300 research outputs found
SEU Evaluation of Hardened-by-Replication Software in RISC-V Soft Processor
The interest of the space industry around soft processors is increasing. However, the advantages in terms of costs and customizability provided by soft processors are countered by the reliability issues deriving by Single Event
Effects, especially Single Event Upsets. Several techniques have been proposed to tackle these issues, both at the hardware- and software levels. Software approaches rely on replicating data and computations to cope with SEUs affecting the memory where the binary code is stored. Thanks to open licenses, RISCV solutions are steadily growing in popularity among the set of available soft processors. In this works, we present a reliability evaluation of four different benchmarks running on the RI5CY soft processor implemented on SRAM-based FPGAs. The reliability of the baseline and hardened-by-replication versions of the software benchmarks are evaluated against SEUs induced faults both at the software and hardware architecture levels through fault injection campaigns in the microprocessor memory and configuration memory, respectively. Results assess how the adoption of the hardening-by-replication technique at the software level slightly improves reliability against software related faults but degrades reliability against architectural faults, making it an inefficient solution when it is not combined with hardware robustness
RISC-V-Based Platforms for HPC: Analyzing Non-functional Properties for Future HPC and Big-Data Clusters
High-Performance Computing (HPC) have evolved to be used to perform simulations of systems where physical experimentation is prohibitively impractical, expensive, or dangerous. This paper provides a general overview and showcases the analysis of non-functional properties
in RISC-V-based platforms for HPCs. In particular, our analyses target the evaluation of power and energy control, thermal management, and reliability assessment of promising systems, structures, and technologies devised for current and future generation of HPC machines. The main set of design methodologies and technologies developed within the activities of the Future and HPC & Big Data spoke of the National Centre of HPC, Big Data and Quantum Computing project are described along with the description of the testbed for experimenting two-phase cooling approaches
Toward Fault-Tolerant Applications on Reconfigurable Systems-on-Chip
L'abstract è presente nell'allegato / the abstract is in the attachmen
Lock-V: a heterogeneous fault tolerance architecture based on Arm and RISC-V
This article presents Lock-V, a heterogeneous fault tolerance architecture that explores a dual-core lockstep (DCLS) technique to mitigate single event upset (SEU) and common-mode failure (CMF) problems. The Lock-V was deployed in two versions, Lock-VA and Lock-VM by applying design diversity in two processor architectures at the instruction set architecture (ISA)-level. Lock-VA features an Arm Cortex-A9 with a RISC-V RV64GC, while Lock-VM includes an Arm Cortex-M3 along with a RISC-V RV32IMA processor. The solution explores fieldprogrammable gate array (FPGA) technology to deploy softcore versions of the RISC-V processors, and dedicated accelerators for performing error detection and triggering the software rollback system used for error recovery. To test Lock-V in both versions, a fault-injection mechanism was implemented to cause bit-flips in the processor registers, a common problem usually present in heavy radiation environments.This work has been supported by FCT - Fundação para a Ciência e a Tecnologia within the R&D Units Project Scope: UIDB/00319/2020
Recent Trends and Perspectives on Defect-Oriented Testing
Electronics employed in modern safety-critical systems require severe qualification during the manufacturing process and in the field, to prevent fault effects from manifesting themselves as critical failures during mission operations. Traditional fault models are not sufficient anymore to guarantee the required quality levels for chips utilized in mission-critical applications. The research community and industry have been investigating new test approaches such as device-aware test, cell-aware test, path-delay test, and even test methodologies based on the analysis of manufacturing data to move the scope from OPPM to OPPB. This special session presents four contributions, from academic researchers and industry professionals, to enable better chip quality. We present results on various activities towards this objective, including device-aware test, software-based self-test, and memory test
Fault Injection on Embedded Neural Networks: Impact of a Single Instruction Skip
With the large-scale integration and use of neural network models, especially
in critical embedded systems, their security assessment to guarantee their
reliability is becoming an urgent need. More particularly, models deployed in
embedded platforms, such as 32-bit microcontrollers, are physically accessible
by adversaries and therefore vulnerable to hardware disturbances. We present
the first set of experiments on the use of two fault injection means,
electromagnetic and laser injections, applied on neural networks models
embedded on a Cortex M4 32-bit microcontroller platform. Contrary to most of
state-of-the-art works dedicated to the alteration of the internal parameters
or input values, our goal is to simulate and experimentally demonstrate the
impact of a specific fault model that is instruction skip. For that purpose, we
assessed several modification attacks on the control flow of a neural network
inference. We reveal integrity threats by targeting several steps in the
inference program of typical convolutional neural network models, which may be
exploited by an attacker to alter the predictions of the target models with
different adversarial goals.Comment: Accepted at DSD 2023 for AHSA Special Sessio
Differential Analysis of Round-Reduced AES Faulty Ciphertexts
International audienceThis paper describes new Round Reduction analysis attacks on an Advanced Encryption Standard (AES) implemen- tation by laser fault injection. The previous round reduction attacks require both of spatial and temporal accuracies in order to execute only one, two or nine rounds. We present new attacks by more flexible fault injection conditions. Our experiments are carried out on an 8-bit microcontroller which embeds a software AES with pre-calculated round keys. Faults are injected either into the round counter itself or into the reference of its total round number. The attacks may result to the use of a faulty round key at the last one or two executed rounds. The cryptanalysis of the obtained round-reduced faulty ciphertexts resorts to the differentiation techniques used by Differential Fault Analysis
EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware
EMFI has become a popular fault injection (FI) technique due to its ability
to inject faults precisely considering timing and location. Recently, ARM,
RISC-V, and even x86 processing units in different packages were shown to be
vulnerable to electromagnetic fault injection (EMFI) attacks. However, past
publications lack a detailed description of the entire attack setup, hindering
researchers and companies from easily replicating the presented attacks on
their devices. In this work, we first show how to build an automated EMFI setup
with high scanning resolution and good repeatability that is large enough to
attack modern desktop and server CPUs. We structurally lay out all details on
mechanics, hardware, and software along with this paper. Second, we use our
setup to attack a deeply embedded security co-processor in modern AMD systems
on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously
published code execution exploit, we run two custom payloads on the AMD-SP that
utilize the SoC to different degrees. We then visualize these fault locations
on SoC photographs allowing us to reason about the SoC's components under
attack. Finally, we show that the signature verification process of one of the
first executed firmware parts is susceptible to EMFI attacks, undermining the
security architecture of the entire SoC. To the best of our knowledge, this is
the first reported EMFI attack against an AMD desktop CPU.Comment: This is the authors' version of the article accepted for publication
at IEEE International Conference on Physical Assurance and Inspection of
Electronics (PAINE 2022
Embedded Systems Security: On EM Fault Injection on RISC-V and BR/TBR PUF Design on FPGA
With the increased usage of embedded computers in modern life and the rapid growth of the Internet of Things (IoT), embedded systems security has become a real concern. Especially with safety-critical systems or devices that communicate sensitive data, security becomes a critical issue. Embedded computers more than others are vulnerable to hardware attacks that target the chips themselves to extract the cryptographic keys, compromise their security, or counterfeit them.
In this thesis, embedded security is studied through two different areas. The first is the study of hardware attacks by investigating Electro Magnetic Fault Injection (EMFI) on a RISC-V processor. And the second is the study of the countermeasures against counterfeiting and key extraction by investigating the implementation of the Bistable Ring Physical Unclonable Function (BR-PUF) and its variant the TBR-PUF on FPGA.
The experiments on a 320 MHz five-stage pipeline RISC-V core showed that with the increase of frequency and the decrease of supplied voltage, the processor becomes more susceptible to EMFI. Analysis of the effect of EMFI on different types of instructions including arithmetic and logic operations, memory operations, and flow control operations showed different types of faults including instruction skips, instructions corruption, faulted branches, and exception faults with variant probabilities. More interestingly and for the first time, multiple consecutive instructions (up to six instructions) were empirically shown to be faulted at once, which can be very devastating, compromising the effect of software countermeasures such as instruction duplication or triplication.
This research also studies the hardware implementation of the BR and TBR PUFs on a Spartan-6 FPGA. A comparative study on both the automatic and manual placement implementation approaches on FPGA is presented. With the use of the settling time as a randomization source for the automatic placement, this approach showed a potential to generate PUFs with good characteristics through multiple trials. The automatic placement approach was successful in generating 4-input XOR BR and TBR PUFs with almost ideal characteristics. Moreover, optimizations on the architectural and layout levels were performed on the BR and TBR PUFs to reduce their footprint on FPGA.
This research aims to advance the understanding of the EMFI effect on processors, so that countermeasures may be designed for future secure processors. Additionally, this research helps to advance the understanding of how best to design improved BR and TBR PUFs for key protection in future secure devices
- …