Design, calibration, and evaluation of real-time waveform matching on an FPGA-based digitizer at 10 GS/s. - In: ACM transactions on reconfigurable technology and Systems, ISSN 1936-7406, Bd. 17 (2024), 2, 24, S. 24:1-24:28
Digitizing side-channel signals at high sampling rates produces huge amounts of data, while side-channel analysis techniques only need those specific trace segments containing Cryptographic Operations (COs). For detecting these segments, waveform-matching techniques have been established comparing the signal with a template of the CO’s characteristic pattern. Real-time waveform matching requires highly parallel implementations as achieved by hardware design but also reconfigurability as provided by Field-Programmable Gate Arrays (FPGAs) to adapt the matching hardware to a specific CO pattern. However, currently proposed designs process the samples from analog-to-digital converters sequentially and can only process low sampling rates due to the limited clock speed of FPGAs. In this article, we present a parallel waveform-matching architecture capable of performing high-speed waveform matching on a high-end FPGA-based digitizer. We also present a workflow for calibrating the waveform-matching system to the specific pattern of the CO in the presence of hardware restrictions provided by the FPGA hardware. Our implementation enables waveform matching at 10 GS/s, offering a speedup of 50× compared to the fastest state-of-the-art implementation known to us. We demonstrate how to apply the technique for attacking the widespread XTS-AES algorithm using waveform matching to recover the encrypted tweak even in the presence of so-called systemic noise.
https://doi.org/10.1145/3635719
ReProInspect: framework for reproducible defect datasets for improved AOI of PCBAs. - In: Engineering of computer-based systems, (2024), S. 205-214
Today, the process of producing a printed circuit board assembly (PCBA) is growing rapidly, and this process requires cutting-edge debugging and testing of the boards. The Automatic Optical Inspection (AOI) process detects defects in the boards, components, or solder pads using image processing and machine learning (ML) algorithms. Although state-of-the-art approaches for identifying defects are well developed, due to three main issues, the ML algorithms and datasets are incapable of fully integrating into industrial plants. These issues are privacy limitations for sharing data, the distribution shifts in the PCBA industry, and the absence of a degree of freedom for reproducible and modifiable synthetic datasets.
https://doi.org/10.1007/978-3-031-49252-5_16
Transparency and traceability for AI-based defect detection in PCB production. - In: Modelling and development of intelligent systems, (2023), S. 54-72
Automatic Optical Inspection (AOI) is used to detect defects in PCB production and provide the end-user with a trustworthy PCB. AOI systems are enhanced by replacing the traditional heuristic algorithms with more advanced methods such as neural networks. However, they provide the operators with little or no information regarding the reasoning behind each decision. This paper explores the research gaps in prior PCB defect detection methods and replaces these complex methods with CNN networks. Next, it investigates five different Cam-based explainer methods on eight selected CNN architectures to evaluate the performance of each explainer. In this paper, instead of synthetic datasets, two industrial datasets are utilized to have a realistic research scenario. The results evaluated by the proposed performance metric demonstrate that independent of the dataset, the CNN architectures are interpretable using the same explainer methods. Additionally, the Faster Score-Cam method performs better than other methods used in this paper.
https://doi.org/10.1007/978-3-031-27034-5_4
Real-time waveform matching with a digitizer at 10 GS/s. - In: 2022 32nd International Conference on Field-Programmable Logic and Applications, (2022), S. 94-100
Side-Channel Analysis (SCA) requires the detection of the specific time frame within which Cryptographic Operations (COs) take place in the side-channel signal. In laboratory conditions with full control over the Device under Test (DuT), dedicated trigger signals can be implemented to indicate the start and end of COs. For real-world scenarios, waveform-matching techniques have been established which compare the side-channel signal with a template of the CO's pattern in real time to detect the CO in the side channel. State-of-the-art approaches are implemented on Field-Programmable Gate Arrays (FPGAs). However, current waveform-matching designs process the samples from Analog-to-Digital Converters (ADCs) sequentially and can only work with low sampling rates due to the limited clock speed of FPGAs. This makes it increasingly difficult to apply existing techniques on modern DuTs that operate with clock speeds in the GHz range. In this paper, we present a parallel waveform-matching architecture that is capable of performing waveform matching at the speed of fast ADCs. We implement the proposed architecture in a high-end FPGA-based digitizer and deploy it to detect AES COs from the side channel of a single-board computer operating at 1 GHz. Our implementation allows for waveform matching at 10 GS/s with high accuracy, thus offering a speedup of 50× compared to the fastest state-of-the-art implementation known to us.
https://doi.org/10.1109/FPL57034.2022.00025
Using look up table content as signatures to identify IP cores in modern FPGAs. - In: Architecture of computing systems, (2022), S. 132-147
The increasing amount of logic resources in FPGA architectures has enabled the realization of larger and more complex designs. Today, most of the large-scale designs rely heavily on off-the-shelf Intellectual Property Cores (IP Cores) to ease their development. This dependency raises an important issue: the unlicensed use of IP Cores. In this paper, we utilize LUT contents, which represent the functionality of an IP Core, as a signature to determine if a core might be part of an accused design. For this, we present a technique to reconstruct the contained LUT contents from modern FPGA configurations which not only contain 6-input one-output LUTs but also 5-input two-output LUTs. By making use of LUT decomposition together with a fast Boolean matching algorithm, we consolidate the work for commercial architectures. The proposed method is evaluated using 8 IP Cores to find in 4 different designs using two different architectures. Our findings show a 100% identification rate with no false-positives or false-negatives for all experiments carried out. Especially the presence of larger cores can be established with a difference of at least 10% between true and false positives.
https://doi.org/10.1007/978-3-031-21867-5_9
Putting IMT to the test: revisiting and expanding interval matching techniques and their calibration for SCA. - In: ASHES '22, (2022), S. 65-74
Side-Channel Analysis (SCA) requires the detection of the specific time frame Cryptographic Operations (COs) take place in the side-channel signal. Under laboratory conditions with full control over the Device under Test (DuT), dedicated trigger signals can be implemented to indicate the start and end of COs. For real-world scenarios, waveform-matching techniques have been established which compare the side-channel signal with a template of the CO's pattern in real time to detect the CO in the side channel. State-of-the-Art approaches describe implementations based on Field-Programmable Gate Arrays (FPGAs). However, the maximal length of the template is restricted by the resources available on an FPGAs. Particularly, for high sampling rates the recording of an entire CO may need more samples than the maximum template length supported by a waveform-matching system. Consequently, the template has to be reduced such that it fits the resources while still containing all features relevant for detecting the COs via waveform matching. In this paper, we introduce a generic interval-matching technique which provides several degrees of freedom for fine-tuning it to the statistical deviations of waveform measurements of COs. Moreover, we introduce a novel calibration method that finds the best parameters automatically based on statistical analysis of training data. Furthermore, we investigate a technique to reduce the number of features used for the interval matching by utilizing machine-learning-based feature extraction to find the most important samples in a template. Finally, we evaluate the state-of-the-art interval matching and our expansions during calibration and during the application on a test set. The results show, that a reliable reduction to 10% of the original template size is possible with a reduction method from literature for our example. However, the combination of our proposed methods can reliably work with only 1.5% of the original size and is less volatile than the state-of-the-art approach for reducing the number of features.
https://doi.org/10.1145/3560834.3563828
Design and error analysis of accuracy-configurable sequential multipliers via segmented carry chains. - In: Information technology, ISSN 2196-7032, Bd. 64 (2022), 3, S. 89-98
We present the design and a closed-form error analysis of accuracy-configurable multipliers via segmented carry chains. To address this problem, we model the approximate partial-product accumulations as a sequential process. According to a given splitting point of the carry chains, the technique herein discussed allows varying the quality of the accumulations and, consequently, the overall product. Due to these shorter critical paths, such kinds of approximate multipliers can trade-off accuracy for an increased performance whilst exploiting the inherent area savings of sequential over combinatorial approaches. We implemented multiple architectures targeting FPGAs and ASICs with different bit-widths and accuracy configurations to 1) estimate resources, power consumption, and delay, as well as to 2) evaluate those error metrics that belong to the so-called #P-complete class.
https://doi.org/10.1515/itit-2021-0040
Raw filtering of JSON data on FPGAs. - In: Proceedings of the 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE 2022), (2022), S. 250-255
https://doi.org/10.23919/DATE54114.2022.9774696
3D INS/UWB based real time sensor fusion indoor position tracking architecture. - In: 2022 IEEE 13th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), (2022), S. 94-101
Accurate indoor position tracking and analysis of the movement dynamics of autonomous driving systems are important challenges when it comes to automatize industrial processing, supply chains or warehouses. In this paper, the authors present an indoor position tracking architecture with a novel sensor fusion approach for autonomous robots in three-dimensional space. For robots to be able to drive autonomous, they need information of their position, speed and orientation in 3D-space. With the presented architecture, position information is provided by the Indoor Positioning System (IPS) and orientation information as well as velocity are determined by the Inertial Navigation System (INS). The proposed tracking architecture combines those informations with a sensor fusion approach, thus enabling the autonomous driving system.
https://doi.org/10.1109/IEMCON56893.2022.9946462
The benefits and costs of netlist randomization based side-channel countermeasures: an in-depth evaluation. - In: Journal of Low Power Electronics and Applications, ISSN 2079-9268, Bd. 12 (2022), 3, 42, S. 1-17
Exchanging FPGA-based implementations of cryptographic algorithms during run-time using netlist randomized versions has been introduced recently as a unique countermeasure against side channel attacks. Using partial reconfiguration, it is possible to shuffle between structurally different but functionally similar versions of a cryptographic implementation. The resulting varying power profile enhances the resistance against power-based side channel attacks. While side channel leakage is reduced, costs in terms of additional resources and/or lowered throughput are often increased due to the overheads of the required online partial reconfiguration. In this work, we provide an in-depth evaluation of the leakage-area-throughput trade-off.
https://doi.org/10.3390/jlpea12030042