Silicon Echoes: Non-Invasive Trojan and Tamper Detection using Frequency-Selective Impedance Analysis

The threat of chip-level tampering and its detection has been widely researched. Hardware Trojan insertions are prominent examples of such tamper events. Altering the placement and routing of a design or removing a part of a circuit for side-channel leakage/fault sensitivity amplification are other instances of such attacks. While semi- and fully-invasive physical verification methods can confidently detect such stealthy tamper events, they are costly, time-consuming, and destructive. On the other hand, virtually all proposed non-invasive side-channel methods suffer from noise and, therefore, have low confidence. Moreover, they require activating the tampered part of the circuit (e.g., the Trojan trigger) to compare and detect the modifications. In this work, we introduce a non-invasive post-silicon tamper detection technique applicable to different classes of tamper events at the chip level without requiring the activation of the malicious circuit. Our method relies on the fact that physical modifications (regardless of their physical, activation, or action characteristics) alter the impedance of the chip. Hence, characterizing the impedance can lead to the detection of the tamper events. To sense the changes in the impedance, we deploy known RF tools, namely, scattering parameters, in which we inject sine wave signals with high frequencies to the power distribution network (PDN) of the system and measure the “echo” of the signal. The reflected signals in various frequency bands reveal different tamper events based on their impact size on the die. To validate our claims, we performed measurements on several proof-of-concept tampered hardware implementations realized on FPGAs manufactured with a 28 nm technology. We further show that deploying the Dynamic Time Warping (DTW) distance can distinguish between tamper events and noise resulting from manufacturing process variation of different chips/boards. Based on the acquired results, we demonstrate that stealthy hardware Trojans, as well as sophisticated modifications of P&R, can be detected

PDNPulse: Sensing PCB Anomaly with the Intrinsic Power Delivery Network

The ubiquitous presence of printed circuit boards (PCBs) in modern electronic systems and embedded devices makes their integrity a top security concern. To take advantage of the economies of scale, today's PCB design and manufacturing are often performed by suppliers around the globe, exposing them to many security vulnerabilities along the segmented PCB supply chain. Moreover, the increasing complexity of the PCB designs also leaves ample room for numerous sneaky board-level attacks to be implemented throughout each stage of a PCB's lifetime, threatening many electronic devices. In this paper, we propose PDNPulse, a power delivery network (PDN) based PCB anomaly detection framework that can identify a wide spectrum of board-level malicious modifications. PDNPulse leverages the fact that the PDN's characteristics are inevitably affected by modifications to the PCB, no matter how minuscule. By detecting changes to the PDN impedance profile and using the Frechet distance-based anomaly detection algorithms, PDNPulse can robustly and successfully discern malicious modifications across the system. Using PDNPulse, we conduct extensive experiments on seven commercial-off-the-shelf PCBs, covering different design scales, different threat models, and seven different anomaly types. The results confirm that PDNPulse creates an effective security asymmetry between attack and defense

Adaptive protection and control for wide-area blackout prevention

Technical analyses of several recent power blackouts revealed that a group of generators going out-of-step with the rest of the power system is often a precursor of a complete system collapse. Out-of-step protection is designed to assess the stability of the evolving swing after a disturbance and take control action accordingly. However, the settings of out-of-step relays are found to be unsatisfactory due to the fact that the electromechanical swings that occurred during relay commissioning are different in practice. These concerns motivated the development of a novel approach to recalculate the out-of-step protection settings to suit the prevalent operating condition. With phasor measurement unit (PMU) technology, it is possible to adjust the setting of out-of-step relay in real-time. The setting of out-of-step relay is primarily determined by three dynamic parameters: direct axis transient reactance, quadrature axis speed voltage and generator inertia. In a complex power network, these parameters are the dynamic parameters of an equivalent model of a coherent group of generators. Hence, it is essential to identify the coherent group of generators and estimate the dynamic model parameters of each generator in the system first in order to form the dynamic model equivalent in the system. The work presented in this thesis develops a measurement-based technique to identify the coherent areas of power system network by analysing the measured data obtained from the system. The method is based on multivariate analysis of the signals, using independent component analysis (ICA). Also, a technique for estimating the dynamic model parameters of the generators in the system has been developed. The dynamic model parameters of synchronous generators are estimated by processing the PMU measurements using unscented Kalman filter (UKF).Open Acces

ImpedanceVerif: On-Chip Impedance Sensing for System-Level Tampering Detection

Physical attacks can compromise the security of cryptographic devices. Depending on the attack’s requirements, adversaries might need to (i) place probes in the proximity of the integrated circuits (ICs) package, (ii) create physical connections between their probes/wires and the system’s PCB, or (iii) physically tamper with the PCB’s components, chip’s package, or substitute the entire PCB to prepare the device for the attack. While tamper-proof enclosures prevent and detect physical access to the system, their high manufacturing cost and incompatibility with legacy systems make them unattractive for many low-cost scenarios. In this paper, inspired by methods known from the field of power integrity analysis, we demonstrate how the impedance characterization of the system’s power distribution network (PDN) using on-chip circuit-based network analyzers can detect various classes of tamper events. We explain how these embedded network analyzers, without any modifications to the system, can be deployed on FPGAs to extract the frequency response of the PDN. The analysis of these frequency responses reveals different classes of tamper events from board to chip level. To validate our claims, we run an embedded network analyzer on FPGAs of a family of commercial development kits and perform extensive measurements for various classes of PCB and IC package tampering required for conducting different side-channel or fault attacks. Using the Wasserstein Distance as a statistical metric, we further show that we can confidently detect tamper events. Our results, interestingly, show that even environment-level tampering activities, such as the proximity of contactless EM probes to the IC package or slightly polished IC package, can be detected using on-chip impedance sensing

High resolution angular sensor

Specifications for the pointing stabilization system of the large space telescope were used in an investigation of the feasibility of reducing ring laser gyro output quantization to the sub-arc-second level by the use of phase locked loops and associated electronics. Systems analysis procedures are discussed and a multioscillator laser gyro model is presented along with data on the oscillator noise. It is shown that a second order closed loop can meet the measurement noise requirements when the loop gain and time constant of the loop filter are appropriately chosen. The preliminary electrical design is discussed from the standpoint of circuit tradeoff considerations. Analog, digital, and hybrid designs are given and their applicability to the high resolution sensor is examined. the electrical design choice of a system configuration is detailed. The design and operation of the various modules is considered and system block diagrams are included. Phase 1 and 2 test results using the multioscillator laser gyro are included

Electromagnetic Interference and Compatibility

Recent progress in the fields of Electrical and Electronic Engineering has created new application scenarios and new Electromagnetic Compatibility (EMC) challenges, along with novel tools and methodologies to address them. This volume, which collects the contributions published in the “Electromagnetic Interference and Compatibility” Special Issue of MDPI Electronics, provides a vivid picture of current research trends and new developments in the rapidly evolving, broad area of EMC, including contributions on EMC issues in digital communications, power electronics, and analog integrated circuits and sensors, along with signal and power integrity and electromagnetic interference (EMI) suppression properties of materials

BiCMOS Millimetre-wave low-noise amplifier

Abstract: Please refer to full text to view abstract.D.Phil. (Electrical and Electronic Engineering

Automatic Luminous Flux Control For Fluorescent Lamps

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2007Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2007Geçtiğimiz yıllarda, aydınlatma kontrol sistemleri, enerji tüketimiyle doğrudan ilişkili olduklarından enerjinin verimli kullanılması konusunda önemli bir rol oynamaktadır. Bu çalışmada, arttırılan verimlilik sayesinde enerji tüketimini azaltmayı mümkün kılabilecek, gün ışığı temelli dim edilebilen aydınlatma sistemleri önerilmektedir. Önerilen sistemde, günışığının kullanılabilir olduğu zamanlarda, aydınlatma armatürlerinin ışık çıkışları azaltılarak enerji tüketimi düşürülebilmektedir. Dim edilebilen sistemde, foto sensörler aracılığıyla gün ışığı algılanır ve algılanan duruma göre ana kontrol merkezi sistem çıkışını, arzu edilen aydınlık düzeyine göre ayarlar. Tüm kontroller, kontrolde esneklik sağlayabilen programlanabilen mikrokontrolörler tarafından yapılmaktadır. Ayrıca, adreslenebilir radyo frekanslı seri haberleşme protokolü sisteme daha basit kurulum ve geniş esneklik sağlar. Bu çalışma, fluoresan lamba ve balastlar hakkında temel bilgi, detaylı literatür ve piyasa araştırması, simülasyon, yapım ve deneysel gerçekleme bölümlerinden oluşmaktadır.In recent years, artificial lighting control systems play an important role in energy saving topic that is directly related with energy consumptions. In this study, a daylight controlled dimming lighting system is proposed which enables to reduce energy consumption in terms of increased efficiency. The proposed system provides to reduce the light output and energy consumption of lighting fixtures, whenever the daylight is available. In dimming system operation, photosensors sense the available daylight level and main controller of the system adjust, the light output to reach the desired lighting level. All control actions are performed by programmable microcontrollers that bring more flexibility in control operation. Moreover, an addressable RF wireless serial communication protocol is also employes in the system operation which provides simple installation and wide control flexibility. The sections for this study includes a basic knowledge about fluorescent lamps and ballasts, a detailed literature and market search of existing systems, simulation, construction and experimental verification.Yüksek LisansM.Sc

A probabilistic approach to analyse Blade Tip Timing data of non-synchronous vibrations under constant rotor speed

Blades are among the most critical components of turbomachines, their monitoring and characterization undergoing working conditions are fundamental for the insiders, both for preventing eventual breakage and for optimising future development. Two approaches are possible for monitoring rotor blade vibrations: a traditional one based on the use of strain gauges and another one called Blade Tip Timing (BTT). BTT is an indirect, non-intrusive simple and robust measurement method, but the processing of such data is not easy because they are often subsampled with respect to the Nyquist limit and the ordering of the samples is not unique. In this work the focus is on multi component non-synchronous vibrations, typical for example of flutter, measured at constant rotor speed by a BTT system. These data are organized into batches of fixed length called snapshots and they are interpreted as members of a random vector. When the signal contains only one harmonic component the frequency can be determined using a method here described and called Harmonic Matching (HM). While for the analyses of multi harmonic component vibrations a probabilistic approach capable of separating and identify the components using Principal Component Analysis (PCA) and Independent Component Analysis (ICA) is proposed. For the development of data processing methods, the possibility of having controllable and repeatable data is fundamental, for this reason two test rigs of increasing complexity have been developed and are here described