a java based component identification tool for measuring
play

A Java Based Component Identification Tool for Measuring Circuit - PowerPoint PPT Presentation

Apr 05, 2024 •26 likes •216 views

A Java Based Component Identification Tool for Measuring Circuit Protections James D. Parham J. Todd McDonald Michael R. Grimaila Yong C. Kim 1 Background Program Protection Software (programs) are the 1s and 0s representing language

  1. A Java Based Component Identification Tool for Measuring Circuit Protections James D. Parham J. Todd McDonald Michael R. Grimaila Yong C. Kim 1

  2. Background – Program Protection • Software (programs) are the 1s and 0s representing language statements able to execute on hardware processors [1] • Circuits implemented using Field Programmable Gate Arrays (FPGAs) are essentially programs • Embedded systems using FPGAs are able to realize circuits consisting of many different components • Gates • Controllers • Arithmetic Logic Units • Protecting circuits from adversarial attack is in turn protecting programs 2

  3. Background - Motivation • Reverse engineering of Mifare Classic RFID tag • Dutch government previously invested over $2 billion in new transit ticketing system • Nohl et al. exposed transistors to identify gate level structures [3] • From gate level structures components are identifiable • Revealed cryptographic keys enabling free access to Dutch transit system 3

  4. Background - Motivation • Reverse engineering of Mifare Classic RFID tag • Dutch government previously invested over $2 billion in new transit ticketing system 2 NAND INV 2 NAND 2 NAND INV 2 NAND • Nohl et al. exposed transistors to identify gate level AOI AOI AOI structures [3] • From gate level structures INV components are identifiable • Revealed cryptographic keys 2 NOR enabling free access to Dutch 3 NAND INV INV INV transit system 4

  5. Background - Problem Statement • 2009 DoD procurement and R&D budget over $182 billion • An adversary with access to critical technologies may use them against the United States • Defeat systems that ensure national security • Develop equivalent systems faster and cheaper • We must develop a method for measuring the strength of protection applied to an individual circuit • Component identification tools provide measure of protection against component identification • No component identification tool exists in our protection tool kit 5

  6. Background – Modeling Circuits • A Directed Acyclic Graph G is a triple consisting of a vertex set V(G) , an edge set E(G) and a relation representing each edge with its endpoints • Each vertex, with its shape and color, represents a logic gate • Each edge represents a connection between them • Directed indicates edge signal flow in only one direction 3 input 1 Output Circuit Circuit Schematic Graph Representation Output Input AND NAND XNOR NOT BUFF OR XOR NOR 6

  7. Background – Candidate Enumeration • Enumerating all candidate subcircuits is intractable for even small circuits • Upper bound is n! where n is the number of circuit gates • White et al. in their publication entitled, “Candidate Subcircuits For Functional Module Identification In Logic Circuits” outlines a candidate subcircuit enumeration algorithm [2] • Enables candidate enumeration • No source code available for our use • We implemented in Java using our interpretation • Complexity O(n 3 ) 7

  8. Component Identification Tool • Provide circuit of interest to Step 0: Circuit in Bench component ID tool format • Identify candidate cut sets for comparison against known library Step 1: Identify modules Candidates • Compare candidate using truth table analysis Step 2: Known • Only compare candidates with Compare Library Candidate matching I/O space • Input and output order may require permuting for matching Yes Reduce Components • Check if any components Identified? Circuit identified No • Yes - Circuit reduced then steps 1 and 2 repeated Identified • No – Search terminates Components 8

  9. Component Identification Tool - Identify Candidates Step 1 • Enumeration begins with the highest index in the circuit. In this case Out23 • This becomes the index of the subgraph • Vertices are “looked” at in decreasing order Creation Path = {23} Input Output NAND 9

  10. Component Identification Tool - Identify Candidates Step 1 • No rule violations • Candidate subcircuit Creation Path = {23,19,16,22,10} Reachable Frontier = {11,7,3,2,1} Input Output NAND 10

  11. Component Identification Tool - Identify Candidates Step 1 • No rule violations • Candidate subcircuit Creation Path = {23,19,16,22,10,11,7,2} Reachable Frontier = {6,3,1} Input Output NAND 11

  12. Component Identification Tool - Identify Candidates Step 1 • No rule violations • The candidate subcircuit is the actual circuit Creation Path = {23,19,16,22,10,11,7,2,6,3,1}  Reachable Frontier = { } Gate Legend Input Output NAND 12

  13. Component Identification Tool - Identify Candidates Step 1 • Example with two rule violations • Vertex four violates rule three because only one of its successors is contained in the highlighted subgraph • Vertex five violates rule two because only one of its predecessors is contained in the subgraph Gate Legend Input Output NAND 13

  14. Component Identification Tool – Compare Candidates Step 2 • Created custom benchmark set containing 16 components • Input and output size no greater than size six • Used for constructing larger test circuits and verifying component comparison • Candidate with I/O space matching component from known library compared using truth table analysis • Comparison runtime O(n!m!) where n is input size and m is output size 14

  15. Component Identification Tool – ISCAS-85 16-Bit Multiplier (C6288) • 32 input 32 output test circuit • Composed of 224 full adder components and 16 half adder components • All components identified with a single pass in 1.167 Component Topology – minutes using search Each block is either full set {12,11} or half adder 15

  16. Component Identification Tool – Circuit with Large I/O Space • Largest test circuit has 70 inputs 28 outputs and contain 1374 gates • All 26 components identified with 4 passes in 40.58 minutes using search set {145,103,76, 41,27,18,11,9} 16

  17. Component Identification Tool – Measuring Circuit Protection • Three variants of C6288 produced and component identification ran to measure circuit protection C6288 Variant Gate Size Components Identification Identified Time Unprotected 2448 100% 18.8 Minutes Variant One 2468 92% 18.9 Minutes Variant Two 5784 .02% 44.5 Minutes Variant Three 7052 0 54.3 Minutes 17

  18. Questions… 18

  19. Bibliography 1. Kim, Yong C. and Lt. Col. J. Todd McDonald. “Considering Software Protection for Embedded Systems”. Crosstalk The Journal of Defense Software Engineering, 22(6):4-8, 2009. 2. White, J. L., Wojcik, A. S., Chung, M., and Doom, T. E. 2000. Candidate subcircuits for functional module identification in logic circuits. In Proceedings of the 10th Great Lakes Symposium on VLSI (Chicago, Illinois, United States, March 02 - 04, 2000). GLSVLSI '00. ACM, New York, NY, 34-38. DOI= http://doi.acm.org/10.1145/330855.332575 4. Nohl, Karsten, David Evans, Starbug Starbug, and Henryk PlÄotz. \Reverse- engineering a cryptographic RFID tag". SS'08: Proceedings of the 17th conference on Security symposium, 185{193. USENIX Association, Berkeley, CA, USA, 2008. 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The 1 st science-based talent identification tool for predictive recruitment in football

The 1 st science-based talent identification tool for predictive recruitment in football

APPLIED BEHAVIOURAL SCIENCES The 1 st science-based talent identification tool for predictive recruitment in football CONFIDENTIAL WHAT IF YOU COULD IDENTIFY TODAY THE MESSIs AND RONALDOs OF TOMORROW? THE ISSUE > Worldwide

234 views • 12 slides
Java Beans Acknowledgements:Most slides courtesy of Jens Gustavsson, Mikhail Chalabine, Peter

Java Beans Acknowledgements:Most slides courtesy of Jens Gustavsson, Mikhail Chalabine, Peter

TDDD05 Component-Based Software Java Beans Acknowledgements:Most slides courtesy of Jens Gustavsson, Mikhail Chalabine, Peter Bunus Outline What a Java Bean component is Similarities and differences between beans and regular objects How to

580 views • 28 slides
Quantitation and Identification Quantitation and Identification of Urine Mucopolysaccharides of

Quantitation and Identification Quantitation and Identification of Urine Mucopolysaccharides of

Quantitation and Identification Quantitation and Identification of Urine Mucopolysaccharides of Urine Mucopolysaccharides George Gray MetBioNet Workshop 2008 The Big Questions What are we measuring? What are we measuring? Where does

670 views • 34 slides
RemoveYoung (RY) A tool for the removal of the young stellar component within an adjustable age

RemoveYoung (RY) A tool for the removal of the young stellar component within an adjustable age

RemoveYoung (RY) A tool for the removal of the young stellar component within an adjustable age cutoff (based on Gomes & Papaderos 2016, A&A, 594, A49) Polychronis Papaderos and Jean Michel Gomes Institute of Astrophysics and Space

784 views • 28 slides
Event Based Programming Check out EventBasedProgramming from SVN Exam 2 is less than 2 weeks away!

Event Based Programming Check out EventBasedProgramming from SVN Exam 2 is less than 2 weeks away!

Event Based Programming Check out EventBasedProgramming from SVN Exam 2 is less than 2 weeks away! First day of 8 th week Layout in Java windows JFrames add(Component c) method Adds a new component to be drawn Throws out the old

238 views • 23 slides
Combination of Independent Component Analysis and statistical modeling for the identification of

Combination of Independent Component Analysis and statistical modeling for the identification of

Combination of Independent Component Analysis and statistical modeling for the identification of metabonomic biomarkers Rjane Rousseau (Institut de Statistique, UCL, Belgium) Joint work with Bernadette Govaerts and Michel Verleysen (UCL)

591 views • 39 slides
ACOUSTIC EMISSION FOR IDENTIFICATION OF THE DOMINANT STRESS COMPONENT IN POLYMER COMPOSITES AT

ACOUSTIC EMISSION FOR IDENTIFICATION OF THE DOMINANT STRESS COMPONENT IN POLYMER COMPOSITES AT

ACOUSTIC EMISSION FOR IDENTIFICATION OF THE DOMINANT STRESS COMPONENT IN POLYMER COMPOSITES AT EARLY LOADS 1 ST INTERNATIONAL ELECTRONIC CONFERENCE ON APPLIED SCIENCES Kalliopi-Artemi Kalteremidou, Dimitrios G. Aggelis, Danny Van Hemelrijck and

307 views • 28 slides
1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i < 100;

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i < 100;

The Java programming environment Introduction to JVM Based on material produced by Bill Venners 1 2 The Java platform The role of the virtual machime byte code generated by the Java front-end is an intermediate representation (IR)

834 views • 3 slides
Learning the Java Language Based on The Java Tutorial

Learning the Java Language Based on The Java Tutorial

Learning the Java Language Based on The Java Tutorial (http://docs.oracle.com/javase/tutorial/java/) Bryn Mawr College CS206 Intro to Data Structures Language Basics Variables Operators Expressions, Statements and Blocks

415 views • 20 slides
Java Input/Output 6 May 2019 OSU CSE 1 Overview The Java I/O (Input/Output) package java.io

Java Input/Output 6 May 2019 OSU CSE 1 Overview The Java I/O (Input/Output) package java.io

Java Input/Output 6 May 2019 OSU CSE 1 Overview The Java I/O (Input/Output) package java.io contains a group of interfaces and classes similar to the OSU CSE components SimpleReader and SimpleWriter component families Except that

855 views • 69 slides
Java Swing 2020/3/21 Java Swing Used to create Window-based applications Part of Java

Java Swing 2020/3/21 Java Swing Used to create Window-based applications Part of Java

Poly- mor- phism Abstra ction Class OOP Inheri -tance En- capsu- lation Kuan-Ting Lai Java Swing 2020/3/21 Java Swing Used to create Window-based applications Part of Java Foundation Classes (JFC) Platform-independent

889 views • 21 slides
Measuring the Measuring the Benefits of Income- B Based Repayment d R t for Graduate and

Measuring the Measuring the Benefits of Income- B Based Repayment d R t for Graduate and

Measuring the Measuring the Benefits of Income- B Based Repayment d R t for Graduate and for Graduate and Professional St d Students t Jason Delisle, Alex Holt, & Kristin Blagg gg New America Foundation Rationale for

864 views • 17 slides
Java Performance : Measuring and Tuning Nataraja Neelakanta Overview Most of the applications

Java Performance : Measuring and Tuning Nataraja Neelakanta Overview Most of the applications

Java Performance : Measuring and Tuning Nataraja Neelakanta Overview Most of the applications today are designed and developed for simultaneous use by a large number of users. At times there are underlying problems in the code,

509 views • 27 slides
Game Bot Identification Game Bot Identification based on Manifold Learning based on Manifold

Game Bot Identification Game Bot Identification based on Manifold Learning based on Manifold

Game Bot Identification Game Bot Identification based on Manifold Learning based on Manifold Learning Kuan Ta Chen Academia Sinica Hsing Kuo Pao NTUST Hong Chung Chang NTUST ACM NetGames 2008 Game Bots Game bots: automated AI programs

371 views • 36 slides
Measuring Time from Identification of a New Risk to Regulatory Action: Focus on Signaling Tools

Measuring Time from Identification of a New Risk to Regulatory Action: Focus on Signaling Tools

Measuring Time from Identification of a New Risk to Regulatory Action: Focus on Signaling Tools and Processes 06 December 2016 Amie Goulbourne, MPH, MT(ASCP) Safety & Benefit Risk Management (SABR) Biogen, Inc. Disclaimer: The information

119 views • 9 slides
Enterprise Java Beans (EJB) MIE456 Tutorial Agenda What is EJB How does EJB work?

Enterprise Java Beans (EJB) MIE456 Tutorial Agenda What is EJB How does EJB work?

Enterprise Java Beans (EJB) MIE456 Tutorial Agenda What is EJB How does EJB work? What are the benefits of using EJB 1 What is EJB? A component architecture A component model For developing object-oriented distributed

352 views • 12 slides
Circuits and Gates 15-110 Wednesday 09/16 Learning Goals Translate Boolean expressions to

Circuits and Gates 15-110 Wednesday 09/16 Learning Goals Translate Boolean expressions to

Circuits and Gates 15-110 Wednesday 09/16 Learning Goals Translate Boolean expressions to truth tables and circuits Translate circuits to truth tables and Boolean expressions Recognize how addition is done at the circuit level

441 views • 33 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
Electric Current The amount of charge that flows by per unit time. Q I t

Electric Current The amount of charge that flows by per unit time. Q I t

Electric Current The amount of charge that flows by per unit time. Q I t Steady state A system (e.g. circuit) is in the steady state when the current at each point in the circuit is constant (does not change with

223 views • 11 slides
The Governing Equation of an LRC Series Circuit Bernd Schr oder logo1 Bernd Schr oder

The Governing Equation of an LRC Series Circuit Bernd Schr oder logo1 Bernd Schr oder

The Parts The Equation The Governing Equation of an LRC Series Circuit Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science The Governing Equation of an LRC Series Circuit The Parts The

584 views • 12 slides
Spiral 1 / Unit 4 Verilog HDL Mark Redekopp OVERVIEW 1-4.3 1-4.4 Digital Circuit Design Steps

Spiral 1 / Unit 4 Verilog HDL Mark Redekopp OVERVIEW 1-4.3 1-4.4 Digital Circuit Design Steps

1-4.1 1-4.2 Spiral 1 / Unit 4 Verilog HDL Mark Redekopp OVERVIEW 1-4.3 1-4.4 Digital Circuit Design Steps Digital Circuit Design Description Input Design and computer-entry of circuit Stimulus (Testbench) Verification

357 views • 12 slides
CMSC250 Fall 2018 Circuits 1 CMSC 250 Logic == Math? What calculations can we do with logic?

CMSC250 Fall 2018 Circuits 1 CMSC 250 Logic == Math? What calculations can we do with logic?

CMSC250 Fall 2018 Circuits 1 CMSC 250 Logic == Math? What calculations can we do with logic? Add, subtract, multiply? George Boole 1800s. Boolean logic Claude Shannon 1937. Logic == circuits == math T = 1 p v q == p+q p v ~q

323 views • 18 slides
Search-based Transformation Synthesis for 3-valued Reversible Circuits D. Michael Miller* and

Search-based Transformation Synthesis for 3-valued Reversible Circuits D. Michael Miller* and

Search-based Transformation Synthesis for 3-valued Reversible Circuits D. Michael Miller* and Gerhard W. Dueck** *University of Victoria Victoria, BC Canada **University of New Brunswick Fredericton, NB, Canada Reversible Computation 2020

337 views • 23 slides
Self Synchronous Circuits for Error Robust Operation in Sub-100nm Processes Benjamin Devlin 1 ,

Self Synchronous Circuits for Error Robust Operation in Sub-100nm Processes Benjamin Devlin 1 ,

Self Synchronous Circuits for Error Robust Operation in Sub-100nm Processes Benjamin Devlin 1 , Makoto Ikeda 1,2 , Kunihiro Asada 1,2 1 Dept. of Electronic Engineering, University of Tokyo 2 VLSI Design and Education Center (VDEC), University of

591 views • 40 slides

More recommend