LO-FAT: Low-Overhead Control Flow ATtestation in Hardware

Attacks targeting software on embedded systems are becoming increasingly prevalent. Remote attestation is a mechanism that allows establishing trust in embedded devices. However, existing attestation schemes are either static and cannot detect control-flow attacks, or require instrumentation of software incurring high performance overheads. To overcome these limitations, we present LO-FAT, the first practical hardware-based approach to control-flow attestation. By leveraging existing processor hardware features and commonly-used IP blocks, our approach enables efficient control-flow attestation without requiring software instrumentation. We show that our proof-of-concept implementation based on a RISC-V SoC incurs no processor stalls and requires reasonable area overhead.Comment: Authors' pre-print version to appear in DAC 2017 proceeding

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

Security of Systems on Chip

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.In recent years, technology has started to evolve to become more power efficient, powerful in terms of processors and smaller in size. This evolution of electronics has led microprocessors and other components to be merged to form a circuit called System-on-Chip. If we are to make a vast and cursory comparison between SoC and microcontrollers, microprocessors, and CPUs; we would come to the conclusion of SoCs being a single chip, doing all the things the other components can do yet without needing any external parts. So SoCs are computers just by themselves. Furthermore, SoCs have more memory than microcontrollers in general. Being a computer just by themselves allows them also to become servers. Nowadays, an SoC may be regarded also as a Server-on-Chi

Automated Debugging Methodology for FPGA-based Systems

Electronic devices make up a vital part of our lives. These are seen from mobiles, laptops, computers, home automation, etc. to name a few. The modern designs constitute billions of transistors. However, with this evolution, ensuring that the devices fulfill the designer’s expectation under variable conditions has also become a great challenge. This requires a lot of design time and effort. Whenever an error is encountered, the process is re-started. Hence, it is desired to minimize the number of spins required to achieve an error-free product, as each spin results in loss of time and effort. Software-based simulation systems present the main technique to ensure the verification of the design before fabrication. However, few design errors (bugs) are likely to escape the simulation process. Such bugs subsequently appear during the post-silicon phase. Finding such bugs is time-consuming due to inherent invisibility of the hardware. Instead of software simulation of the design in the pre-silicon phase, post-silicon techniques permit the designers to verify the functionality through the physical implementations of the design. The main benefit of the methodology is that the implemented design in the post-silicon phase runs many order-of-magnitude faster than its counterpart in pre-silicon. This allows the designers to validate their design more exhaustively. This thesis presents five main contributions to enable a fast and automated debugging solution for reconfigurable hardware. During the research work, we used an obstacle avoidance system for robotic vehicles as a use case to illustrate how to apply the proposed debugging solution in practical environments. The first contribution presents a debugging system capable of providing a lossless trace of debugging data which permits a cycle-accurate replay. This methodology ensures capturing permanent as well as intermittent errors in the implemented design. The contribution also describes a solution to enhance hardware observability. It is proposed to utilize processor-configurable concentration networks, employ debug data compression to transmit the data more efficiently, and partially reconfiguring the debugging system at run-time to save the time required for design re-compilation as well as preserve the timing closure. The second contribution presents a solution for communication-centric designs. Furthermore, solutions for designs with multi-clock domains are also discussed. The third contribution presents a priority-based signal selection methodology to identify the signals which can be more helpful during the debugging process. A connectivity generation tool is also presented which can map the identified signals to the debugging system. The fourth contribution presents an automated error detection solution which can help in capturing the permanent as well as intermittent errors without continuous monitoring of debugging data. The proposed solution works for designs even in the absence of golden reference. The fifth contribution proposes to use artificial intelligence for post-silicon debugging. We presented a novel idea of using a recurrent neural network for debugging when a golden reference is present for training the network. Furthermore, the idea was also extended to designs where golden reference is not present

Using embedded hardware monitor cores in critical computer systems

The integration of FPGA devices in many different architectures and services makes monitoring and real time detection of errors an important concern in FPGA system design. A monitor is a tool, or a set of tools, that facilitate analytic measurements in observing a given system. The goal of these observations is usually the performance analysis and optimisation, or the surveillance of the system. However, System-on-Chip (SoC) based designs leave few points to attach external tools such as logic analysers. Thus, an embedded error detection core that allows observation of critical system nodes (such as processor cores and buses) should enforce the operation of the FPGA-based system, in order to prevent system failures. The core should not interfere with system performance and must ensure timely detection of errors. This thesis is an investigation onto how a robust hardware-monitoring module can be efficiently integrated in a target PCI board (with FPGA-based application processing features) which is part of a critical computing system. [Continues.

The Design of a Debugger Unit for a RISC Processor Core

Recently, there has been a significant increase in design complexity for Embedded Systems often referred to as Hardware Software Co-Design. Complexity in design is due to both hardware and firmware closely coupled together in-order to achieve features for low power, high performance and low area. Due to these demands, embedded systems consist of multiple interconnected hardware IPs with complex firmware algorithms running on the device. Often such designs are available in bare-metal form, i.e without an Operating System, which results in difficulty while debugging due to lack of insight into the system. As a result, development cycle and time to market are increased. One of the major challenges for bare-metal design is to capture internal data required during debugging or testing in the post silicon validation stage effectively and efficiently. Post-silicon validation can be performed by leveraging on different technologies such as hardware software co-verification using hardware accelerators, FPGA emulation, logic analyzers, and so on which reduces the complete development cycle time. This requires the hardware to be instrumented with certain features which support debugging capabilities. As there is no standard for debugging capabilities and debugging infrastructure, it completely depends on the manufacturer to manufacturer or designer to designer. This work aims to implement minimum required features for debugging a bare-metal core by instrumenting the hardware compatible for debugging. It takes into consideration the fact that for a single core bare-metal embedded systems silicon area is also a constraint and there must be a trade-off between debugging capabilities which can be implemented in hardware and portions handled in software. The paper discusses various debugging approaches developed and implemented on various processor platforms and implements a new debugging infrastructure by instrumenting the Open-source AMBER 25 core with a set of debug features such as breakpoints, current state read, trace and memory access. Interface between hardware system and host system is designed using a JTAG standard TAP controller. The resulting design can be used in debugging and testing during post silicon verification and validation stages. The design is synthesized using Synopsys Design Compiler targeting a 65 nm technology node and results are compared for the instrumented and non-instrumented system

A comprehensive approach to MPSoC security: achieving network-on-chip security : a hierarchical, multi-agent approach

Multiprocessor Systems-on-Chip (MPSoCs) are pervading our lives, acquiring ever increasing relevance in a large number of applications, including even safety-critical ones. MPSoCs, are becoming increasingly complex and heterogeneous; the Networks on Chip (NoC paradigm has been introduced to support scalable on-chip communication, and (in some cases) even with reconfigurability support. The increased complexity as well as the networking approach in turn make security aspects more critical. In this work we propose and implement a hierarchical multi-agent approach providing solutions to secure NoC based MPSoCs at different levels of design. We develop a flexible, scalable and modular structure that integrates protection of different elements in the MPSoC (e.g. memory, processors) from different attack scenarios. Rather than focusing on protection strategies specifically devised for an individual attack or a particular core, this work aims at providing a comprehensive, system-level protection strategy: this constitutes its main methodological contribution. We prove feasibility of the concepts via prototype realization in FPGA technology

Enabling Automated Bug Detection for IP-based Designs using High-Level Synthesis

Modern System-on-Chip (SoC) architectures are increasingly composed of Intellectual Property (IP) blocks, usually designed and provided by different vendors. This burdens system designers with complex system-level integration and verification. In this paper, we propose an approach that leverages HLS techniques to automatically find bugs in designs composed of multiple IP blocks. Our method is particularly suitable for industrial adoption because it works without exposing sensitive information (e.g., the design specification or the component generation process). This advocates the definition and the adoption of an interoperable format for cross-vendor hardware bug detection

Analysis and optimization of a debug post-silicon hardware architecture

The goal of this thesis is to analyze the post-silicon validation hardware infrastructure implemented on multicore systems taking as an example Esperanto Technologies SoC, which has thousands of RISC-V processors and targets specific software applications. Then, based on the conclusions of the analysis, the project proposes a new post-silicon debug architecture that can fit on any System on-Chip without depending on its target application or complexity and that optimizes the options available on the market for multicore systems

OCD-FI, On-Chip Debugging and Fault Injection for validating microprocessor based dependable systems

This paper proposes a set of modifications to theon-chip debugging infrastructures present in manyactual microprocessor cores, with the objective ofsupporting the validation and verification steps offault-tolerant mechanisms through fault injectioncampaigns. A synthesisable microprocessor core forprogrammable components was used as a targetsystem an. a debugging infrastructure compliantwith the NEXUS 5001 proposed standard for onchipdebugging was implemented on this target. Toimprove the process of real-time memory faultinjection, an upgraded infrastructure designated asOn-Chip Debugging and Fault Injection (OCD-FI)was developed. The complete system was analysedin terms of area overhead and fault injectioncapabilities and performance. All elements weredesigned as synthesizable VHDL modules andevaluated in simulation