An on-chip glitchy-clock generator and its application to safe-error attack
|
|
- Julius Black
- 6 years ago
- Views:
Transcription
1 An on-chip glitchy-clock generator and its application to safe-error attack Sho Endo, Takeshi Sugawara, Naofumi Homma, Takafumi Aoki and Akashi Satoh Graduate School of Information Sciences, Tohoku University , Aramaki Aza Aoba, Aoba-ku, Sendai-shi , Japan National Institute of Advanced Industrial Science and Technology Sotokanda, Chiyoda-ku, Tokyo, Japan Abstract. This paper presents a glitchy-clock generator integrated in FPGA for evaluating fault injection attacks and their countermeasures on cryptographic modules. The proposed generator employs the functional block of clock management widely included in modern FPGAs and outputs a clock signal including a glitchy-clock cycle timely. The shape and timing of the glitchy-clock cycle are controlled accurately by the parameter setting. We can implement the proposed generator on a single FPGA board without using any external equipment such as a pulse generator and a variable power supply. Such integration makes it easier to generate reproducible glitchy-clock signals that can be verified by third parties. In this paper, we examine the characteristics of the proposed generator implemented on Side-channel Attack Standard Evaluation Board (SASEBO). The result shows that the glitches can be injected timely to any clock cycle in increments of about 0.17 ns. We also demonstrate its application to the safe-error attack against RSA processor. 1 Introduction Fault injection attacks are attracting much attention in the field of cryptographic hardware and embedded systems. The attackers first inject faults to cryptographic operations and obtain a faulty ciphertext, and then estimate a secret key from several faulty ciphertexts. After the first publication focusing on publickey cryptosystems [1], the fault injection attacks are extended to symmetric-key cryptosystems [2]. Since then, many variations of fault attacks and countermeasures have been presented and newer ones are still being proposed [3][4][5]. With the advance of such attacks and countermeasures, fault injection techniques have also been investigated in order to evaluate the possibility of the attacks and countermeasures. We have two types of fault models that can be used in the attacks: permanent and transient faults. A permanent fault to damage either data or sequencer in memory is very powerful, but inducing permanent faults is generally difficult. A transient fault is a temporal fault that can be recovered after the reset or end of operation, and thus it can happen more easily. 175
2 Cryptographic circuit (RSA) Controller VirtexII-Pro XC2VP7 Bus I/F Glitchy clock 16-bit Bus Glitchy-clock generator Bus I/F FIFO VirtexII-Pro XC2VP30 USB I/F SASEBO-G X'tal (24MHz) USB PC Fig. 1. Proposed fault injection system on SASEBO-G. For both fault models, various injection techniques were reported using glitches on power and clock signals, lower voltage, higher frequency, laser shots, light illumination on the surface of a depackaged chip, and so on [6] [7]. Among them, a transient fault caused by a glitchy clock (i.e. a clock signal with a glitch) is one of the possible faults due to the non-invasiveness and controllability. This paper presents a glitchy-clock generator integrated on FPGA. In [8], an experimental environment supplying such glitchy-clock signals was reported. The reported environment employs two clock sources having the same frequency but with different phases, and selects one of the two sources depending on the operation timing. A glitched-clock cycle occurs when one clock source is switched to the other one. The clock signals are generated by an external pulse generator. The ideas of the proposed generator are to integrate the environment into a single FPGA without an external pulse generator and to add an further functionality which controls the shape and timing of the glitchy-clock signal in a synchronized manner by parameters via a control PC. For this purpose, we employ the functional block of clock management widely included in modern FPGAs. It is interesting to note that the proposed generator is implemented in an FPGA on Side-channel Attack Standard Evaluation Board (SASEBO) [9]. From the standardization viewpoint, such on-chip fault generator can provide a uniform evaluation environment for fault injection attacks and their countermeasures since it allows us to generate reproducible glitchy-clock signals if the same FPGA is used. In this paper, we evaluate the basic characteristics of the proposed generator implemented on SASEBO. The result shows that the glitch signal can be injected timely for any clock cycle (i.e. tick) in increments of about 0.17 ns. This paper also demonstrates the effectiveness of the proposed generator through the safe-error attack against RSA hardware implemented in the other FPGA on SASEBO. We observe the success of the glitch injection from the difference between correct and faulty power traces. 2 On-chip glitchy-clock generator Figure 1 shows a block diagram of the proposed fault injection system implemented on Side-channel Attack Standard Evaluation Board with two Xilinx 176
3 Phase feedback Shifted clock E C Phase detector Delay line DLL (DLL) Counter M D max UX A F DLL B Glitch generator θ B θ C Phase shifts (a) Block diagram. Clock signal Phase shift Position of glitchy cycle Clock signal A B C D E F Switch from A to B Phase difference Switch from B to A Glitch width Glitch delay (b) Timing chart. Fig. 2. Glitch generator. FPGAs (SASEBO-G). The proposed generator is implemented in one FPGA (VirtexII-Pro XC2VP30), while the target cryptographic module is implemented in software or hardware on the other FPGA (VirtexII-Pro XC2VP7). The generator supplies a clock signal constantly and switches a normal clock cycle with a glitchy-clock cycle according to designated timing. The generation operation is synchronized with a BUS I/F, a FIFO, and an USB I/F. The BUS I/F receives output data (i.e. ciphertexts) from cryptographic modules via 16-bit bus. The FIFO provides the information about the shape and timing of glitchy-clock cycle to the generator. The USB I/F communicates with a host computer through the USB cable. The proposed system has the following functions: Induce a glitchy-clock cycle (i.e. a clock tick with a glitch) into any position of the clock signal. Change the delay and width of the glitch within one clock cycle. Provide a timing of target operation to acquire power/electromagnetic traces in a synchronized manner by an internal clock-counter. Figure 2(a) shows a block diagram of the glitch generator consisting of two Delay Locked Loop (DLL) circuits and a counter, where the DLL circuits are implemented by Digital Clock Managers (DCMs) for Xilinx FPGAs. (Note here that we can use alternative DLL circuits in the case of other FPGAs (e.g. PLL for Altera FPGAs). The DCMs control the delay of clock signals by the phaseshift parameter. The counter is incremented until the position of the glitchyclock cycle. Figure 2(b) illustrates a timing chart of the generator. The signal A indicates a clock signal given by an on-board clock component, the signals B and C are clock signals delayed by DCMs, the signal D is an output of the counter, the signal E is a signal activated by the timing of C and the maximum counter value, and the signal F is a resulting output. Note that the delay of B is set to be larger than that of C. The generator usually outputs the clock signal 177
4 (a) 3.3V (b) 1.65V T d T w V t T d : Glitch delay T w : Glitch width (c) Time [ns] Fig. 3. Image of glitchyclock cycle. Fig. 4. Examples of glitchy-clock signals. Voltage [V] 3 2 T d min.t w max. T w Time [ns] Time [ns] Voltage [V] mean = 0.17 ns std.dev. = ns (a) Waveforms. (b) Magnified view. Fig. 5. Waveforms of glitchy-clock cycles for different glitch widths. A, but it switches it to the signal B at the positive edges of the signal C, and then switches it back at the negative edge. Figure 3 shows the image of the glitchy-clock cycle, where T d is the glitch delay and T w is the glitch width. The glitch delay is determined by the time period between the positive edges of A and C. The glitch width is determined by the time period between the positive edges of C and B. Both the time periods are controlled by the phase-shift parameters to DCMs. The interval of the two positive edges is determined when the above time periods are selected. We can change these parameters on-line from the connected PC. We examine the basic characteristics of the proposed glitch generator implemented in FPGA on SASEBO-G. Figure 4 illustrates the examples of generated clock signals with glitchy-clock cycles, where (a), (b), and (c) are the clock signals with glitches at the 1st, 2nd, and 3rd clock cycles, respectively. A glitchy-clock cycle can be induced into any position of the clock signal depending on the maximum counter value. Figure 5(a) shows the waveforms of glitchy-clock cycles for different glitch widths from 0.7 to 13.7 ns, where the glitch delay is 4.2 ns. Figure 5(b) shows a magnified view of the 2nd positive edges in the clock cycle. 178
5 The result indicates that we can tune the glitch width precisely in increments of about 0.17 ns. More precisely, the increment size follows the normal distribution N(µ, σ 2 ) = N(0.17, ), which corresponds to the minimum amount of phase shift in DCM. 3 Application to safe-error attack on RSA 3.1 Safe-error attack Safe-error attack [10] is a fault injection attack on a classical modular exponentiation algorithm called the squaring-and-multiply always method [11]. It inserts dummy multiplications for the left-to-right binary method [12]. The dummy multiplication is processed for the zero bits of the exponent in order to perform both squaring and multiplication for each bit. This algorithm prevents an attacker from finding the specific pattern of multiplication and squaring operations depending on the secret exponent. On the other hand, the typical countermeasure is vulnerable to the safe-error attack, which induces a carefully timed fault during the multiplication process. If the returned result is correct, an attacker can find that the multiplication is a dummy and the secret key bit is zero since the result of the dummy multiplication is never used in the following process. 3.2 Parameter setting An RSA processor with high-radix Montgomery multiplication [13] is used in this experiment. The datapath includes a multiplication block, which repeats the multiply-additions in accordance with the bit pattern of the 512-bit key value to perform modular exponentiation. The 32-bit datapath performs multiplyadditions using the 32-bit operands stored in the registers. Each multiplication or squaring takes 578 cycles. The appropriate glitch width was examined according to the above architecture. The error rate is measured for different glitch widths from 1.1 to 8.6 ns, where the glitch delay is 4.9 ns, and 100 fault injection tests are performed for each glitch width. As a result, we obtained the error rate of 1.0 (i.e., 100 % error) from 1.6 to 8.6 ns. The shorter width did not succeed in generating the significant voltage drop before the 2nd positive edge arose. The wider width did not disturb any operation due to the operation margin. In the following experiment, we employed the glitch width of 4.8 ns in order to inject faults with high probability. 3.3 Experiment Figure 6 shows the experimental setup consisting of a SASEBO-G, an oscilloscope, and a PC. The oscilloscope is used to acquire power traces. In this experiment, we observe the success of safe-error attack from difference between two power traces, which one is the original trace with no fault and the other is 179
6 COSADE Second International Workshop on Constructive Side-Channel Analysis and Secure Design (a) SASEBO board. (b) Overview. Fig. 6. Experimental setup. the faulty trace. If a fault-injected (multiplication) operation is a dummy, the following operations do not change with the fault injection. As a result, we can check whether the fault-injected operation is dummy or not by the difference trace after the operation. Figure 7 shows a measured power trace obtained from the RSA processor, where S, M, and DM indicate the squaring, multiplication and dummy multiplication operations, respectively. We injected faults to the first four multiplication operations indicated in Fig. 8. Note that only the third operation is a dummy multiplication. The result is extremely clean, producing a greatly reduced difference signal when the following operations are the same. The amplitude of the differential trace following the fault-injected operation in Fig. 8(c) remains close to zero. It is deduced that the target operation is dummy, and the 3rd key bit is identified as 0. In contrast, the differential traces in Figs. 8 (a), (b) and (d) indicates that the original and faulty traces do not match. This means that the target operations are real multiplication operations, and the 1st, 2nd and 4th key bits are revealed to be 1. As a result, we can obtain the first four key bits E = (1101)2 from the safe-error attack. 4 Conclusion This paper presented an on-chip glitchy-clock generator for evaluating fault injection attacks and their related countermeasures. The proposed generator can be implemented in an FPGA on SASEBO without using any external equipment, and thus is suitable for the development of a reproducible evaluation environment. The result shows that the glitches can be injected timely to any clock cycle in increments of about 0.17 ns. In this paper, we also demonstrated its application to the safe-error attack against RSA processor. We confirmed that 180
7 Voltage [mv] Positions of injected glitchy-clock cycles (a) (b) (c) (d) Time [μs] Fig. 7. Power trace of RSA processor. S M S M S DM S M S M (a) (b) M (c) DM (d) Time [μs] M Fig. 8. Differential power traces. the secret key bits were successfully obtained by faults provided by the proposed generator. Further experiments are being conducted to apply it to sophisticated fault attacks. References 1. D. Boneh, R. Demillio, and R. Liotin, On the importance of checking cryptographic protocols for fault, EUROCRYPT 1997, Lecture Notes in Computer Science, vol. 1233, pp , May
8 2. E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, CRYPTO 1997, vol. 1294, pp , Aug R. Anderson and M. Kuhn, Low cost attacks on tamper resistant devices, Security Protocols: 5th Int. Workshop, Lecture Notes in Computer Science, vol. 1361, pp , Aug H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan, The sorcerer s apprentice guide to fault attack, IACR eprint archive, vol. Report 2004/100, pp. 1 13, May G. Giraud and H. Thiebeauld, A survey on fault attacks, CARDIS 2004, pp , Aug C. H. Kim and J.-J. Quisquater, Faults, injection methods, and fault attacks, Design Test of Computers, IEEE, vol. 24, pp , S. Guilley, L. Sauvage, J.-L. Danger, N. Selmane, and R. Pacalet, Silicon-level solutions to counteract passive and active attacks. Proc., 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.3 17, T. Fukunaga and J. Takahashi, Practical fault attack on a cryptographic lsi with iso/iec block ciphers, Proc., 6th Workshop on Fault Diagnosis and Tolerance in Cryptography, pp , Sept Side-channel Attack Standard Evaluation Board, S. M. Yen and M. Joye, Checking before output may not be enough against faultbased cryptanalysis, IEEE Trans. Comput., vol. 49, no. 9, pp , Sept J. S. Coron, Resistance against differential power analysis for elliptic curve cryptosystems, CHES 1999, Lecture Notes in Computer Science, vol. 1717, pp , Aug J. A. Menezes, C. P. Oorschot, and A. S. Vanstone, Handbook of Applied Cryptography. CRC Press, A. Miyamoto, N. Homma, T. Aoki, and A. Satoh, Systematic design of high-radix montgomery multipliers for rsa processors, Proc. 26th IEEE Int. Conf. Computer Design, pp , Oct
Information Leakage from Cryptographic Hardware via Common-Mode Current
Information Leakage from Cryptographic Hardware via Common-Mode Current Yu-ichi Hayashi #1, Takeshi Sugawara #1, Yoshiki Kayano #2, Naofumi Homma #1 Takaaki Mizuki #1, Akashi Satoh #3, Takafumi Aoki #1,
More informationCollision-based Power Analysis of Modular Exponentiation Using Chosen-message Pairs
Collision-based Analysis of Modular Exponentiation Using Chosen-message Pairs Naofumi Homma 1, Atsushi Miyamoto 1, Takafumi Aoki 1, Akashi atoh 2, and Adi hamir 3 1 Graduate chool of Information ciences,
More informationPower Analysis Attacks on SASEBO January 6, 2010
Power Analysis Attacks on SASEBO January 6, 2010 Research Center for Information Security, National Institute of Advanced Industrial Science and Technology Table of Contents Page 1. OVERVIEW... 1 2. POWER
More informationA Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals
A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals Takehiko Kato, Satoru Ito, Jun Anzai, and Natsume Matsuzaki Advanced Mobile Telecommunications Security Technology
More informationConstant Power Reconfigurable Computing
Constant Power Reconfigurable Computing Adrien Le Masle 1, Gary C T Chow 2, Wayne Luk 3 Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK { 1 al1108, 2 cchow, 3 wl}@docicacuk
More informationDETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk
DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE Adrien Le Masle, Wayne Luk Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK email: {al1108,wl}@doc.ic.ac.uk ABSTRACT
More informationAssembly Level Clock Glitch Insertion Into An XMega MCU
Cleveland State University EngagedScholarship@CSU ETD Archive 2016 Assembly Level Clock Glitch Insertion Into An XMega MCU Nigamantha Gopala Chakravarthi Follow this and additional works at: http://engagedscholarship.csuohio.edu/etdarchive
More informationicwaves Inspector Data Sheet
Inspector Data Sheet icwaves Advanced pattern-based triggering device for generating time independent pulses to avoid jitter and time-related countermeasures in SCA or FI testing. Riscure icwaves 1/9 Introduction
More informationEfficiency of a Glitch Detector against Electromagnetic Fault Injection
Efficiency of a Glitch Detector against Electromagnetic Fault Injection Loic Zussa, Amine Dehbaoui, Karim Tobich, Jean-Max Dutertre, Philippe Maurine Ludovic Guillaume-Sage, Jessy Clediere, Assia Tria
More informationCARRY SAVE COMMON MULTIPLICAND MONTGOMERY FOR RSA CRYPTOSYSTEM
American Journal of Applied Sciences 11 (5): 851-856, 2014 ISSN: 1546-9239 2014 Science Publication doi:10.3844/ajassp.2014.851.856 Published Online 11 (5) 2014 (http://www.thescipub.com/ajas.toc) CARRY
More informationTransient-Steady Effect Attack on Block Ciphers
Transient-Steady Effect Attack on Block Ciphers Yanting Ren 1,2, An Wang 1,2, and Liji Wu 1,2 1 Tsinghua National Laboratory for Information Science and Technology (TNList), Beijing, China 2 Institute
More informationElectromagnetic-based Side Channel Attacks
Electromagnetic-based Side Channel Attacks Yasmine Badr 10/28/2015 What is Side Channel Attack Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute
More informationInvestigations of Power Analysis Attacks on Smartcards
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Investigations of Power Analysis
More informationSynthesis and Analysis of 32-Bit RSA Algorithm Using VHDL
Synthesis and Analysis of 32-Bit RSA Algorithm Using VHDL Sandeep Singh 1,a, Parminder Singh Jassal 2,b 1M.Tech Student, ECE section, Yadavindra collage of engineering, Talwandi Sabo, India 2Assistant
More informationEfficiency of a glitch detector against electromagnetic fault injection
Efficiency of a glitch detector against electromagnetic fault injection Loic Zussa, Amine Dehbaoui, Karim Tobich, Jean-Max Dutertre, Philippe Maurine, Ludovic Guillaume-Sage, Jessy Clédière, Assia Tria
More informationSynchronization Method for SCA and Fault Attacks
Journal of Cryptographic Engineering (2011) 1:71-77 DOI 10.1007/s13389-011-0004-0 Synchronization Method for SCA and Fault Attacks Sergei Skorobogatov Received: 15 November 2010 / Accepted: 16 January
More informationHigh Speed Clock Glitching
Cleveland State University EngagedScholarship@CSU ETD Archive 2015 High Speed Clock Glitching Santosh Desiraju Cleveland State University How does access to this work benefit you? Let us know! Follow this
More informationTest Apparatus for Side-Channel Resistance Compliance Testing
Test Apparatus for Side-Channel Resistance Compliance Testing Michael Hutter, Mario Kirschbaum, Thomas Plos, and Jörn-Marc Schmidt Institute for Applied Information Processing and Communications (IAIK),
More informationImplementation and Performance Testing of the SQUASH RFID Authentication Protocol
Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Philip Koshy, Justin Valentin and Xiaowen Zhang * Department of Computer Science College of n Island n Island, New York,
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 6: Physical Side Channel Attacks on PCs Guest lecturer: Lev Pachmanov 1 Side channel attacks probing CPU architecture optical
More informationWe are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists. International authors and editors
We are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists 3,7 18,5 1.7 M Open access books available International authors and editors Downloads Our authors
More informationInspector Data Sheet. EM-FI Transient Probe. High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8
Inspector Data Sheet EM-FI Transient Probe High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8 Introduction With increasingly challenging chip packages
More informationHorizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe
Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe Christian Wittke 1, Ievgen Kabin 1, Dan Klann 1, Zoya Dyka 1, Anton Datsuk 1 and Peter Langendoerfer 1 1 IHP Leibniz-Institut
More informationExplaining Differential Fault Analysis on DES. Christophe Clavier Michael Tunstall
Explaining Differential Fault Analysis on DES Christophe Clavier Michael Tunstall 5/18/2006 References 2 Bull & Innovatron Patents Fault Injection Equipment: Laser 3 Bull & Innovatron Patents Fault Injection
More informationTime-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala
Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are
More informationDesign and Validation of a Platform for Electromagnetic Fault Injection
Design and Validation of a Platform for Electromagnetic Fault Injection Josep Balasch imec-cosic KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven, Belgium Email: josep.balasch@esat.kuleuven.be Daniel Arumí,
More informationTransform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.
978-1-4673-2451-9/12/$31.00 2012 IEEE 201 CPA Performance Comparison based on Wavelet Transform Aesun Park Department of Mathematics Kookmin University Seoul, Korea Rep. aesons@kookmin.ac.kr Dong-Guk Han
More informationLocal and Direct EM Injection of Power into CMOS Integrated Circuits.
Local and Direct EM Injection of Power into CMOS Integrated Circuits. F. Poucheret 1,4, K.Tobich 2, M.Lisart 2,L.Chusseau 3, B.Robisson 4, P. Maurine 1 LIRMM Montpellier 1 ST Microelectronics Rousset 2
More informationAREA AND DELAY EFFICIENT DESIGN FOR PARALLEL PREFIX FINITE FIELD MULTIPLIER
AREA AND DELAY EFFICIENT DESIGN FOR PARALLEL PREFIX FINITE FIELD MULTIPLIER 1 CH.JAYA PRAKASH, 2 P.HAREESH, 3 SK. FARISHMA 1&2 Assistant Professor, Dept. of ECE, 3 M.Tech-Student, Sir CR Reddy College
More informationSV2C 28 Gbps, 8 Lane SerDes Tester
SV2C 28 Gbps, 8 Lane SerDes Tester Data Sheet SV2C Personalized SerDes Tester Data Sheet Revision: 1.0 2015-03-19 Revision Revision History Date 1.0 Document release. March 19, 2015 The information in
More informationPX8000 Precision Power Scope with Features of High-accuracy Power Meter and Waveform Measuring Instrument
PX8000 Precision Power Scope with Features of High-accuracy Power Meter and Waveform Measuring Instrument Osamu Itou *1 Satoru Suzuki *1 Hiroshi Yagyuu *2 Kazuo Kawasumi *1 Yokogawa developed the PX8000
More informationHigh-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem
High-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem Bonseok Koo 1, Dongwook Lee 1, Gwonho Ryu 1, Taejoo Chang 1 and Sangjin Lee 2 1 Nat (NSRI), Korea 2 Center
More informationA10-Gb/slow-power adaptive continuous-time linear equalizer using asynchronous under-sampling histogram
LETTER IEICE Electronics Express, Vol.10, No.4, 1 8 A10-Gb/slow-power adaptive continuous-time linear equalizer using asynchronous under-sampling histogram Wang-Soo Kim and Woo-Young Choi a) Department
More informationFAULTS cause a computer program to behave in an unintended
1 Fault Injection using Crowbars on Embedded Systems Colin O Flynn Abstract Causing a device to incorrectly execute an instruction or store faulty data is well-known strategy for attacking cryptographic
More informationConstructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald
Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations Si Gao, Arnab Roy, and Elisabeth Oswald Outline Introduction Design Philosophy Sbox Constructions Implementations Summary
More informationSensing Voltage Transients Using Built-in Voltage Sensor
Sensing Voltage Transients Using Built-in Voltage Sensor ABSTRACT Voltage transient is a kind of voltage fluctuation caused by circuit inductance. If strong enough, voltage transients can cause system
More informationDigital design & Embedded systems
FYS4220/9220 Digital design & Embedded systems Lecture #5 J. K. Bekkeng, 2.7.2011 Phase-locked loop (PLL) Implemented using a VCO (Voltage controlled oscillator), a phase detector and a closed feedback
More informationDesign and FPGA Implementation of an Adaptive Demodulator. Design and FPGA Implementation of an Adaptive Demodulator
Design and FPGA Implementation of an Adaptive Demodulator Sandeep Mukthavaram August 23, 1999 Thesis Defense for the Degree of Master of Science in Electrical Engineering Department of Electrical Engineering
More informationA Reflectometer for Cable Fault Location with Multiple Pulse Reflection Method
2014 by IFSA Publishing, S. L. http://www.sensorsportal.com A Reflectometer for Cable Fault Location with Multiple Pulse Reflection Method Zheng Gongming Electronics & Information School, Yangtze University,
More informationSIDE-CHANNEL attacks exploit the leaked physical information
546 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 57, NO. 7, JULY 2010 A Low Overhead DPA Countermeasure Circuit Based on Ring Oscillators Po-Chun Liu, Hsie-Chia Chang, Member, IEEE,
More informationFPGA-BASED PULSED-RF PHASE AND AMPLITUDE DETECTOR AT SLRI
doi:10.18429/jacow-icalepcs2017- FPGA-BASED PULSED-RF PHASE AND AMPLITUDE DETECTOR AT SLRI R. Rujanakraikarn, Synchrotron Light Research Institute, Nakhon Ratchasima, Thailand Abstract In this paper, the
More informationEvaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit
R1-3 SASIMI 2013 Proceedings Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit Tsunato Nakai Mitsuru Shiozaki Takaya Kubota Takeshi Fujino Graduate School of Science and
More informationEvaluation of the Masked Logic Style MDPL on a Prototype Chip
Evaluation of the Masked Logic Style MDPL on a Prototype Chip Thomas Popp 1, Mario Kirschbaum 1, Thomas Zefferer 1, and Stefan Mangard 2, 1 Institute for Applied Information Processing and Communications
More informationField Programmable Gate Array-Based Pulse-Width Modulation for Single Phase Active Power Filter
American Journal of Applied Sciences 6 (9): 1742-1747, 2009 ISSN 1546-9239 2009 Science Publications Field Programmable Gate Array-Based Pulse-Width Modulation for Single Phase Active Power Filter N.A.
More informationDesign of FIR Filter Using Modified Montgomery Multiplier with Pipelining Technique
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 10, Issue 3 (March 2014), PP.55-63 Design of FIR Filter Using Modified Montgomery
More informationECEN620: Network Theory Broadband Circuit Design Fall 2012
ECEN620: Network Theory Broadband Circuit Design Fall 2012 Lecture 20: CDRs Sam Palermo Analog & Mixed-Signal Center Texas A&M University Announcements Exam 2 is on Friday Nov. 9 One double-sided 8.5x11
More informationMicroprocessor & Interfacing Lecture Programmable Interval Timer
Microprocessor & Interfacing Lecture 30 8254 Programmable Interval Timer P A R U L B A N S A L A S S T P R O F E S S O R E C S D E P A R T M E N T D R O N A C H A R Y A C O L L E G E O F E N G I N E E
More informationDigital Dual Mixer Time Difference for Sub-Nanosecond Time Synchronization in Ethernet
Digital Dual Mixer Time Difference for Sub-Nanosecond Time Synchronization in Ethernet Pedro Moreira University College London London, United Kingdom pmoreira@ee.ucl.ac.uk Pablo Alvarez pablo.alvarez@cern.ch
More informationIs Your Mobile Device Radiating Keys?
Is Your Mobile Device Radiating Keys? Benjamin Jun Gary Kenworthy Session ID: MBS-401 Session Classification: Intermediate Radiated Leakage You have probably heard of this before App Example of receiving
More informationHigh Performance True Random Number Generator in Altera Stratix FPLDs
High Performance True Random Number Generator in Altera Stratix FPLDs Viktor Fischer 1, Miloš Drutarovský 2, Martin Šimka2, and Nathalie Bochard 1 1 Laboratoire Traitement du Signal et Instrumentation,
More informationModular Multiplication Algorithm in Cryptographic Processor: A Review and Future Directions
Modular Multiplication Algorithm in Cryptographic Processor: A Review and Future Directions Poomagal C. T Research Scholar, Department of Electronics and Communication Engineering, Sri Venkateswara College
More informationMulti-Resolution Wavelet Analysis for Chopped Impulse Voltage Measurements
Multi-Resolution Wavelet Analysis for Chopped Impulse Voltage Measurements EMEL ONAL Electrical Engineering Department Istanbul Technical University 34469 Maslak-Istanbul TURKEY onal@elk.itu.edu.tr http://www.elk.itu.edu.tr/~onal
More informationDigital Systems Design
Digital Systems Design Clock Networks and Phase Lock Loops on Altera Cyclone V Devices Dr. D. J. Jackson Lecture 9-1 Global Clock Network & Phase-Locked Loops Clock management is important within digital
More informationPLL & Timing Glossary
February 2002, ver. 1.0 Altera Stratix TM devices have enhanced phase-locked loops (PLLs) that provide designers with flexible system-level clock management that was previously only available in discrete
More informationNyquist filter FIFO. Amplifier. Impedance matching. 40 MHz sampling ADC. DACs for gain and offset FPGA. clock distribution (not yet implemented)
The Digital Gamma Finder (DGF) Firewire clock distribution (not yet implemented) DSP One of four channels Inputs Camac for 4 channels 2 cm System FPGA Digital part Analog part FIFO Amplifier Nyquist filter
More informationExperimental Results for Low-Jitter Wide-Band Dual Cascaded Phase Locked Loop System
, October 0-, 010, San Francisco, USA Experimental Results for Low-Jitter Wide-Band Dual Cascaded Phase Locked Loop System Ahmed Telba and Syed Manzoor Qasim, Member, IAENG Abstract Jitter is a matter
More informationA PC-BASED TIME INTERVAL COUNTER WITH 200 PS RESOLUTION
A PC-BASED TIME INTERVAL COUNTER WITH 200 PS RESOLUTION Józef Kalisz and Ryszard Szplet Military University of Technology Kaliskiego 2, 00-908 Warsaw, Poland Tel: +48 22 6839016; Fax: +48 22 6839038 E-mail:
More informationLimit-Cycle Based Auto-Tuning System for Digitally Controlled Low-Power SMPS
Limit-Cycle Based Auto-Tuning System for Digitally Controlled Low-Power SMPS Zhenyu Zhao, Huawei Li, A. Feizmohammadi, and A. Prodic Laboratory for Low-Power Management and Integrated SMPS 1 ECE Department,
More informationANALOG-TO-DIGITAL CONVERTER FOR INPUT VOLTAGE MEASUREMENTS IN LOW- POWER DIGITALLY CONTROLLED SWITCH-MODE POWER SUPPLY CONVERTERS
ANALOG-TO-DIGITAL CONVERTER FOR INPUT VOLTAGE MEASUREMENTS IN LOW- POWER DIGITALLY CONTROLLED SWITCH-MODE POWER SUPPLY CONVERTERS Aleksandar Radić, S. M. Ahsanuzzaman, Amir Parayandeh, and Aleksandar Prodić
More informationHigh Speed ECC Implementation on FPGA over GF(2 m )
Department of Electronic and Electrical Engineering University of Sheffield Sheffield, UK Int. Conf. on Field-programmable Logic and Applications (FPL) 2-4th September, 2015 1 Overview Overview Introduction
More informationאני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים
אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University
More informationDevelopment of Telescope Readout System based on FELIX for Testbeam Experiments
Development of Telescope Readout System based on FELIX for Testbeam Experiments, Hucheng Chen, Kai Chen, Francessco Lanni, Hongbin Liu, Lailin Xu Brookhaven National Laboratory E-mail: weihaowu@bnl.gov,
More informationDevelopment of front-end readout electronics for silicon strip. detectors
Development of front-end readout electronics for silicon strip detectors QIAN Yi( 千奕 ) 1 SU Hong ( 苏弘 ) 1 KONG Jie( 孔洁 ) 1,2 DONG Cheng-Fu( 董成富 ) 1 MA Xiao-Li( 马晓莉 ) 1 LI Xiao-Gang ( 李小刚 ) 1 1 Institute
More informationA fast programmable frequency divider with a wide dividing-ratio range and 50% duty-cycle
A fast programmable frequency divider with a wide dividing-ratio range and 50% duty-cycle Mo Zhang a), Syed Kamrul Islam b), and M. Rafiqul Haider c) Department of Electrical & Computer Engineering, University
More informationWideband Spectral Measurement Using Time-Gated Acquisition Implemented on a User-Programmable FPGA
Wideband Spectral Measurement Using Time-Gated Acquisition Implemented on a User-Programmable FPGA By Raajit Lall, Abhishek Rao, Sandeep Hari, and Vinay Kumar Spectral measurements for some of the Multiple
More informationHow to Maximize the Potential of FPGA Resources for Modular Exponentiation
How to Maximize the Potential of FPGA Resources for Modular Exponentiation Daisuke Suzuki Mitsubishi Electric Corporation, Information Technology R&D Center, 5-- Ofuna Kamakura, Kanagawa, 247-850, Japan
More informationEM Attack Is Non-Invasive? - Design Methodology and Validity Verification of EM Attack Sensor
EM Attack Is Non-Invasive? - Design Methodology and Validity Verification of EM Attack Sensor Naofumi Homma, Yu-ichi Hayashi, Noriyuki Miura, Daisuke Fujimoto, Daichi Tanaka, Makoto Nagata and Takafumi
More informationDESIGN OF MULTIPLYING DELAY LOCKED LOOP FOR DIFFERENT MULTIPLYING FACTORS
DESIGN OF MULTIPLYING DELAY LOCKED LOOP FOR DIFFERENT MULTIPLYING FACTORS Aman Chaudhary, Md. Imtiyaz Chowdhary, Rajib Kar Department of Electronics and Communication Engg. National Institute of Technology,
More informationRFID and Its Vulnerability to Faults
RFID and Its Vulnerability to Faults Michael Hutter 1,Jörn-Marc Schmidt 1,2, and Thomas Plos 1 1 Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse
More informationEnhancing FPGA-based Systems with Programmable Oscillators
Enhancing FPGA-based Systems with Programmable Oscillators Jehangir Parvereshi, jparvereshi@sitime.com Sassan Tabatabaei, stabatabaei@sitime.com SiTime Corporation www.sitime.com 990 Almanor Ave., Sunnyvale,
More informationThreshold Implementations. Svetla Nikova
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold
More informationHow to Flip a Bit? Michel Agoyan, Jean-Max Dutertre, Amir-Pasha Mirbaha, David Naccache, Anne-Lise Ribotta, Assia Tria. To cite this version:
How to Flip a Bit? Michel Agoyan, Jean-Max Dutertre, Amir-Pasha Mirbaha, David Naccache, Anne-Lise Ribotta, Assia Tria To cite this version: Michel Agoyan, Jean-Max Dutertre, Amir-Pasha Mirbaha, David
More informationDelay-Locked Loop Using 4 Cell Delay Line with Extended Inverters
International Journal of Electronics and Electrical Engineering Vol. 2, No. 4, December, 2014 Delay-Locked Loop Using 4 Cell Delay Line with Extended Inverters Jefferson A. Hora, Vincent Alan Heramiz,
More informationFast-lock all-digital DLL and digitally-controlled phase shifter for DDR controller applications
Fast-lock all-digital DLL and digitally-controlled phase shifter for DDR controller applications Duo Sheng 1a), Ching-Che Chung 2,andChen-YiLee 1 1 Department of Electronics Engineering & Institute of
More informationA fully digital clock and data recovery with fast frequency offset acquisition technique for MIPI LLI applications
LETTER IEICE Electronics Express, Vol.10, No.10, 1 7 A fully digital clock and data recovery with fast frequency offset acquisition technique for MIPI LLI applications June-Hee Lee 1, 2, Sang-Hoon Kim
More informationMulti-Channel Time Digitizing Systems
454 IEEE TRANSACTIONS ON APPLIED SUPERCONDUCTIVITY, VOL. 13, NO. 2, JUNE 2003 Multi-Channel Time Digitizing Systems Alex Kirichenko, Saad Sarwana, Deep Gupta, Irwin Rochwarger, and Oleg Mukhanov Abstract
More informationAn Efficient Method for Implementation of Convolution
IAAST ONLINE ISSN 2277-1565 PRINT ISSN 0976-4828 CODEN: IAASCA International Archive of Applied Sciences and Technology IAAST; Vol 4 [2] June 2013: 62-69 2013 Society of Education, India [ISO9001: 2008
More informationAvailable online at ScienceDirect. Procedia Computer Science 34 (2014 )
Available online at www.sciencedirect.com ScienceDirect Procedia Computer Science 34 (2014 ) 639 646 International Symposium on Emerging Inter-networks, Communication and Mobility (EICM 2014) A Tiny RSA
More informationאני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים
אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv
More informationA HARDWARE DC MOTOR EMULATOR VAGNER S. ROSA 1, VITOR I. GERVINI 2, SEBASTIÃO C. P. GOMES 3, SERGIO BAMPI 4
A HARDWARE DC MOTOR EMULATOR VAGNER S. ROSA 1, VITOR I. GERVINI 2, SEBASTIÃO C. P. GOMES 3, SERGIO BAMPI 4 Abstract Much work have been done lately to develop complex motor control systems. However they
More informationVariable Delay of Multi-Gigahertz Digital Signals for Deskew and Jitter-Injection Test Applications
Variable Delay of Multi-Gigahertz Digital Signals for Deskew and Jitter-Injection Test Applications D.C. Keezer 1, D. Minier, P. Ducharme 1- Georgia Institute of Technology, Atlanta, Georgia USA IBM, Bromont,
More informationReal Time Pulse Pile-up Recovery in a High Throughput Digital Pulse Processor
Real Time Pulse Pile-up Recovery in a High Throughput Digital Pulse Processor Paul A. B. Scoullar a, Chris C. McLean a and Rob J. Evans b a Southern Innovation, Melbourne, Australia b Department of Electrical
More informationCurrent mode with RMS voltage and offset control loops for a single-phase aircraft inverter suitable for parallel and 3-phase operation modes
Current mode with RMS voltage and offset control loops for a single-phase aircraft inverter suitable for parallel and 3-phase operation modes P. Varela, D. Meneses, O. Garcia, J. A. Oliver, P. Alou and
More informationOnline Monitoring for Automotive Sub-systems Using
Online Monitoring for Automotive Sub-systems Using 1149.4 C. Jeffrey, A. Lechner & A. Richardson Centre for Microsystems Engineering, Lancaster University, Lancaster, LA1 4YR, UK 1 Abstract This paper
More informationCESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis
CESEL: Flexible Crypto Acceleration Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis Cryptography Mathematical operations to secure data Fundamental for building secure systems Computationally intensive:
More informationHighly Reliable Frequency Multiplier with DLL-Based Clock Generator for System-On-Chip
Highly Reliable Frequency Multiplier with DLL-Based Clock Generator for System-On-Chip B. Janani, N.Arunpriya B.E, Dept. of Electronics and Communication Engineering, Panimalar Engineering College/ Anna
More informationM Hewitson, K Koetter, H Ward. May 20, 2003
A report on DAQ timing for GEO 6 M Hewitson, K Koetter, H Ward May, Introduction The following document describes tests done to try and validate the timing accuracy of GEO s DAQ system. Tests were done
More informationModel 305 Synchronous Countdown System
Model 305 Synchronous Countdown System Introduction: The Model 305 pre-settable countdown electronics is a high-speed synchronous divider that generates an electronic trigger pulse, locked in time with
More informationPerformance Enhancement of the RSA Algorithm by Optimize Partial Product of Booth Multiplier
International Journal of Electronics Engineering Research. ISSN 0975-6450 Volume 9, Number 8 (2017) pp. 1329-1338 Research India Publications http://www.ripublication.com Performance Enhancement of the
More informationDPA Leakage Models for CMOS Logic Circuits
CHES 25 in Edinburgh DPA Leakage Models for CMOS Logic Circuits Daisuke Suzuki Minoru Saeki Mitsubishi Electric Corporation, Information Technology R&D Center Tetsuya Ichikawa Mitsubishi Electric Engineering
More informationData Word Length Reduction for Low-Power DSP Software
EE382C: LITERATURE SURVEY, APRIL 2, 2004 1 Data Word Length Reduction for Low-Power DSP Software Kyungtae Han Abstract The increasing demand for portable computing accelerates the study of minimizing power
More informationA TDC based BIST Scheme for Operational Amplifier Jun Yuan a and Wei Wang b
Applied Mechanics and Materials Submitted: 2014-07-19 ISSN: 1662-7482, Vols. 644-650, pp 3583-3587 Accepted: 2014-07-20 doi:10.4028/www.scientific.net/amm.644-650.3583 Online: 2014-09-22 2014 Trans Tech
More informationPlug-and-Play Digital Controllers for Scalable Low-Power SMPS
Plug-and-Play Digital Controllers for Scalable Low-Power SMPS Jason Weinstein and Aleksandar Prodić Laboratory for Low-Power Management and Integrated SMPS Department of Electrical and Computer Engineering
More informationDIFFERENTIAL power analysis (DPA) attacks can obtain
438 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 63, NO. 5, MAY 2016 Charge-Withheld Converter-Reshuffling: A Countermeasure Against Power Analysis Attacks Weize Yu and Selçuk Köse,
More information/$ IEEE
IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 53, NO. 11, NOVEMBER 2006 1205 A Low-Phase Noise, Anti-Harmonic Programmable DLL Frequency Multiplier With Period Error Compensation for
More informationThe influence of non-audible plural high frequency electrical noise on the playback sound of audio equipment (2 nd report)
Journal of Physics: Conference Series PAPER OPEN ACCESS The influence of non-audible plural high frequency electrical noise on the playback sound of audio equipment (2 nd report) To cite this article:
More informationBPSK_DEMOD. Binary-PSK Demodulator Rev Key Design Features. Block Diagram. Applications. General Description. Generic Parameters
Key Design Features Block Diagram Synthesizable, technology independent VHDL IP Core reset 16-bit signed input data samples Automatic carrier acquisition with no complex setup required User specified design
More informationA LOW POWER SINGLE PHASE CLOCK DISTRIBUTION USING 4/5 PRESCALER TECHNIQUE
A LOW POWER SINGLE PHASE CLOCK DISTRIBUTION USING 4/5 PRESCALER TECHNIQUE MS. V.NIVEDITHA 1,D.MARUTHI KUMAR 2 1 PG Scholar in M.Tech, 2 Assistant Professor, Dept. of E.C.E,Srinivasa Ramanujan Institute
More informationA Clock Generating System for USB 2.0 with a High-PSR Bandgap Reference Generator
ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 14, Number 4, 2011, 380 391 A Clock Generating System for USB 2.0 with a High-PSR Bandgap Reference Generator Seok KIM 1, Seung-Taek YOO 1,2,
More informationBrushless Motor without a Shaft-Mounted Position Sensor. Tsunehiro Endo Fumio Tajima Member Member. Summary
Paper UDC 621.313.3-573: 621.316.71:681.532.8:621.382 Brushless Motor without a Shaft-Mounted Position Sensor By Tsunehiro Endo Fumio Tajima Member Member Kenichi Iizuka Member Summary Hideo Uzuhashi Non-member
More information