switch at high frequency Multi glitch timing 42
43 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; Find end with smart triggering if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check 43
44 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; Glitch condition if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check 44
45 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check Find begin with smart triggering and force power down 45
46 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; Glitch condition if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check 46
47 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; Find end with smart triggering if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check 47
48 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; Glitch condition if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check 48
49 Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4)!= 0) suicide(); else { } // PIN ok } else { } // PIN not ok at first check Find begin with smart triggering and force power down 49
50 Real time multi glitch user experience 50
51 Wrap-up 51
52 Multi glitch practical limitations Evaluation of many parameters is time consuming (timing, amplitude, xy position, etc) Sensors and traps slow down analysis careful tuning of equipment needed Navigation without design is cumbersome crypto core is needle in hay-stack 52
53 So can I turn my BART card into a CAC card? No, for dictating instructions and operands, you would need multiple controlled beams (32) But, an attacker wouldn t even want that: just shake out the keys and clone a victim Impact 53
54 Analysis & Mitigation How do I know if my smart card is vulnerable? Risk analysis Source code review Security testing How can I protect my smart cards? Use newest and certified chips Harden your code (OS & application) 54
55 Future research Automation Can we further automate the analysis and reduce user intervention? Can we reverse engineer code by analyzing fault impact? Multi beam attacks Can we by-pass multiple defenses if separate laser beams are used? Can we push specific values on a data bus? 55
56 Summary and conclusion Fault injection is most significant threat for smart cards Diode laser systems generate fast and precise pulses that modify CPU instructions Sophisticated new fault injection equipment defeats countermeasures Best defense by mix of strong hardware and software countermeasures 56
57 Questions & Discussion Marc Witteman Chief Technology Officer Riscure B.V. Frontier Building Delftechpark XJ Delft The Netherlands Phone: +31 (0) Thank you 57 57
Practical DFA on AES. Marc Witteman CTO June 13, 2013
Practical DFA on AES Marc Witteman CTO June 13, 2013 DFA on AES, how hard is that? 2003 Gilles Piret and Jean-Jacques Quisquater 2 faults 2013 Christophe Giraud and Adrian Thillard 1 fault 2013 Riscure
More informationWhen Hardware Attacks. Marc Witteman
When Hardware Attacks scale Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance Remote software protocol key brute force Fast relay attack mitm side channel Slow Hardware
More informationSpider. Quick Start Guide. What is in the box What does it do How to build a setup Verification of working... 8
Spider Quick Start Guide What is in the box... 3 What does it do... 5 How to build a setup... 6 Verification of working... 8 Help and troubleshooting... 9 Technical specifications... 11 Declaration of
More informationOptical Fault Masking Attacks. Sergei Skorobogatov
Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Memory modification attacks were actively used in mid 90s to circumvent the security in microcontrollers In old chips
More informationControlled Fault Injection: Wishful Thinking, Thoughtful Engineering,
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering, or just LUCK? FDTC 2017 Panelists: Ilia Polian, Marc Joye, Ingrid Verbauwhede Marc Witteman, Johann Heyszl The Fault Attack Process
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationHow To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201
How To Secure Electronic Passports Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201 Other personal info on chip Other less common data fields that may be in your passport Custody
More informationSecure Smartcard Design against Laser Fault Injection. FDTC 2007, September 10 th Odile DEROUET
Secure Smartcard Design against Laser Fault Injection FDTC 2007, September 10 th Odile DEROUET Agenda Fault Attacks on Smartcard Laser Fault Injection Our experiment Background on secure hardware design
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationSecure boot under attack: Simulation to enhance fault injection & defenses
Secure boot under attack: Simulation to enhance fault injection & defenses Martijn Bogaard Senior Security Analyst martijn@riscure.com / @jmartijnb Niek Timmers Principal Security Analyst niek@riscure.com
More informationToken Bit Manager for the CMS Pixel Readout
Token Bit Manager for the CMS Pixel Readout Edward Bartz Rutgers University Pixel 2002 International Workshop September 9, 2002 slide 1 TBM Overview Orchestrate the Readout of Several Pixel Chips on a
More informationDPSS Laser. Quick Start Guide. What is in the box What does it do? How to build a setup Installation of required drivers...
DPSS Laser Quick Start Guide What is in the box... 3 What does it do?... 5 How to build a setup... 6 Installation of required drivers... 12 Safety instructions... 15 How to operate the laser... 16 Installation
More informationSystem-level threats: Dangerous assumptions in modern Product Security. Cristofaro
System-level threats: Dangerous assumptions in modern Product Security Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid Me Cristofaro Mune (@pulsoid) - Product Security Consultant/Researcher - Keywords:
More informationDPSS Laser. Quick Start Guide. What is in the box Safety instructions What does it do? Build the hardware setup...
DPSS Laser Quick Start Guide What is in the box... 4 Safety instructions... 8 What does it do?... 9 Build the hardware setup... 10 Windows driver installation... 28 Prepare the DPSS laser for Inspector
More informationTitan silicon root of trust for Google Cloud
Scott Johnson Dominic Rizzo Secure Enclaves Workshop 8/29/2018 Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a silicon root of trust Software infrastructure Datacenter equipment
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationBus & Signal Processing
Prototyping Electronic Devices Class 12 Bus & Signal Processing Deqing Sun, Peiqi Su ITP, Fall, 2018 What is bus 2 Differences between Bus and Cab? 3 Differences between Bus and Cab Bus is capable to carry
More informationFault Attacks on Embedded Software: Threats, Design, and Mitigation
Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationTamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn
Tamper Resistance - a Cautionary Note Ross Anderson University of Cambridge Computer Laboratory Markus Kuhn University of Erlangen/ Purdue University Applications of Tamper Resistant Modules Security of
More informationEscalating Privileges in Linux using Fault Injection. September 25, 2017
Escalating Privileges in Linux using Fault Injection Niek Timmers timmers@riscure.com (@tieknimmers) Cristofaro Mune c.mune@pulse-sec.com (@pulsoid) September 25, 2017 Fault Injection A definition... Introducing
More informationPCI-FPGA-1B User Guide
PCI-FPGA-1B User Guide Rev 1.0 (Nov. 2012) Port City Instruments, LLC 8209 Market Street, Suite A271 Wilmington, NC 28411 (Tel) 866-456-2488 (Web) www.portcityinstruments.com Copyright 2012 Port City Instruments,
More informationCSCI 4974 / 6974 Hardware Reverse Engineering. Lecture 12: Non-invasive attacks
CSCI 4974 / 6974 Hardware Reverse Engineering Lecture 12: Non-invasive attacks Memory technologies Quiz Attack types Non-invasive Any attack which does not damage the package Non-invasive attacks Program/debug
More informationChapter 5 - Input / Output
Chapter 5 - Input / Output Luis Tarrataca luis.tarrataca@gmail.com CEFET-RJ L. Tarrataca Chapter 5 - Input / Output 1 / 90 1 Motivation 2 Principle of I/O Hardware I/O Devices Device Controllers Memory-Mapped
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationCrossLink Hardware Checklist Technical Note
FPGA-TN-02013 Version 1.1 August 2017 Contents Acronyms in This Document... 3 Introduction... 4 Power Supplies... 5 CrossLink MIPI D-PHY and PLL Power Supplies... 5 Power Estimation... 6 Configuration
More informationSEE Tolerant Self-Calibrating Simple Fractional-N PLL
SEE Tolerant Self-Calibrating Simple Fractional-N PLL Robert L. Shuler, Avionic Systems Division, NASA Johnson Space Center, Houston, TX 77058 Li Chen, Department of Electrical Engineering, University
More informationThe Cubesat Internal bus: The I2C
The Cubesat Internal bus: The I2C Description: The purpose of this document is to describe the internal bus on the Cubesat. The internal bus has been chosen to be the I2C bus Interconnected Integrated
More informationFreescale and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their
S08 Highlighted Features Why Do I Need a Slave LIN Interface Controller (SLIC)? Design Challenges Slave synchronization Slave synchronizing to LIN messaging requires a cost versus resource trade-off. Your
More informationTutorial for I 2 C Serial Protocol
Tutorial for I 2 C Serial Protocol (original document written by Jon Valdez, Jared Becker at Texas Instruments) The I 2 C bus is a very popular and powerful bus used for communication between a master
More informationAIO LN-USB. Features. N Series for USB Multifunction DAQ Unit (8ch AI, 2ch AO, 16ch DIO) AIO LN-USB 1. Ver.1.01
N Series for USB Multifunction DAQ Unit (8ch AI, 2ch AO, 16ch DIO) AIO-120802LN-USB This product is a USB2.0-compliant analog I/O unit that extends the analog I/O function of USB port of PCs. Compact design
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More information1. Background. 2. Demand Paging
COSC4740-01 Operating Systems Design, Fall 2001, Byunggu Yu Chapter 10 Virtual Memory 1. Background PROBLEM: The entire process must be loaded into the memory to execute limits the size of a process (it
More informationAutomating the Rework Process: Technology Advancement Replaces Manual Method
Automating the Rework Process: Technology Advancement Replaces Manual Method Bert Kelley, Technical Specialist Orbotech, Inc. Billerica, MA Abstract Automated Optical Rework (AOR) is a new method of reworking
More informationDimensions. Model Number. Electrical connection. Features. Pinout. Product information. Indicators/operating means OMT300-R201-IEP-IO-V1
Dimensions. 9.9 6 Model Number 6.7 Ref. 6. 5. 5.8 7 7.7.6 ø. 9 50 78.5 Receiver Emitter M x..7 sensor with -pin, M x connector Electrical connection Features Medium design with versatile mounting options
More informationFault Injection Attacks and Countermeasures
Fault Injection Attacks and Countermeasures Brněnské bezpečnostní setkávání, FEKT VUT Brno Jakub Breier 28 March 2018 Physical Analysis and Cryptographic Engineering Nanyang Technological University Singapore
More informationYM24PAH2ABF. Contrast Sensor. LASER Technical Data. Photoelectronic Sensors. Part Number
Contrast Sensor YM24PAH2ABF Part Number High switching frequency Small light spot Time delay can be activated LASER Technical Data Optical Data Range 150 mm Adjustable Range 60...150 mm Switching Hysteresis
More informationeaymanelshenawy.wordpress.com
Lectures on Memory Interface Designed and Presented by Dr. Ayman Elshenawy Elsefy Dept. of Systems & Computer Eng.. Al-Azhar University Email : eaymanelshenawy@yahoo.com eaymanelshenawy.wordpress.com Chapter
More informationLow-Cost Traffic Analysis of Tor
Low-Cost Traffic Analysis of Tor Steven J. Murdoch, George Danezis University of Cambridge, Computer Laboratory Review of Tor Support anonymous transport of TCP streams over the Internet Support anonymous
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationPharmacy college.. Assist.Prof. Dr. Abdullah A. Abdullah
The kinds of memory:- 1. RAM(Random Access Memory):- The main memory in the computer, it s the location where data and programs are stored (temporally). RAM is volatile means that the data is only there
More informationSignal Connections CHAPTER
2 CHAPTER 3 Signal Connections This chapter provides useful information on how to connect input and output signals to the USB-4704 via the I/O connectors. Sections include: Overview I/O Connectors Analog
More informationEvilsploit A Universal Hardware Hacking Toolkit. By, Chui Yew Leong, Wan Ming Ming
Evilsploit A Universal Hardware Hacking Toolkit By, Chui Yew Leong, Wan Ming Ming Introduction In general, hardware hacking is about to understand the inner working mechanism of hardware and defeat its
More informationBreaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A statistical
More informationFeatures: Analog to Digital: 12 bit resolution TTL outputs, RS-232 tolerant inputs 4.096V reference (1mV/count) 115K max speed
The Multi-I/O expansion board gives users the ability to add analog inputs and outputs, UART capability (for GPS or modem) and isolated high current outputs to the Flashlite 386Ex. Available in several
More informationArchitecture of Computers and Parallel Systems Part 6: Microcomputers
Architecture of Computers and Parallel Systems Part 6: Microcomputers Ing. Petr Olivka petr.olivka@vsb.cz Department of Computer Science FEI VSB-TUO Architecture of Computers and Parallel Systems Part
More informationProASIC PLUS SSO and Pin Placement Guidelines
Application Note AC264 ProASIC PLUS SSO and Pin Placement Guidelines Table of Contents Introduction................................................ 1 SSO Data.................................................
More informationBoard Mounted. Power Converters. Digitally Controlled. Technical Paper 011 Presented at Digital Power Europe 2007
Digitally Controlled Board Mounted Power Converters Technical Paper 011 Presented at Digital Power Europe 2007 This paper addresses hardware designers of Information and Communication Technology equipment,
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationFault-based Cryptanalysis on Block Ciphers
LIRMM / university of Montpellier COSADE 2017, Thursday April 13 2017, Paris, France 1/ 62 Outline 1 2 Fault Model Safe Error Attack DFA Statistical Fault Attack 3 Analog Level Digital Level Application
More information6-1-6 Types of Errors
6-1-6 Types of Errors The type of that has occurred can be identified by checking the indicators on the front of the CPU Unit and the Power Supply Unit, or by using the CX-Programmer to check the status.
More informationElectromagnetic Transient Fault Injection on AES
Electromagnetic Transient Fault Injection on AES Amine DEHBAOUI ¹, Jean-Max DUTERTRE ², Bruno ROBISSON ¹, Assia TRIA ¹ Fault Diagnosis and Tolerance in Cryptography Leuven, Belgium Sunday, September 9,
More informationWhat s new in Inspector SCA & FI software update May 2017
What s new in Inspector 4.12 SCA & FI software update May 2017 Contents Page 3 What s new in 4.12? Inspector Generic Windows 10 & Java 8 Save Log & Out windows Lecroy 8000 series Improvements and fixes
More informationRT209 OEM Scan Engine. RT209 Integration Guide. Integration Guide
RT209 OEM Scan Engine Integration Guide Table of Contents Chapter 1 Introduction... 1 Overview... 1 Aimer... 1 Illumination... 1 Chapter 2 Installation... 2 General Requirements... 2 ESD... 2 Dust and
More informationAS Channels Capacitive Touch Sensor IC From Santa Clara, United States of America
ASI Competitor Equivalent A Competitor Equivalent B Volts Leading Performance: ESD HBM >8k Volts (Directly Applied to All IC Pins) Operating Temperature up to >+95 0 C Features Overview Analog and Digital
More informationFault-Based Attack of RSA Authentication
Fault-Based Attack of RSA Authentication, Valeria Bertacco and Todd Austin 1 Cryptography: Applications 2 Value of Cryptography $2.1 billions 1,300 employees $1.5 billions 4,000 employees $8.7 billions
More informationMM23SC8128RM Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor
Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor 08 September 2009 This document is property of My-MS and My-MS has the right to make any changes to the contents
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationEMBED2000+ Data Sheet
EMBED2000+ Data Sheet Description The Ocean Optics EMBED2000+ Spectrometer includes the linear CCD-array optical bench, plus all the circuits necessary to operate the array and convert to a digital signal.
More informationHacking challenge: steal a car!
Hacking challenge: steal a car! Your "local partner in crime" Sławomir Jasek IT security expert since 2005, and still loves this job Agenda BLE vs security How to hack the car New tool Vulnerabilities
More informationAdvanced Systems Security: Program Diversity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationUSING LOW COST, NON-VOLATILE PLDs IN SYSTEM APPLICATIONS
USING LOW COST, NON-VOLATILE PLDs IN SYSTEM APPLICATIONS November 2010 Lattice Semiconductor 5555 Northeast Moore Ct. Hillsboro, Oregon 97124 USA Telephone: (503) 268-8000 www.latticesemi.com 1 Using Low
More information11. SEU Mitigation in Stratix IV Devices
11. SEU Mitigation in Stratix IV Devices February 2011 SIV51011-3.2 SIV51011-3.2 This chapter describes how to use the error detection cyclical redundancy check (CRC) feature when a Stratix IV device is
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationSIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
More informationLowering the Bar: Deep Learning for Side Channel Analysis. Guilherme Perin, Baris Ege, Jasper van December 4, 2018
Lowering the Bar: Deep Learning for Side Channel Analysis Guilherme Perin, Baris Ege, Jasper van Woudenberg @jzvw December 4, 2018 1 Before Signal processing Leakage modeling 2 After 3 Helping security
More informationOverview of Microcontroller and Embedded Systems
UNIT-III Overview of Microcontroller and Embedded Systems Embedded Hardware and Various Building Blocks: The basic hardware components of an embedded system shown in a block diagram in below figure. These
More informationSmart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,
More informationAN-1025 APPLICATION NOTE
APPLICATION NOTE One Technology Way PO Box 9106 Norwood, MA 02062-9106, USA Tel: 7813294700 Fax: 7814613113 wwwanalogcom Utilization of the First In, First Out (FIFO) Buffer in Analog Devices, Inc Digital
More informationInline Reference Monitoring Techniques
Inline Reference Monitoring Techniques In the last lecture, we started talking about Inline Reference Monitors. The idea is that the policy enforcement code runs with the same address space as the code
More informationInput/Output Problems. External Devices. Input/Output Module. I/O Steps. I/O Module Function Computer Architecture
168 420 Computer Architecture Chapter 6 Input/Output Input/Output Problems Wide variety of peripherals Delivering different amounts of data At different speeds In different formats All slower than CPU
More informationBE/EE189 Design and Construction of Biodevices Lecture 5. BE/EE189 Design and Construction of Biodevices - Caltech
BE/EE189 Design and Construction of Biodevices Lecture 5 LabVIEW Programming Data acquisition DAQ system Signals and signal conditioning Nyquist frequency NI ELVIS II NI-DAQmx and DAQ assistant LabVIEW
More informationV850ES/SG3, V850ES/SJ3
APPLICATION NOTE V850ES/SG3, V850ES/SJ3 V850ES/SG3, V850ES/SJ3 Microcontrollers R01AN0930EJ0200 Rev.2.00 Introduction This application note is intended for users who understand the functions of the V850ES/SG3
More informationCHAPTER 1 Introduction of the tnano Board CHAPTER 2 tnano Board Architecture CHAPTER 3 Using the tnano Board... 8
CONTENTS CHAPTER 1 Introduction of the tnano Board... 2 1.1 Features...2 1.2 About the KIT...4 1.3 Getting Help...4 CHAPTER 2 tnano Board Architecture... 5 2.1 Layout and Components...5 2.2 Block Diagram
More informationPractical Shielding, EMC/EMI, Noise Reduction, Earthing and Circuit Board Layout
Practical Shielding, EMC/EMI, Noise Reduction, Earthing and Circuit Board Layout Contents 1 Introduction 1 1.1 Introduction 1 1.2 EMI vs EMC 3 1.3 Interference sources 3 1.4 Need for standards 5 1.5 EMC
More informationA PRACTICAL APPROACH TO POWER TRACE MEASUREMENT FOR DIFFERENTIAL POWER ANALYSIS BASED ATTACKS
Bulletin of the Transilvania University of Braşov Series I: Engineering Sciences Vol. 6 (55) No. 2-2013 A PRACTICAL APPROACH TO POWER TRACE MEASUREMENT FOR DIFFERENTIAL POWER ANALYSIS BASED ATTACKS C.L.
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationADI12-8(USB)GY. Features. Packing List. F&eIt Series Isolated Analog Input Module for USB ADI12-8(USB)GY 1. Ver.1.02
F&eIt Series Isolated Analog Input Module for USB ADI128(USB)GY This product is a USB2.0 compatible terminal module that extends the analog input function of USB port of PCs. This product features 8ch
More informationEC 6504 MICROPROCESSOR AND MICROCONTROLLER
DEPARTMENTOFELECTRONICS&COMMUNICATIONENGINEERING EC 6504 MICROPROCESSOR AND MICROCONTROLLER UNIT I THE 8086 MICROPROCESSOR PARTA 1. What is microprocessor? What is the difference between a MP and CPU?
More informationSoC, why should we care about Fault Injection Attacks?
SoC, why should we care about Fault Injection Attacks? Guillaume BOUFFARD (guillaume.bouffard@ssi.gouv.fr) David EL-BAZE (david.elbaze@ssi.gouv.fr) with the help of Thomas TROUCHKINE Agence nationale de
More informationQuality inspection systems for pharmaceutical packing process
Quality inspection systems for pharmaceutical packing process PHARMACEUTICAL PACKAGING APLICATIONS Brand protection and consumer safety continue to rise in importance. With ViShark inspection system, you
More informationClock and Fuses. Prof. Prabhat Ranjan Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar
Clock and Fuses Prof. Prabhat Ranjan Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar Reference WHY YOU NEED A CLOCK SOURCE - COLIN O FLYNN avrfreaks.net http://en.wikibooks.org/wiki/atmel_avr
More informationMicroprocessor Architecture
Microprocessor - 8085 Architecture 8085 is pronounced as "eighty-eighty-five" microprocessor. It is an 8-bit microprocessor designed by Intel in 1977 using NMOS technology. It has the following configuration
More informationPower Analysis of Atmel CryptoMemory Recovering Keys from Secure EEPROMs
Power Analysis of Atmel CryptoMemory Recovering Keys from Secure EEPROMs Josep Balasch 1, Benedikt Gierlichs 1, Roel Verdult 2, Lejla Batina 1,2, and Ingrid Verbauwhede 1 1 ESAT/COSIC, KU Leuven 2 ICIS/Digital
More informationEmbedded Systems and Software
Embedded Systems and Software Lecture 12 Some Hardware Considerations Hardware Considerations Slide 1 Logic States Digital signals may be in one of three states State 1: High, or 1. Using positive logic
More informationSafety Security. A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Safety Security A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers Nils Wiersma, Ramiro Pareja Riscure Security Lab {wiersma, pareja} @ riscure.com
More informationAn introduction to Digital Signal Processors (DSP) Using the C55xx family
An introduction to Digital Signal Processors (DSP) Using the C55xx family Group status (~2 minutes each) 5 groups stand up What processor(s) you are using Wireless? If so, what technologies/chips are you
More informationAttacking smartcards. Erik Poll. Digital Security
Attacking smartcards Erik Poll Digital Security Smartcard security Smartcards are not 100% secure ongoing arms race of attacks & countermeasures Ten year old cards may be easily broken today Crucial question:
More informationUSB1. Encoder Data Acquisition USB Device Page 1 of 6. Description. Features
Description USB1 Page 1 of 6 The USB1 is no longer available for purchase, and has been replaced by our recently released USB4. The USB4 is a redesigned, enhanced version of the USB1, and is already available
More informationAT90SDC10X Summary Datasheet
AT90SDC10X Summary Datasheet Features General twincore Secure Dual Core Architecture - 135 Powerful s (Most Executed in a Single Clock Cycle) Total isolation between Master & Secure Cores Secure Inter-Core
More informationAXE033 SERIAL/I2C LCD & CLOCK
AXE033 SERIAL/I2C LCD & CLOCK The serial LCD and clock module allows microcontroller systems (e.g. PICAXE) to visually output user instructions or readings, without the need for a computer. This is especially
More informationUnit 2 : Computer and Operating System Structure
Unit 2 : Computer and Operating System Structure Lesson 1 : Interrupts and I/O Structure 1.1. Learning Objectives On completion of this lesson you will know : what interrupt is the causes of occurring
More informationCHAPTER 5 : Introduction to Intel 8085 Microprocessor Hardware BENG 2223 MICROPROCESSOR TECHNOLOGY
CHAPTER 5 : Introduction to Intel 8085 Hardware BENG 2223 MICROPROCESSOR TECHNOLOGY The 8085A(commonly known as the 8085) : Was first introduced in March 1976 is an 8-bit microprocessor with 16-bit address
More informationBLM and BWS installation examples
BLM and BWS installation examples Front Back LHC BLM system: 4 crates connected through P2 connector (with the combiner card) for HV control, crate interconnections, beam permit and beam energy distribution.
More informationLV8726TAGEVK Evaluation Kit User Guide
LV8726TAGEVK Evaluation Kit User Guide 06/17/15 1 www.onsemi.com NOTICE TO CUSTOMERS The LV8726TA Evaluation Kit v0 is intended to be used for ENGINEERING DEVELOPMENT, DEMONSTRATION OR EVALUATION PURPOSES
More informationDRTS 64. The new generation of advanced test equipment for Relays, Energy meters, Transducers and Power quality meters.
The new generation of advanced test equipment for Relays, Energy meters, Transducers and Power quality meters Testing all relay technologies: electromechanical, solid state, numerical and IEC61850 Manual
More informationPAC7311 VGA PC Camera Single-Chip
General Description The is a single chip with an embedded VGA CMOS image sensor and USB 1.1 interface. It has JPEG image compression and image processing. The generic application is a PC camera. JPEG decoder
More information