building fault models for microcontrollers
play

Building fault models for microcontrollers Albert Spruyt - PowerPoint PPT Presentation

Oct 06, 2023 •29 likes •209 views

Building fault models for microcontrollers Albert Spruyt aspruyt@os3.nl University of Amsterdam July 5, 2012 Introduction Goal: Create a method to model the effects of voltage glitches on microcontrollers. Voltage glitching: Introduction

  1. Building fault models for microcontrollers Albert Spruyt aspruyt@os3.nl University of Amsterdam July 5, 2012

  2. Introduction Goal: Create a method to model the effects of voltage glitches on microcontrollers. Voltage glitching: Introduction of faults by controlling voltages. Talk will focus on results instead of methodology.

  3. Applications Control over running code: • Bypassing PIN/password protection • Key retrieval • Extraction of firmware • Retrieval of user data for evidence

  4. Investigation process Figure: Investigation process 1 1 Source: Dr. M. Worring

  5. Setup Figure: Setup schematic

  6. Target Atmel XMEGA64A3 • 8-bit data path • RISC architecture • Harvard architecture • Two stage pipeline Figure: XMEGA A3 a • Clock speed of up to 32 Mhz a Source: mcuzone.com

  7. Timing profile Figure: Independent glitch profile.(Red: glitch signal Blue: Vcc)

  8. Instrumentation • Initialize peripherals/variables • Set trigger • Critical section/test • Clear trigger • Send state: • General purpose registers • Status register • Stack pointer • Memory

  9. Instruction/glitch timing Figure: Glitch timing and instruction execution

  10. Instructions • ALU operations • Flow control • Load and store

  11. Results: ALU Operations Not executed Corrupted registers • Different registers • Lower registers Registers initialized to zero High chance of a zero result

  12. Results: Flow control Not executed Unexpected branches To different location • Jump is smaller • Always forwards

  13. Results: Load and store Not executed Incorrect address • Lower address • Sometimes not from SRAM Memory initialized to zero

  14. Fault model Glitches are more likely to: • Affect the fetch stage • Jump forward • Use a lower register • Use lower memory Figure: Multiply instruction address encoding • Transition 1 bits to 0

  15. Attack model • Do not execute Example: instructions hash = sha1Hash(password); • Jump to a different if(memcmp(hash,correct,20)==0) location sendFirmware(); • Corrupt calculations else • Load/store incorrect error("incorrectpassword"); values

  16. Conclusion • Create a method for building fault models • Method is described in paper • XMEGA fault model

  17. Questions? ?

  18. References [1] J. Balasch, B. Gierlichs, and I. Verbauwhede. “An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs”. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2011 Workshop on . IEEE. 2011, pp. 105–114. [2] I. Kizhvatov. “Side channel analysis of AVR XMEGA crypto engine”. In: Proceedings of the 4th Workshop on Embedded Systems Security . ACM. 2009, p. 8.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

8/1/2012 Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too many. Not possible to consider individually. Difficult to count and analyze. Some logical fault models are considered. A fault

493 views • 15 slides
AVR Microcontrollers- Introduction AVR Microcontrollers Widely-used microcontroller

AVR Microcontrollers- Introduction AVR Microcontrollers Widely-used microcontroller

Microprocessors, Lecture 3: AVR Microcontrollers- Introduction AVR Microcontrollers Widely-used microcontroller Different families Based on the application and Flash memory capacity Classic AVR e.g. AT90S2313, AT90S4433

704 views • 27 slides
Developing Fault Models for Nanowire Logic Circuits D. Gil, D. de Andrs , J.-C. Ruiz, P. Gil {

Developing Fault Models for Nanowire Logic Circuits D. Gil, D. de Andrs , J.-C. Ruiz, P. Gil {

Developing Fault Models for Nanowire Logic Circuits D. Gil, D. de Andrs , J.-C. Ruiz, P. Gil { dgil, ddandres, jcruizg, pgil} @disca.upv.es 2 Outline Introduction NW-based logic circuits Fault models at device level Fault

522 views • 25 slides
MICROCONTROLLERS Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 ,

MICROCONTROLLERS Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 ,

ELECTROMAGNETIC FAULT INJECTION ON MICROCONTROLLERS Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies Alternatives 2 ENSM.SE Ecole

589 views • 25 slides
Towards an Automated Fault Localizer while Designing Meta-models Adel Ferdjoukh and Jean-Marie

Towards an Automated Fault Localizer while Designing Meta-models Adel Ferdjoukh and Jean-Marie

Towards an Automated Fault Localizer while Designing Meta-models Adel Ferdjoukh and Jean-Marie Mottu MDEbug@MODELS 2018, Copenhagen (Kbenhavn) null Motivation Automated fault localization Tooling Ideas for improving Conclusion Synopsis 1

586 views • 25 slides
to of Microcontrollers ECE Senior Design 9 February 2017 Popular Microcontrollers 8051

to of Microcontrollers ECE Senior Design 9 February 2017 Popular Microcontrollers 8051

Introduction review to of Microcontrollers ECE Senior Design 9 February 2017 Popular Microcontrollers 8051 Intel then Everyone (8-bit old ) PIC Microchip (8, 16 & 32bit) AVR Atmel (8 & 32bit) MSP430 TI

288 views • 5 slides
Testing and Boundary Scan Roth text: Chapter 10.1 10.4 Digital circuit fault models

Testing and Boundary Scan Roth text: Chapter 10.1 10.4 Digital circuit fault models

Testing and Boundary Scan Roth text: Chapter 10.1 10.4 Digital circuit fault models Stuck-at fault: gate input/output appears to be always = logic 1 (stuck-at-1) or 0 (stuck at 0) Bridging fault: signal on one wire affects state

507 views • 25 slides
For Microcontrollers Pete Warden Engineer, TensorFlow What are we building? Demo Goals: Tiny

For Microcontrollers Pete Warden Engineer, TensorFlow What are we building? Demo Goals: Tiny

For Microcontrollers Pete Warden Engineer, TensorFlow What are we building? Demo Goals: Tiny Framework that fits in 5KB of RAM, 20KB of Flash - Speech demo with 30KB of RAM, 40KB of Flash - Goals: Compatible Uses TensorFlow Lite APIs and

257 views • 22 slides
Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

1/21/2014 Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction Kewal K.Saluja Kewal K Saluja Fault models at different levels (HW) Department of Electrical and Computer Engineering Error

304 views • 5 slides
Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing Dong1, Zheng ONeill2 1 University of T exas, San Antonio, TX, USA 2 University of Alabama, AL, USA The work was done at the United Technologies

275 views • 14 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Building Near Faults: Soil-Fault-Structure Interaction Nicolas K. Oettle, Ph.D., P.E.

Building Near Faults: Soil-Fault-Structure Interaction Nicolas K. Oettle, Ph.D., P.E.

Building Near Faults: Soil-Fault-Structure Interaction Nicolas K. Oettle, Ph.D., P.E. Acknowledgements Jonathan D. Bray, Ph.D., P.E. University of California, Berkeley Funding: National Science Foundation Grant No. 926473 Overview

922 views • 47 slides
Analytics Software for Energy Management and Building Systems Optimization and Equipment Fault

Analytics Software for Energy Management and Building Systems Optimization and Equipment Fault

Analytics Software for Energy Management and Building Systems Optimization and Equipment Fault Detection Data is the Driver We now have access to data lots of it! Building automation system data Utility data Metering data

558 views • 33 slides
Estimation and Fault Diagnostics of Battery PDE Models Scott Moura Assistant Professor | eCAL

Estimation and Fault Diagnostics of Battery PDE Models Scott Moura Assistant Professor | eCAL

Estimation and Fault Diagnostics of Battery PDE Models Scott Moura Assistant Professor | eCAL Director University of California, Berkeley Rensselaer Polytechnic Institute (RPI) Scott Moura | UC Berkeley Battery ID, Fault Diagnostics, &

1.25k views • 90 slides
Building a Fault- Building a Fault- Tolerant Distributed Tolerant Distributed System with

Building a Fault- Building a Fault- Tolerant Distributed Tolerant Distributed System with

Building a Fault- Building a Fault- Tolerant Distributed Tolerant Distributed System with System with zookeepertcl zookeepertcl Tcl Conference 2018 Tcl Conference 2018 Garrett McGrath Garrett McGrath /whois /whois /whois /whois

1.43k views • 125 slides
2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

1 Self Healing Network (Centralized Restoration Gateway) IEEE PES 2015 General Meeting 2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The operator makes switching decisions Automatic Fault Location

724 views • 22 slides
ANYWAVE August 2014 PRESENTATION TITLE: RF Transmitter Amplifiers June 2014 Contents TV

ANYWAVE August 2014 PRESENTATION TITLE: RF Transmitter Amplifiers June 2014 Contents TV

ANYWAVE August 2014 PRESENTATION TITLE: RF Transmitter Amplifiers June 2014 Contents TV Transmitter Amplifier designs Performance (A discussion on SNR, EVM and MER) Distortions in TV Transmitters About Anywave Q&A Amplifier Designs

954 views • 60 slides
Tools of the trade for small cell backhaul The essential role of wireless technologies Dr John

Tools of the trade for small cell backhaul The essential role of wireless technologies Dr John

www.cbnl.com Tools of the trade for small cell backhaul The essential role of wireless technologies Dr John Naylon CTO, Cambridge Broadband Networks Limited Small Cells World Summit, 26 June 2012 Agenda Whats different about small cell

432 views • 22 slides
Tie Best Operated Landfjll in the State. -- ODEQ American Environmental Landfjll AEL

Tie Best Operated Landfjll in the State. -- ODEQ American Environmental Landfjll AEL

Tie Best Operated Landfjll in the State. -- ODEQ American Environmental Landfjll AEL prides itself on maintaining a high level of service while meeting and exceeding state and national environmental standards. Our company has repeatedly

396 views • 10 slides
Site C Clean Energy Project Regional Community Liaison Committee Project Briefing November 28,

Site C Clean Energy Project Regional Community Liaison Committee Project Briefing November 28,

Site C Clean Energy Project Regional Community Liaison Committee Project Briefing November 28, 2018 2018-2019 Site C Update Ken McKenzie Executive Vice President, Site C, BC Hydro Privileged and confidential Site C project Construction

1.02k views • 59 slides
Status of Analysis The ee WW qqln process at 1.4 TeV Andreas A. Maier 1 1 CERN January 16,

Status of Analysis The ee WW qqln process at 1.4 TeV Andreas A. Maier 1 1 CERN January 16,

Status of Analysis The ee WW qqln process at 1.4 TeV Andreas A. Maier 1 1 CERN January 16, 2018 Andreas A. Maier (CERN) Status of Analysis January 16, 2018 1 / 33 Outline Event selection figures 5 Introduction 1 Events Analysis

563 views • 33 slides
Positive Train Control Project Status Metro-North Railroad Long Island Rail Road January 28,

Positive Train Control Project Status Metro-North Railroad Long Island Rail Road January 28,

Positive Train Control Project Status Metro-North Railroad Long Island Rail Road January 28, 2014 CPOC Positive Train Control Benefits On October 16, 2008, Congress passed the Rail Safety Improvement Act of 2008 requiring implementation

523 views • 13 slides
E-203 status and future plans Nicolas Delerue on behalf

E-203 status and future plans Nicolas Delerue on behalf

E-203 status and future plans Nicolas Delerue on behalf of the collabora9on: Joanna Barros, Nicolas Delerue, Stphane Jenzer and Mlissa Vieille

419 views • 15 slides
Harnessing Wake Vortices for Efficient Collective Swimming via Deep Reinforcement Learning

Harnessing Wake Vortices for Efficient Collective Swimming via Deep Reinforcement Learning

Harnessing Wake Vortices for Efficient Collective Swimming via Deep Reinforcement Learning Siddhartha Verma With: Guido Novati and Petros Koumoutsakos CSE lab http://www.cse-lab.ethz.ch Collective Swimming Hydrodynamic benefit of

1.24k views • 27 slides

More recommend