building fault models for microcontrollers
play

Building fault models for microcontrollers Albert Spruyt - PowerPoint PPT Presentation

Oct 06, 2023 •29 likes •209 views

Building fault models for microcontrollers Albert Spruyt aspruyt@os3.nl University of Amsterdam July 5, 2012 Introduction Goal: Create a method to model the effects of voltage glitches on microcontrollers. Voltage glitching: Introduction

  1. Building fault models for microcontrollers Albert Spruyt aspruyt@os3.nl University of Amsterdam July 5, 2012

  2. Introduction Goal: Create a method to model the effects of voltage glitches on microcontrollers. Voltage glitching: Introduction of faults by controlling voltages. Talk will focus on results instead of methodology.

  3. Applications Control over running code: • Bypassing PIN/password protection • Key retrieval • Extraction of firmware • Retrieval of user data for evidence

  4. Investigation process Figure: Investigation process 1 1 Source: Dr. M. Worring

  5. Setup Figure: Setup schematic

  6. Target Atmel XMEGA64A3 • 8-bit data path • RISC architecture • Harvard architecture • Two stage pipeline Figure: XMEGA A3 a • Clock speed of up to 32 Mhz a Source: mcuzone.com

  7. Timing profile Figure: Independent glitch profile.(Red: glitch signal Blue: Vcc)

  8. Instrumentation • Initialize peripherals/variables • Set trigger • Critical section/test • Clear trigger • Send state: • General purpose registers • Status register • Stack pointer • Memory

  9. Instruction/glitch timing Figure: Glitch timing and instruction execution

  10. Instructions • ALU operations • Flow control • Load and store

  11. Results: ALU Operations Not executed Corrupted registers • Different registers • Lower registers Registers initialized to zero High chance of a zero result

  12. Results: Flow control Not executed Unexpected branches To different location • Jump is smaller • Always forwards

  13. Results: Load and store Not executed Incorrect address • Lower address • Sometimes not from SRAM Memory initialized to zero

  14. Fault model Glitches are more likely to: • Affect the fetch stage • Jump forward • Use a lower register • Use lower memory Figure: Multiply instruction address encoding • Transition 1 bits to 0

  15. Attack model • Do not execute Example: instructions hash = sha1Hash(password); • Jump to a different if(memcmp(hash,correct,20)==0) location sendFirmware(); • Corrupt calculations else • Load/store incorrect error("incorrectpassword"); values

  16. Conclusion • Create a method for building fault models • Method is described in paper • XMEGA fault model

  17. Questions? ?

  18. References [1] J. Balasch, B. Gierlichs, and I. Verbauwhede. “An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs”. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2011 Workshop on . IEEE. 2011, pp. 105–114. [2] I. Kizhvatov. “Side channel analysis of AVR XMEGA crypto engine”. In: Proceedings of the 4th Workshop on Embedded Systems Security . ACM. 2009, p. 8.

Recommend

Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

8/1/2012 Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too many. Not possible to consider individually. Difficult to count and analyze. Some logical fault models are considered. A fault

493 views • 15 slides
AVR Microcontrollers- Introduction AVR Microcontrollers Widely-used microcontroller

AVR Microcontrollers- Introduction AVR Microcontrollers Widely-used microcontroller

Microprocessors, Lecture 3: AVR Microcontrollers- Introduction AVR Microcontrollers Widely-used microcontroller Different families Based on the application and Flash memory capacity Classic AVR e.g. AT90S2313, AT90S4433

704 views • 27 slides
Developing Fault Models for Nanowire Logic Circuits D. Gil, D. de Andrs , J.-C. Ruiz, P. Gil {

Developing Fault Models for Nanowire Logic Circuits D. Gil, D. de Andrs , J.-C. Ruiz, P. Gil {

Developing Fault Models for Nanowire Logic Circuits D. Gil, D. de Andrs , J.-C. Ruiz, P. Gil { dgil, ddandres, jcruizg, pgil} @disca.upv.es 2 Outline Introduction NW-based logic circuits Fault models at device level Fault

522 views • 25 slides
MICROCONTROLLERS Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 ,

MICROCONTROLLERS Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 ,

ELECTROMAGNETIC FAULT INJECTION ON MICROCONTROLLERS Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies Alternatives 2 ENSM.SE Ecole

589 views • 25 slides
Towards an Automated Fault Localizer while Designing Meta-models Adel Ferdjoukh and Jean-Marie

Towards an Automated Fault Localizer while Designing Meta-models Adel Ferdjoukh and Jean-Marie

Towards an Automated Fault Localizer while Designing Meta-models Adel Ferdjoukh and Jean-Marie Mottu MDEbug@MODELS 2018, Copenhagen (Kbenhavn) null Motivation Automated fault localization Tooling Ideas for improving Conclusion Synopsis 1

586 views • 25 slides
to of Microcontrollers ECE Senior Design 9 February 2017 Popular Microcontrollers 8051

to of Microcontrollers ECE Senior Design 9 February 2017 Popular Microcontrollers 8051

Introduction review to of Microcontrollers ECE Senior Design 9 February 2017 Popular Microcontrollers 8051 Intel then Everyone (8-bit old ) PIC Microchip (8, 16 & 32bit) AVR Atmel (8 & 32bit) MSP430 TI

288 views • 5 slides
Testing and Boundary Scan Roth text: Chapter 10.1 10.4 Digital circuit fault models

Testing and Boundary Scan Roth text: Chapter 10.1 10.4 Digital circuit fault models

Testing and Boundary Scan Roth text: Chapter 10.1 10.4 Digital circuit fault models Stuck-at fault: gate input/output appears to be always = logic 1 (stuck-at-1) or 0 (stuck at 0) Bridging fault: signal on one wire affects state

507 views • 25 slides
For Microcontrollers Pete Warden Engineer, TensorFlow What are we building? Demo Goals: Tiny

For Microcontrollers Pete Warden Engineer, TensorFlow What are we building? Demo Goals: Tiny

For Microcontrollers Pete Warden Engineer, TensorFlow What are we building? Demo Goals: Tiny Framework that fits in 5KB of RAM, 20KB of Flash - Speech demo with 30KB of RAM, 40KB of Flash - Goals: Compatible Uses TensorFlow Lite APIs and

257 views • 22 slides
Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

1/21/2014 Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction Kewal K.Saluja Kewal K Saluja Fault models at different levels (HW) Department of Electrical and Computer Engineering Error

304 views • 5 slides
Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing Dong1, Zheng ONeill2 1 University of T exas, San Antonio, TX, USA 2 University of Alabama, AL, USA The work was done at the United Technologies

275 views • 14 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Building Near Faults: Soil-Fault-Structure Interaction Nicolas K. Oettle, Ph.D., P.E.

Building Near Faults: Soil-Fault-Structure Interaction Nicolas K. Oettle, Ph.D., P.E.

Building Near Faults: Soil-Fault-Structure Interaction Nicolas K. Oettle, Ph.D., P.E. Acknowledgements Jonathan D. Bray, Ph.D., P.E. University of California, Berkeley Funding: National Science Foundation Grant No. 926473 Overview

922 views • 47 slides
Analytics Software for Energy Management and Building Systems Optimization and Equipment Fault

Analytics Software for Energy Management and Building Systems Optimization and Equipment Fault

Analytics Software for Energy Management and Building Systems Optimization and Equipment Fault Detection Data is the Driver We now have access to data lots of it! Building automation system data Utility data Metering data

558 views • 33 slides
Estimation and Fault Diagnostics of Battery PDE Models Scott Moura Assistant Professor | eCAL

Estimation and Fault Diagnostics of Battery PDE Models Scott Moura Assistant Professor | eCAL

Estimation and Fault Diagnostics of Battery PDE Models Scott Moura Assistant Professor | eCAL Director University of California, Berkeley Rensselaer Polytechnic Institute (RPI) Scott Moura | UC Berkeley Battery ID, Fault Diagnostics, &

1.25k views • 90 slides
Building a Fault- Building a Fault- Tolerant Distributed Tolerant Distributed System with

Building a Fault- Building a Fault- Tolerant Distributed Tolerant Distributed System with

Building a Fault- Building a Fault- Tolerant Distributed Tolerant Distributed System with System with zookeepertcl zookeepertcl Tcl Conference 2018 Tcl Conference 2018 Garrett McGrath Garrett McGrath /whois /whois /whois /whois

1.43k views • 125 slides
2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

1 Self Healing Network (Centralized Restoration Gateway) IEEE PES 2015 General Meeting 2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The operator makes switching decisions Automatic Fault Location

724 views • 22 slides
Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction Failure Model Fault Tolerance Models state machine primary-backup Distributed Systems - Fault Tolerance Introduction

146 views • 12 slides
Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

4/1/2014 Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault coverage COMPUTING Checkpointing and backward error recovery (rollback) Kewal K.Saluja General principles General principles

259 views • 3 slides
Akka Building Distributed Systems for Concurrent, Fault-tolerant and Scalable Java Applications

Akka Building Distributed Systems for Concurrent, Fault-tolerant and Scalable Java Applications

Akka Building Distributed Systems for Concurrent, Fault-tolerant and Scalable Java Applications 1 Thursday, November 21, 13 1 Problems with Multithreaded Programming Shared Mutable Objects Thread 2 Thread 1 Solution: Synchronized Access

1.27k views • 27 slides
Active fault level management Introducing the Fault Current Limiting service 1 Fluctuating

Active fault level management Introducing the Fault Current Limiting service 1 Fluctuating

Active fault level management Introducing the Fault Current Limiting service 1 Fluctuating fault level Fault level reinforcement is disruptive, lengthy and expensive which can discourage connection of new demand/ generation NETWORK

447 views • 16 slides
JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK 2018, Kolkata, India 15 Nov 2018 Table of Contents 1. Introduction to Fault Attacks 2. Persistent Fault Analysis (PFA) 3. PFA on Fault

588 views • 19 slides
Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1

Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1

Computer Networks and Communication Systems Friedrich-Alexander-University Erlangen-Nuremberg Prof. Dr.-Ing. Reinhard German Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1 Department of Computer

558 views • 21 slides
BSc Project What kinds of fault we may confront in a control loop? Fault Detection &

BSc Project What kinds of fault we may confront in a control loop? Fault Detection &

13/12/2016 2 of 23 Content What is fault? Why we detect fault in a control loop? BSc Project What kinds of fault we may confront in a control loop? Fault Detection & Diagnosis What is stiction? in Control Valves

406 views • 6 slides
Computer Graphics CS 543 Lecture 4 (Part 1) Building 3D Models (Part 1) Prof Emmanuel Agu

Computer Graphics CS 543 Lecture 4 (Part 1) Building 3D Models (Part 1) Prof Emmanuel Agu

Computer Graphics CS 543 Lecture 4 (Part 1) Building 3D Models (Part 1) Prof Emmanuel Agu Computer Science Dept. Worcester Polytechnic Institute (WPI) Objectives Introduce simple data structures for building polygonal models Vertex

657 views • 22 slides

More recommend