42 research outputs found
Trusted SoC Realization for Remote Dynamic IP Integration
Heutzutage bieten field-programmable gate arrays (FPGAs) enorme Rechenleistung und Flexibilität. Zudem sind sie oft auf einem einzigen Chip mit eingebetteten Multicore-Prozessoren, DSP-Engines und Speicher-Controllern integriert. Dadurch sind sie für große und komplexe Anwendungen geeignet. Gleichzeitig führten die Fortschritte auf dem Gebiet der High-Level-Synthese und die Verfügbarkeit standardisierter Schnittstellen (wie etwa das Advanced eXtensible Interface 4) zur Entwicklung spezialisierter und neuartiger Funktionalitäten durch Designhäuser. All dies schuf einen Bedarf für ein Outsourcing der Entwicklung oder die Lizenzierung von FPGA-IPs (Intellectual Property). Ein Pay-per-Use IP-Lizenzierungsmodell, bei dem diese IPs vor allen Marktteilnehmern geschützt sind, kommt den Entwicklern der IPs zugute. Außerdem handelt es sich bei den Entwicklern von FPGA-Systemen in der Regel um kleine bis mittlere Unternehmen, die in Bezug auf die Markteinführungszeit und die Kosten pro Einheit von einem solchen Lizenzierungsmodell profitieren können.
Im akademischen Bereich und in der Industrie gibt es mehrere IP-Lizenzierungsmodelle und Schutzlösungen, die eingesetzt werden können, die jedoch mit zahlreichen Sicherheitsproblemen behaftet sind. In einigen Fällen verursachen die vorgeschlagenen Sicherheitsmaßnahmen einen unnötigen Ressourcenaufwand und Einschränkungen für die Systementwickler, d. h., sie können wesentliche Funktionen ihres Geräts nicht nutzen. Darüber hinaus lassen sie zwei funktionale Herausforderungen außer Acht: das Floorplanning der IP auf der programmierbaren Logik (PL) und die Generierung des Endprodukts der IP (Bitstream) unabhängig vom Gesamtdesign.
In dieser Arbeit wird ein Pay-per-Use-Lizenzierungsschema vorgeschlagen und unter Verwendung eines security framework (SFW) realisiert, um all diese Herausforderungen anzugehen. Das vorgestellte Schema ist pragmatisch, weniger restriktiv für Systementwickler und bietet Sicherheit gegen IP-Diebstahl. Darüber hinaus werden Maßnahmen ergriffen, um das System vor einem IP zu schützen, das bösartige Schaltkreise enthält. Das „Secure Framework“ umfasst ein vertrauenswürdiges Betriebssystem, ein reichhaltiges Betriebssystem, mehrere unterstützende Komponenten (z. B. TrustZone- Logik, gegen Seitenkanalangriffe (SCA) resistente Entschlüsselungsschaltungen) und Softwarekomponenten, z. B. für die Bitstromanalyse. Ein Gerät, auf dem das SFW läuft, kann als vertrauenswürdiges Gerät betrachtet werden, das direkt mit einem Repository oder einem IP-Core-Entwickler kommunizieren kann, um IPs in verschlüsselter Form zu erwerben. Die Entschlüsselung und Authentifizierung des IPs erfolgt auf dem Gerät, was die Angriffsfläche verringert und es weniger anfällig für IP-Diebstahl macht. Außerdem werden Klartext-IPs in einem geschützten Speicher des vertrauenswürdigen Betriebssystems abgelegt. Das Klartext-IP wird dann analysiert und nur dann auf der programmierbaren Logik konfiguriert, wenn es authentisch ist und keine bösartigen Schaltungen enthält. Die Bitstrom-Analysefunktionalität und die SFW-Unterkomponenten ermöglichen die Partitionierung der PL-Ressourcen in sichere und unsichere Ressourcen, d. h. die Erweiterung desKonzepts der vertrauenswürdigen Ausführungsumgebung (TEE) auf die PL. Dies ist die erste Arbeit, die das TEE-Konzept auf die programmierbare Logik ausweitet.
Bei der oben erwähnten SCA-resistenten Entschlüsselungsschaltung handelt es sich um die Implementierung des Advanced Encryption Standard, der so modifiziert wurde, dass er gegen elektromagnetische und stromverbrauchsbedingte Leckagen resistent ist. Das geschützte Design verfügt über zwei Gegenmaßnahmen, wobei die erste auf einer Vielzahl unterschiedler Implementierungsvarianten und veränderlichen Zielpositionen bei der Konfiguration basiert, während die zweite nur unterschiedliche Implementierungsvarianten verwendet. Diese Gegenmaßnahmen sind auch während der Laufzeit skalierbar. Bei der Bewertung werden auch die Auswirkungen der Skalierbarkeit auf den Flächenbedarf und die Sicherheitsstärke berücksichtigt.
Darüber hinaus wird die zuvor erwähnte funktionale Herausforderung des IP Floorplanning durch den Vorschlag eines feinkörnigen Automatic Floorplanners angegangen, der auf gemischt-ganzzahliger linearer Programmierung basiert und aktuelle FPGAGenerationen mit größeren und komplexen Bausteine unterstützt. Der Floorplanner bildet eine Reihe von IPs auf dem FPGA ab, indem er präzise rekonfigurierbare Regionen schafft. Dadurch werden die verbleibenden verfügbaren Ressourcen für das Gesamtdesign maximiert. Die zweite funktionale Herausforderung besteht darin, dass die vorhandenen Tools keine native Funktionalität zur Erzeugung von IPs in einer eigenständigen Umgebung bieten. Diese Herausforderung wird durch den Vorschlag eines unabhängigen IP-Generierungsansatzes angegangen. Dieser Ansatz kann von den Marktteilnehmern verwendet werden, um IPs eines Entwurfs unabhängig vom Gesamtentwurf zu generieren, ohne die Kompatibilität der IPs mit dem Gesamtentwurf zu beeinträchtigen
LUXOR: An FPGA Logic Cell Architecture for Efficient Compressor Tree Implementations
We propose two tiers of modifications to FPGA logic cell architecture to
deliver a variety of performance and utilization benefits with only minor area
overheads. In the irst tier, we augment existing commercial logic cell
datapaths with a 6-input XOR gate in order to improve the expressiveness of
each element, while maintaining backward compatibility. This new architecture
is vendor-agnostic, and we refer to it as LUXOR. We also consider a secondary
tier of vendor-speciic modifications to both Xilinx and Intel FPGAs, which we
refer to as X-LUXOR+ and I-LUXOR+ respectively. We demonstrate that compressor
tree synthesis using generalized parallel counters (GPCs) is further improved
with the proposed modifications. Using both the Intel adaptive logic module and
the Xilinx slice at the 65nm technology node for a comparative study, it is
shown that the silicon area overhead is less than 0.5% for LUXOR and 5-6% for
LUXOR+, while the delay increments are 1-6% and 3-9% respectively. We
demonstrate that LUXOR can deliver an average reduction of 13-19% in logic
utilization on micro-benchmarks from a variety of domains.BNN benchmarks
benefit the most with an average reduction of 37-47% in logic utilization,
which is due to the highly-efficient mapping of the XnorPopcount operation on
our proposed LUXOR+ logic cells.Comment: In Proceedings of the 2020 ACM/SIGDA International Symposium on
Field-Programmable Gate Arrays (FPGA'20), February 23-25, 2020, Seaside, CA,
US
The IPS fidelity scale as a guideline to implement Supported Employment
info:eu-repo/semantics/publishe
Accelerated V2X provisioning with Extensible Processor Platform
With the burgeoning Vehicle-to-Everything (V2X) communication, security and privacy concerns are paramount. Such concerns are usually mitigated by combining cryptographic mechanisms with suitable key management architecture. However, cryptographic operations may be quite resource-intensive, placing a considerable burden on the vehicle’s V2X computing unit. To assuage this issue, it is reasonable to use hardware acceleration for common cryptographic primitives, such as block ciphers, digital signature schemes, and key exchange protocols. In this scenario, custom extension instructions can be a plausible option, since they achieve fine-tune hardware acceleration with a low to moderate logic overhead, while also reducing code size. In this article, we apply this method along with dual-data memory banks for the hardware acceleration of the PRESENT block cipher, as well as for the finite field arithmetic employed in cryptographic primitives based on Curve25519 (e.g., EdDSA and X25519). As a result, when compared with a state-of-the-art software-optimized implementation, the performance of PRESENT is improved by a factor of 17 to 34 and code size is reduced by 70%, with only a 4.37% increase in FPGA logic overhead. In addition, we improve the performance of operations over Curve25519 by a factor of ~2.5 when compared to an Assembly implementation on a comparable processor, with moderate logic overhead (namely, 9.1%). Finally, we achieve significant performance gains in the V2X provisioning process by leveraging our hardware-accelerated cryptographic primitive
Sistemas de teste automáticos para transceivers NG-PON2
Optical communications have had a fundamental role in conecting people
worldwide. More than ever, there has been an incessant necessity to turn
technology more ubiquitous
With recent advancements in optical technology, it has become possible
to keep up with the demand for higher transmission rates in upstream or
downstream, higher bandwidth e still guaranteeing Quality of Service (QoS)
among inumerous users
This emerging necessity has taken telecommunication companies to inovate
in the area of development regarding optical equipment and also dealing
with the referred necessities. For this to happen, good quality control,
calibration e testing of produced parts is of paramount importance.
The work cut out for this dissertation is focused on the improvement and
addition of funtionalities to a test-board designed to perform measurements
of BER levels, calibration and maintenance of parts according to the newest
optical standard(New Gigabit Passive Optical Network 2 (NGPON2)) that
operates in maximum rates of 10Gb/s per channel.
In the rst part of this work, emphasis is given to the development of a slave
Inter Integrated Circuit (I2C) module that ensures connection between the
test board and the user, supplying BER values measured through a block
dedicated to measure BER levels. Later the same module will allow to
access all micro-controlers of the test-board, ensuring calibration functions.
On a second part, a characterization of different transceivers of different
Field Programmable Gate Array (FPGA)s is performed, consisting of an
eye diagram analysis of the transceivers and if possible, to test 10Gb/s
continuous mode through BER curves assessing their response.
Finally, a comparison is made between all transceivers, the obtained response
along with all the respective results, will contribute to the source project
of the automatic test board developed at PICadvanced with the intent on
evaluating 10 Gigabit Small Form Factor Pluggables (XFP) production.As comunicações têm vindo a ter um papel fundamental em interligar todas
as pessoas do mundo. Mais do que nunca, tem havido uma incessante
necessidade de tornar a tecnologia mais ubíqua.
Com o recente avanço e desenvolvimento da tecnologia Optica, tem sido
possível acompanhar a demanda por altas taxas de transmissão em upstream
ou downstream, maior largura de banda e ainda garantir Quality of Service
(QoS) entre ínumeros utilizadores, etc. . .
Esta necessidade emergente tem levado empresas de telecomunicações a inovar
na área de desenvolvimento de equipamento óptico e por consequente,
comaltar as necessidades referidas. Para isto acontecer tem de haver um
bom controlo, calibração e teste de peças produzidas.
O trabalho desta dissertação dedica-se ao melhoramento e acrescento
de funcionalidades a uma placa de testes desenhada para desempenhar
medições de níveis de Bit Error Ratio (BER), calibração e manutenção de
peças para o novo standard óptico (New Gigabit Passive Optical Network 2
(NGPON2)) que recorre ao uso de taxas máximas de transmissão de 10Gb/s
por canal
Na primeira parte do trabalho é dado foco ao desenvolvimento de um módulo
escravo Inter Integrated Circuit (I2C) que visa estabelecer o contacto entre
a placa de calibração e o utilizador fornecendo os valores de BER medidos
através de um bloco dedicado a medir o nível de BER. Mais tarde este
módulo servirá para poder aceder aos micro-circuitos da placa de testes
podendo realizar funções de calibração.
Numa segunda parte, é realizada uma caracterização de diferentes
transceivers de diferentes Field Programmable Gate Array (FPGA)s, a caracterização consiste numa análise do diagram de olho de transceivers e ainda
sendo possível, testar o modo contínuo nas mesmas, através curvas de BER
para avaliar a sua resposta.
Por fim, é feita uma comparação entre os mesmos transceivers, além de
que todos os resultados obtidos irão contribuir para a o projecto fonte da
placa de testes automatizada desenvolvida pela PICadvanced com o intuito
de avaliar a produção de 10 Gigabit Small Form Factor Pluggables (XFP).Mestrado em Engenharia Eletrónica e Telecomunicaçõe
Recommended from our members
FPGA Security Techniques with Applications to Cloud and Multi-Tenant Use Cases
Field programmable gate arrays (FPGAs) are integrated circuits that consist of programmable logic that a user can configure and deploy for applications such as hardware emulation and accelerating high performance computing. In recent years, the emergence of FPGAs in the cloud has led to research on multi-tenant FPGAs. In a multi-tenant scenario, the same FPGA fabric is shared among multiple users, or among multiple untrusting IP cores. Multi-tenancy has economic benefits, largely due to improvements in resource utilization, but also brings new security concerns since the tenants could behave maliciously. Although the tenants sharing an FPGA are logically isolated from each other, they may still have unintended interactions through side channel attacks and fault attacks. In this dissertation, we aim to evaluate security threats and defenses in the multi-tenant FPGA scenario. Firstly, the work in this dissertation studies a true random number generator (TRNG) on cloud FPGAs that is robust against voltage manipulation from co-tenants. The TRNG design is based on harvesting clock jitter using a tunable time-to-digital converter circuit. In accordance with best practices, a stochastic model is built to evaluate the min-entropy of the design, and further validated by NIST entropy assessment test suite and NIST statistical tests. The basic version of the TRNG is extended with a linkable sampling module to increase min-entropy per sample and throughput at a modest resource cost. Then the dissertation analyzes a type of fault attack that can be conducted by one tenant against another in a multi-tenant setting. Specifically, the fault attack is differential fault intensity analysis (DFIA), which is a biased-fault based attack on Advanced Encryption Standard (AES) circuits. Ring oscillators (ROs) are deployed as effective power wasters to cause a supply voltage drop through the shared power distribution network (PDN) of tenants. The attack is highly relevant to multi-tenant scenarios because the attacking tenant can create the voltage drop without physical access, and can precisely control the shape of the voltage drop by adjusting both the number of activated ROs and their duration as required for the attack. The voltage drop will in turn increase the delay in the logic and eventually cause specific timing faults which are analyzed to successfully recover the AES keys. In the last part, we use on-chip voltage sensors to detect the location of a target circuits. The sensing scheme leverages time-to-digital converters (TDCs) as voltage sensors, and a novel differential analysis is applied to the sensor data. In a multi-tenant setting, this method can be used either as part of a defensive scheme to monitor against attacks, or it can be used to probe a system and determine how to effectively target an attack to a particular co-tenant victim
Toatie : functional hardware description with dependent types
Describing correct circuits remains a tall order, despite four decades of evolution in Hardware Description Languages (HDLs).
Many enticing circuit architectures require recursive structures or complex compile-time computation — two patterns that prove difficult to capture in traditional HDLs. In a signal processing context, the Fast FIR Algorithm (FFA) structure for efficient parallel filtering proves to be naturally recursive, and most Multiple Constant Multiplication (MCM) blocks decompose multiplications into graphs of simple shifts and adds using demanding compile time computation. Generalised versions of both remain mostly in academic folklore. The implementations which do exist are often ad hoc circuit generators, written in software languages. These pose challenges for verification and are resistant to composition.
Embedded functional HDLs, that represent circuits as data, allow for these descriptions at the cost of forcing the designer to work at the gate-level. A promising alternative is to use a stand-alone compiler, representing circuits as plain functions, exemplified by the CλaSH HDL. This, however, raises new challenges in capturing a circuit’s staging — which expressions in the single language should be reduced during compile-time elaboration, and which should remain in the circuit’s run-time? To better reflect the physical separation between circuit phases, this work proposes a new functional HDL (representing circuits as functions) with first-class staging constructs.
Orthogonal to this, there are also long-standing challenges in the verification of parameterised circuit families. Industry surveys have consistently reported that only a slim minority of FPGA projects reach production without non-trivial bugs. While a healthy growth in the adoption of automatic formal methods is also reported, the majority of testing remains dynamic — presenting difficulties for testing entire circuit families at once.
This research offers an alternative verification methodology via the combination of dependent types and automatic synthesis of user-defined data types. Given precise enough types for synthesisable data, this environment can be used to develop circuit families with full functional verification in a correct-by-construction fashion. This approach allows for verification of entire circuit families (not just one concrete member) and side-steps the state-space explosion of model checking methods. Beyond the existing work, this research offers synthesis of combinatorial circuits — not just a software model of their behaviour. This additional step requires careful consideration of staging, erasure & irrelevance, deriving bit representations of user-defined data types, and a new synthesis scheme.
This thesis contributes steps towards HDLs with sufficient expressivity for awkward, combinatorial signal processing structures, allowing for a correct-by-construction approach, and a prototype compiler for netlist synthesis.Describing correct circuits remains a tall order, despite four decades of evolution in Hardware Description Languages (HDLs).
Many enticing circuit architectures require recursive structures or complex compile-time computation — two patterns that prove difficult to capture in traditional HDLs. In a signal processing context, the Fast FIR Algorithm (FFA) structure for efficient parallel filtering proves to be naturally recursive, and most Multiple Constant Multiplication (MCM) blocks decompose multiplications into graphs of simple shifts and adds using demanding compile time computation. Generalised versions of both remain mostly in academic folklore. The implementations which do exist are often ad hoc circuit generators, written in software languages. These pose challenges for verification and are resistant to composition.
Embedded functional HDLs, that represent circuits as data, allow for these descriptions at the cost of forcing the designer to work at the gate-level. A promising alternative is to use a stand-alone compiler, representing circuits as plain functions, exemplified by the CλaSH HDL. This, however, raises new challenges in capturing a circuit’s staging — which expressions in the single language should be reduced during compile-time elaboration, and which should remain in the circuit’s run-time? To better reflect the physical separation between circuit phases, this work proposes a new functional HDL (representing circuits as functions) with first-class staging constructs.
Orthogonal to this, there are also long-standing challenges in the verification of parameterised circuit families. Industry surveys have consistently reported that only a slim minority of FPGA projects reach production without non-trivial bugs. While a healthy growth in the adoption of automatic formal methods is also reported, the majority of testing remains dynamic — presenting difficulties for testing entire circuit families at once.
This research offers an alternative verification methodology via the combination of dependent types and automatic synthesis of user-defined data types. Given precise enough types for synthesisable data, this environment can be used to develop circuit families with full functional verification in a correct-by-construction fashion. This approach allows for verification of entire circuit families (not just one concrete member) and side-steps the state-space explosion of model checking methods. Beyond the existing work, this research offers synthesis of combinatorial circuits — not just a software model of their behaviour. This additional step requires careful consideration of staging, erasure & irrelevance, deriving bit representations of user-defined data types, and a new synthesis scheme.
This thesis contributes steps towards HDLs with sufficient expressivity for awkward, combinatorial signal processing structures, allowing for a correct-by-construction approach, and a prototype compiler for netlist synthesis