SlideShare a Scribd company logo

Final Paper

C
Colby Stanley
1 of 7
Download to read offline
1 Fault Injection using the Raspberry Pi 3 Computer Colby Stanley Department of ECE Duke University Durham, NC 27701 cts20@duke.edu Abstract Throughout this project, multiple means of fault injection are explored using a Raspberry Pi 3 computer as the test bed. The two major sets of fault injection experiments are electromagnetic fault injection and magnetic fault injection. The presence of a fault is determined based on what is expected to be in the SRAM versus what is read out of the SRAM of the CPU of the device after each experiment. If an unexpected value is found, such as a 0 when a 1 was expected, this course of action is deemed to have injected a transient fault into the Raspberry Pi’s SRAM. The scope of this work is limited to transient faults in SRAM in order to have a more controlled environment where an expected value can be compared with the result of a test. Results indicated that the use of commodity devices such as wireless routers, microwaves, a permanent neodymium magnet, and an electromagnet are inconclusive in their ability to inject transient faults. 1. Introduction When developing a scheme for tolerating faults, it is important to test the design to determine how well the design handles the specific scenarios it is intended for according to its fault model. However, this leads to the question of how can a design be tested and how does one determine if the tests are passed or failed. Typically, in order to perform fault injection, simulators running a specific processor’s architecture are used. This allows control over where the fault is injected and the duration of the fault if it is transient [1]. Simulators are useful tools for injecting faults and testing a system’s ability to cope with different types of faults. The simulator, however, is only as good as the data that the simulation is based on, and the inputs that are used. If the simulated faults are not realistic in terms of the portion of the chip that is impacted, or the duration over which a voltage spike occurs, they may not truly test some of the main cases effectively. Additionally, faults may be logically masked and if careful effort is not made to determine whether the faults are being masked, the fault can go undetected even after significant testing [2]. An alternative to simulating fault injection is to inject faults using real sources of faults on real hardware. This approach is not as commonly used as simulation because it is time consuming and costly. The cost of manufacturing the hardware for the experiment and the cost of the test environment itself can be prohibitive [1]. This project aims to provide an alternative by using commonly found devices that have the potential to inject faults into real hardware. Additionally, the data gathered provides insight into how the Raspberry Pi responds to fault injection of different kinds. The Raspberry Pi is becoming more popular for different scientific and engineering applications, and it is important to be aware
2 of its sensitivity to different types of conditions. There is less information that can be found in terms of system state working with real hardware, unless the hardware is designed with circuitry for accessing state information at different points. This makes it important to first determine what is the expected outcome of an operation in order to have a way of comparing that which is expected with what has occurred experimentally. For this project, it was useful to target the SRAM for fault injection because the initial values can be manually selected for each SRAM cell and compared with the results without the need for additional hardware storing state information. The following information will make up the remainder of this paper. First, prior work done in the field of fault injection will be discussed as well as how it differs from this research. Next, the experimental setup and equipment used to perform fault injection experiments will be discussed, and lastly the experimental results will be included along with a detailed explanation proceeded with a conclusion. 2. Prior Work Existing methods of fault injection on real hardware rely on either hardware or software to inject faults. Software based fault injection can be done at compile-time and runtime, and does not require special equipment. This form of fault injection is limited, though, by the portions of hardware that can be reached through software. Fault injection done at compile-time works by changing certain instructions to improper instructions simulating what would happen if a fault changed their value. Runtime fault injection can work similarly to compile-time fault injection by adding code as well as the use of interrupts and exceptions to call functions used to inject faults. Hardware based fault injection can be done through contact and non-contact methods. A non- contact method would be to bombard a chip or component with radiation. When a radioactive particle strikes, it can generate a current [6]. Depending on the current generated, a bit may be flipped. As for contact methods of fault injection, probes can be used to alter the current at a specific pin. This probe based method allows for a targeted fault injection which can be useful for testing how a design handles specific faults. On the contrary, methods such as bombarding a chip with radiation can produce more realistic tests due to the unpredictable nature [1]. Additional methods of noncontact fault injection include those that rely on electromagnetic radiation including the use of lasers to change the voltage on a wire within a chip resulting in a bit flip. Such forms of fault injection can be used in testing cryptographic systems in order to test their security. The certification of a cryptographic system can rely on the system’s ability to withstand fault attacks with the intention of revealing cryptographic information. Such testing relies on a system using an electromagnetic probe which is connected to a pulse generator through which a voltage pulse is produced. The specialized magnetic probe is intended for targeted attacks directed at certain portions of a chip rather than exposing the entire chip to a magnetic field [5]. With the forms of fault injection discussed, each has its own benefits and drawbacks. Without removing a processor’s cap, fault injection using a laser or an intense pulse of light such as a camera flash would not produce desirable results. Similarly, applying a magnetic field to a system that has a metal case for fault injection would also be fruitless due to the metal case being a Faraday cage protecting
3 the CPU and other components [3]. Radiation based fault injection using a radioactive source provides an unpredictable means of fault injection that is more realistic in nature. However, specialized equipment would be needed to fire radioactive particles at a system and its components. With each of the possible forms of fault injection considered, it was found that noncontact fault injection using magnetic fields and electromagnetic radiation would be capable of producing realistic results similar to that of the firing of radioactive particles. If used without a magnetic probe focusing the magnetic pulse to a region of the chip or component, a magnetic field could be produced capable of impacting the entire chip at once. Another added benefit is that the two chosen fault injection methods could be achieved through the use of commonly found items or be built with relatively little cost. 3. Experimental Setup The Raspberry Pi computer is commonly referred to as a system on a chip. Aside from the small size, there is little difference between a Raspberry Pi and the average personal computer. The major differences lie in the use of a microSD card instead of a traditional hard disk drive, and the GPIO (General Purpose Input-Output Connector) that can be used to power different devices such as servos. The Raspberry Pi 3 used for each of these experiments ran the Linux based operating system Raspbian version 4.4 which provided the basic functionality for the experiments performed. Before any significant data was taken, it was important to develop a consistent way of determining whether or not an SRAM cell had been effected by the attempt at fault injection. This was done through a simple program written in C that allocates space for a user selected number of unsigned integers and stores either 1’s or 0’s in the entire allocated space. The Raspberry Pi’s processor is a Broadcom BCM2837 which has a 32 KB L1 cache for each of the four cores and a shared 512 KB L2 cache. Because each unsigned integer is 4 bytes, each trial was performed by allocating space for 136,000 unsigned integers to ensure that all of the SRAM was being used. The initial values for each of the integers are written to one file, while the final values are written to a separate file when the console receives user input. Using the diff command, it was determined whether there was a change in the integers written to file from the SRAM after the attempted fault injection or if the two files remained the same [4]. 3.1 Magnetic Fields According to Faraday’s Law, the motion of a circuit in a magnetic field, the change of a magnetic field’s strength, and the movement of a magnetic field in relation to a circuit are each capable of generating a current. This is known as electromagnetic induction and is the driving idea behind using an electromagnet to flip bits within SRAM cells. By passing a magnet over the processor in different directions, the magnetic field has the potential to impact the current being carried within the cache memory or the combinational logic. However, there are several unknowns in regards to this approach. Because the voltage that denotes a 1 or a 0 being held in the cross coupled inverters of each cache cell is not included in the Broadcom processor’s datasheet, it is only through experimental measures that a determination of this voltage can be determined [3]. During the magnetic fault injection portion of the project, several different approaches were taken. Initially, a Uxcell electromagnet solenoid was used with
4 multiple input voltages at a fixed distance from the processor. Also, a permanent neodymium magnet was used which proved to have a higher magnetic field strength than what could be achieved with the electromagnet. It was important for the testing done to avoid producing any permanent faults by shorting out pins through contact between the board and the magnets. This limited the proximity the magnets could be used within with respect to the Raspberry Pi and as a result this limited the magnetic field strength reaching the processor. There are several differences between the experimental setup for the magnetic fault injection experiments of this project and that of prior work including the lack of a motorized stage [4]. Rather than relying on a motorized stage, the magnet was moved manually in the x, y, and z directions. Also, the magnetic field generated was done using an electromagnet solenoid rather than a magnetic probe, and the voltage was constant for each trial rather than pulsed. 3.2 Electromagnetic Radiation Following the testing done using magnetic fields to inject faults, electromagnetic radiation was explored. Many common devices can be significant sources of electromagnetic radiation. The devices used were a wireless router and two different microwave ovens. Due to the danger of operating an open microwave, the Raspberry Pi was placed on top of a closed microwave during the experiments. This, however, does not mean that there was no microwave radiation reaching the Raspberry Pi. A simple test showed that both microwaves used leaked electromagnetic radiation. The test involved placing a cell phone inside of each microwave while they were unplugged and monitoring its connection to the wireless network. If the device lost its connection to the wireless network, this would indicate that the microwave was well insulated and did not leak electromagnetic radiation. However, it was found in the case of both microwaves that they did leak electromagnetic radiation. Wireless routers also produce electromagnetic radiation, however at a lesser intensity. Testing was performed using a wireless router alone, a wireless router and a microwave simultaneously, and the addition of parabolic reflectors to direct the electromagnetic radiation from the wireless router towards the Raspberry Pi. These devices were used over different durations and in different combinations in an attempt to inject transient faults. 4. Experimental Results and Analysis The first experiments performed were using the electromagnet at different operating voltages/currents at a fixed distance from the Raspberry Pi. At each input voltage, the magnet was moved manually in the x, y, and z directions relative to the Raspberry Pi’s processor (shown in Figure 1). Also, along with a variable voltage for electromagnet, each trial was performed with the SRAM full of 1’s and the SRAM X Y Z Figure 1: (The z axis is coming out of the page)
5 full of 0’s in order to account for the induction flipping bits in one direction more easily than another. The electromagnet is rated for 12 volts DC. Nonetheless, without knowing the permeability of the core’s material and the number of turns of magnetic wire it was impossible to calculate the magnetic field strength of the magnet. All that is known is the magnet’s lifting force is 50kg when operated at its threshold voltage according to its documentation. The electromagnet was operated at each voltage between 0 and 12 volts for a total of 24 trials. Some work was done operating the electromagnet beyond its rated voltage, but the magnet became dangerously hot. It was found that with the magnet used along with the experimental setup that transient faults could not be injected. One major issue is the distance between the electromagnet and the Raspberry Pi’s processor. This distance was maintained in order to keep the electromagnet from contacting pins and shorting them out. Magnetic field strength is dependent on the distance from the electromagnet itself, therefore by having this gap distance between the electromagnet and the processor the magnetic field strength reaching processor was reduced [3]. Additionally, a cylindrical neodymium magnet with a 13,500 Gauss internal magnetic field strength was tested in a similar fashion. However, due to the permanent magnet’s size, the magnet could be placed against the Raspberry Pi’s processor rather than at a fixed distance. This proximity along with the noticeably more powerful magnetic field generated by the permanent magnet created what was thought to be better conditions for performing fault injection. After performing trials with the SRAM full of 1’s and then 0’s, it was found that just as with the electromagnet no bits were flipped in the caches of the Raspberry Pi. Next, the use of electromagnetic radiation from a microwave and a wireless router were tested. Trials were done with the microwave and wireless router individually. Below in Figure 2, the table shows the various setups that were used in the hopes of isolating the change that caused enough electromagnetic radiation exposure to flip bits within the Raspberry Pi. Each of the tests in the following figure were performed with the Raspberry Pi’s cache being filled with 1’s and then with 0’s. Microwave Router Parabolic Reflectors Duration (Minutes) X 10 X 60 X X 60 X X 10 X X X 10 Figure 2: Experimental setup combinations for electromagnetic fault injection The duration in Figure 2 is the duration for which the Raspberry Pi was exposed to the sources of electromagnetic radiation before the resulting data was collected. It was found that regardless of the experimental setup used, the Raspberry Pi functioned normally and the data read out of the caches showed no flipped bits. An important aside is that the duration the microwave was run was limited by the time it took for ice to become boiling water. It is unsafe to run a microwave oven empty as it can damage it, therefore ice was used as a simple solution for running the microwave for extended periods of time without harm. One possible reason for the results attained through both methods of fault injection is that the induced current due to the magnet/electromagnet and the electromagnetic fields were not great enough to change the system’s state. Therefore, the use of more powerful sources of induction such as a more powerful
6 electromagnet and power supply or microwave emission device that is without shielding that limits the amount of electromagnetic radiation reaching the target device. Also, longer durations of exposure to the sources of electromagnetic radiation may increase the chance of transient faults being injection. In terms of the Raspberry Pi’s resistance to fault injection techniques, the results show that it would take a greater magnetic field strength than 13,500 Gauss to produce a transient fault, and that wireless routers and microwaves do not produce enough electromagnetic radiation to readily impact the processor’s state. Both of these pieces of information are helpful in developing future experiments for injecting faults into the Raspberry Pi and they demonstrate the device’s ability to withstand various forms of fault injection. 5. Conclusion There were two major objectives in this paper, the first of which being to develop a method of fault injection using magnets, wireless routers, and microwaves instead of costly specialized equipment that is typically used when performing hardware based fault injection. The second objective was to study the Raspberry Pi’s ability to tolerate these sources of fault injection. Raspberry Pi computers are becoming more popular for many projects, therefore the ability of the device to withstand common sources of faults is beneficial. It was found that with the experimental setup used it is not likely that a Raspberry Pi under similar conditions would experience a transient fault. However, even though there were no detected faults in the data readout from the device’s SRAM, this does not mean that transient faults did not exist in the device’s DRAM or combinational logic as a result of the testing. Transient faults in combinational logic could be logically masked, and any transient error in DRAM may not be a value that is used by the system again. This paper demonstrates a repeatable experimental setup for testing multiple forms of fault injection that could be built upon. By making use of commonly found items, the provided setup attempts to reduce the need for specialized equipment, thereby making non-contact, hardware based fault injection a more appealing choice when testing a system’s ability to handle faults. Future work could demonstrate this low-cost approach to fault injection as an effective alternative that provides realistic faults on par with the use of radioactive particles. 6. Future Work Moving forward, one major improvement that could be made is building an electromagnet specifically for the purpose of injecting faults. Some work was done to gather the materials such as magnetic wire and a ferromagnetic core, however finding a suitable power source hindered the efforts to take experimental data using this more powerful magnet. Additionally, using a voltage pulse with the electromagnet could be beneficial as well. An issue discovered with the electromagnet used is the heat that is generated, therefore reducing the time over which the current is running through the magnetic wire would aid in the reduction of temperature of the electromagnet. Another avenue would be the use of more powerful permanent magnets, but one of the determining factors in how powerful a permanent magnet is its size. Larger magnets would be more cumbersome to pass over the Raspberry Pi’s processor and the larger dimensions might require a larger gap between the magnet and the Raspberry Pi to avoid contacting the GPIO pins. This could defeat the purpose of having a more
7 powerful magnet because the magnetic field strength decreases proportionally to the distance from the magnetic core [3]. With that in mind, the motivations behind using a small electromagnetic magnetic probe controlled with short voltage pulses over a traditional electromagnet or permanent magnet become apparent as it is better suited for use with sensitive electronic devices. References [1] Hsueh, M., Tsai, T. K., & Iyer, R. K. (1997, April). Fault Injection Techniques and ... - ece.cmu.edu. Retrieved November 1, 2016, from https://www.ece.cmu.edu/~ece749/docs/faul tInjectionSurvey.pdf [2] Shivakumar, P., Kistler, M., Keckler, S., Burger, D., & Alvisi, L. (n.d.). Modeling the effect of technology trends on the soft error rate of combinational logic. Proceedings International Conference on Dependable Systems and Networks. 2002 [3] Griffiths, D. J. (2003). Introduction to electrodynamics (4th ed.). Pearson. [4] Raspberry Pi Hardware. (n.d.). Retrieved November 7, 2016, from https://www.raspberrypi.org/documentation/ hardware/raspberrypi/README.md [5] Dehbaoui, A., Dutertre, J., Robinson, B., Orsatelli, P., Maurine, P., & Tria, A. (n.d.). Injection of transient faults using electromagnetic pulses Practical results on a cryptographic system. Retrieved from https://www.researchgate.net/profile/Bruno_ Robisson/publication/267407641_Injection_ of_transient_faults_using_electromagnetic_ pulses_Practical_results_on_a_cryptographi c_system/links/546278520cf2cb7e9da64fe1. pdf [6] Ziegler, J. F., Curtis, H. W., Muhlfeld, H. P., Montrose, C. J., Chin, B., Nicewicz, M., . . . Wahaus, C. W. (1996). IBM experiments in soft fails in computer electronics (1978–1994). IBM Journal of Research and Development, 40(1), 3-18. doi:10.1147/rd.401.0003

Recommended

Yolinda chiramba Survey Paper
Yolinda chiramba Survey PaperYolinda chiramba Survey Paper
Yolinda chiramba Survey PaperYolinda Chiramba
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045ER Publication.org
 
D0521522
D0521522D0521522
D0521522IOSR Journals
 
Composite Intrusion Detection in Process Control Networks
Composite Intrusion Detection in Process Control NetworksComposite Intrusion Detection in Process Control Networks
Composite Intrusion Detection in Process Control Networksguest8fdee6
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisAndrej Šimko
 
FPGA Debug Using Incremental Trace Buffer
FPGA Debug Using Incremental Trace BufferFPGA Debug Using Incremental Trace Buffer
FPGA Debug Using Incremental Trace Bufferpaperpublications3
 
ieee project topic & abstracts in php
ieee project topic & abstracts in phpieee project topic & abstracts in php
ieee project topic & abstracts in phpaswin tbbc
 

Recommended

Yolinda chiramba Survey Paper
Yolinda chiramba Survey PaperYolinda chiramba Survey Paper
Yolinda chiramba Survey PaperYolinda Chiramba
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045ER Publication.org
 
D0521522
D0521522D0521522
D0521522IOSR Journals
 
Composite Intrusion Detection in Process Control Networks
Composite Intrusion Detection in Process Control NetworksComposite Intrusion Detection in Process Control Networks
Composite Intrusion Detection in Process Control Networksguest8fdee6
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisAndrej Šimko
 
FPGA Debug Using Incremental Trace Buffer
FPGA Debug Using Incremental Trace BufferFPGA Debug Using Incremental Trace Buffer
FPGA Debug Using Incremental Trace Bufferpaperpublications3
 
ieee project topic & abstracts in php
ieee project topic & abstracts in phpieee project topic & abstracts in php
ieee project topic & abstracts in phpaswin tbbc
 
Pablo_Panero_Report
Pablo_Panero_ReportPablo_Panero_Report
Pablo_Panero_ReportPablo Panero
 
trojan detection
trojan detectiontrojan detection
trojan detectionSRI NISHITH
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis AttacksLee Stewart
 
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...idescitation
 
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT KharagpurSneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT KharagpurPriyanka Aash
 
Acceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemAcceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemSheela Arokia Mary
 
Automatic Object Detection and Target using Ultrasonic Sensor
Automatic Object Detection and Target using Ultrasonic SensorAutomatic Object Detection and Target using Ultrasonic Sensor
Automatic Object Detection and Target using Ultrasonic SensorIRJET Journal
 
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...Eswar Publications
 
thesis
thesisthesis
thesisAdam Kozień
 
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...ijwmn
 
Masters_Thesis_ver.1.02
Masters_Thesis_ver.1.02Masters_Thesis_ver.1.02
Masters_Thesis_ver.1.02Thomas Balle
 
Multisensor data fusion for defense application
Multisensor data fusion for defense applicationMultisensor data fusion for defense application
Multisensor data fusion for defense applicationSayed Abulhasan Quadri
 
A LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENS
A LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENSA LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENS
A LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENSPanteion University of Social and Political Sciences
 
.
..
.Biblioteca Soares Dos Reis
 
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...Canal Capital
 
On set images
On set imagesOn set images
On set imagesHannah Chyriwsky
 
Cooking Session Aceite Solidario
Cooking Session Aceite SolidarioCooking Session Aceite Solidario
Cooking Session Aceite SolidarioRastroSolidario
 
Ancient Greece
Ancient GreeceAncient Greece
Ancient Greece13nick
 
A los saltos (canguro de tela)
A los saltos (canguro de tela)A los saltos (canguro de tela)
A los saltos (canguro de tela)Ideas y Manualidades
 
Rondas campesinas edición especial venceremos cajamarca
Rondas campesinas edición especial venceremos cajamarcaRondas campesinas edición especial venceremos cajamarca
Rondas campesinas edición especial venceremos cajamarcaTania Roja
 
Silbo innovation communication startup changement
Silbo innovation communication startup changementSilbo innovation communication startup changement
Silbo innovation communication startup changementSilbo
 
Polaridade das Ligações, Geometria Molecular e Força Molecular
Polaridade das Ligações, Geometria Molecular e Força MolecularPolaridade das Ligações, Geometria Molecular e Força Molecular
Polaridade das Ligações, Geometria Molecular e Força MolecularUniversidade Federal do Ceará
 

More Related Content

What's hot

Pablo_Panero_Report
Pablo_Panero_ReportPablo_Panero_Report
Pablo_Panero_ReportPablo Panero
 
trojan detection
trojan detectiontrojan detection
trojan detectionSRI NISHITH
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis AttacksLee Stewart
 
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...idescitation
 
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT KharagpurSneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT KharagpurPriyanka Aash
 
Acceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemAcceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemSheela Arokia Mary
 
Automatic Object Detection and Target using Ultrasonic Sensor
Automatic Object Detection and Target using Ultrasonic SensorAutomatic Object Detection and Target using Ultrasonic Sensor
Automatic Object Detection and Target using Ultrasonic SensorIRJET Journal
 
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...Eswar Publications
 
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...ijwmn
 
Masters_Thesis_ver.1.02
Masters_Thesis_ver.1.02Masters_Thesis_ver.1.02
Masters_Thesis_ver.1.02Thomas Balle
 
Multisensor data fusion for defense application
Multisensor data fusion for defense applicationMultisensor data fusion for defense application
Multisensor data fusion for defense applicationSayed Abulhasan Quadri
 

What's hot (12)

Pablo_Panero_Report
Pablo_Panero_ReportPablo_Panero_Report
Pablo_Panero_Report
 
trojan detection
trojan detectiontrojan detection
trojan detection
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis Attacks
 
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
 
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT KharagpurSneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
 
Acceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemAcceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga system
 
Automatic Object Detection and Target using Ultrasonic Sensor
Automatic Object Detection and Target using Ultrasonic SensorAutomatic Object Detection and Target using Ultrasonic Sensor
Automatic Object Detection and Target using Ultrasonic Sensor
 
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
Robust Fault-Tolerant Training Strategy Using Neural Network to Perform Funct...
 
thesis
thesisthesis
thesis
 
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
NETWORK PERFORMANCE ENHANCEMENT WITH OPTIMIZATION SENSOR PLACEMENT IN WIRELES...
 
Masters_Thesis_ver.1.02
Masters_Thesis_ver.1.02Masters_Thesis_ver.1.02
Masters_Thesis_ver.1.02
 
Multisensor data fusion for defense application
Multisensor data fusion for defense applicationMultisensor data fusion for defense application
Multisensor data fusion for defense application
 

Viewers also liked

Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...Canal Capital
 
Cooking Session Aceite Solidario
Cooking Session Aceite SolidarioCooking Session Aceite Solidario
Cooking Session Aceite SolidarioRastroSolidario
 
Ancient Greece
Ancient GreeceAncient Greece
Ancient Greece13nick
 
Rondas campesinas edición especial venceremos cajamarca
Rondas campesinas edición especial venceremos cajamarcaRondas campesinas edición especial venceremos cajamarca
Rondas campesinas edición especial venceremos cajamarcaTania Roja
 
Silbo innovation communication startup changement
Silbo innovation communication startup changementSilbo innovation communication startup changement
Silbo innovation communication startup changementSilbo
 
Polaridade das Ligações, Geometria Molecular e Força Molecular
Polaridade das Ligações, Geometria Molecular e Força MolecularPolaridade das Ligações, Geometria Molecular e Força Molecular
Polaridade das Ligações, Geometria Molecular e Força MolecularUniversidade Federal do Ceará
 
Divulgação dos resultados do concurso "Elos da leitura em cartaz"
Divulgação dos resultados do concurso "Elos da leitura em cartaz"Divulgação dos resultados do concurso "Elos da leitura em cartaz"
Divulgação dos resultados do concurso "Elos da leitura em cartaz"Biblioteca Soares Dos Reis
 
Campus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojos
Campus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojosCampus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojos
Campus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojosMaia Kord
 
Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...
Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...
Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...Mr.Allah Dad Khan
 
An overview of atypical anti depressants
An overview of atypical anti depressantsAn overview of atypical anti depressants
An overview of atypical anti depressantsBrajesh Lahri
 
Ad Analysis Session_01
Ad Analysis Session_01Ad Analysis Session_01
Ad Analysis Session_01madinvgsom
 
Project based learning
Project based learningProject based learning
Project based learningmwinfield1
 
Banco Geometria Trigonometria FCYT UMSS
Banco Geometria Trigonometria FCYT UMSSBanco Geometria Trigonometria FCYT UMSS
Banco Geometria Trigonometria FCYT UMSSwww.pablomoscoso.com
 
Curation Technologies for Multilingual Europe
Curation Technologies for Multilingual EuropeCuration Technologies for Multilingual Europe
Curation Technologies for Multilingual EuropeGeorg Rehm
 
Polymorphism and crystallisation : The mysterious phenomenon
Polymorphism and crystallisation : The mysterious phenomenonPolymorphism and crystallisation : The mysterious phenomenon
Polymorphism and crystallisation : The mysterious phenomenonMadhulika Harde
 

Viewers also liked (20)

A LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENS
A LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENSA LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENS
A LEAN START UP COMMUNICATIVE MODEL FOR BRANDING ATHENS
 
.
..
.
 
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
Comunicado conjunto sobre el Acuerdo de creación de una Jurisdicción Especial...
 
On set images
On set imagesOn set images
On set images
 
Cooking Session Aceite Solidario
Cooking Session Aceite SolidarioCooking Session Aceite Solidario
Cooking Session Aceite Solidario
 
Ancient Greece
Ancient GreeceAncient Greece
Ancient Greece
 
A los saltos (canguro de tela)
A los saltos (canguro de tela)A los saltos (canguro de tela)
A los saltos (canguro de tela)
 
Rondas campesinas edición especial venceremos cajamarca
Rondas campesinas edición especial venceremos cajamarcaRondas campesinas edición especial venceremos cajamarca
Rondas campesinas edición especial venceremos cajamarca
 
Silbo innovation communication startup changement
Silbo innovation communication startup changementSilbo innovation communication startup changement
Silbo innovation communication startup changement
 
Polaridade das Ligações, Geometria Molecular e Força Molecular
Polaridade das Ligações, Geometria Molecular e Força MolecularPolaridade das Ligações, Geometria Molecular e Força Molecular
Polaridade das Ligações, Geometria Molecular e Força Molecular
 
Divulgação dos resultados do concurso "Elos da leitura em cartaz"
Divulgação dos resultados do concurso "Elos da leitura em cartaz"Divulgação dos resultados do concurso "Elos da leitura em cartaz"
Divulgação dos resultados do concurso "Elos da leitura em cartaz"
 
Campus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojos
Campus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojosCampus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojos
Campus Party Mexico 2016 - Realidad Virtual - El mundo visto con otros ojos
 
Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...
Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...
Tomato pest insects A Lecture By Allah Dad Khan Provincial Coordinator IPM MI...
 
Myofunctional appliances
Myofunctional appliancesMyofunctional appliances
Myofunctional appliances
 
An overview of atypical anti depressants
An overview of atypical anti depressantsAn overview of atypical anti depressants
An overview of atypical anti depressants
 
Ad Analysis Session_01
Ad Analysis Session_01Ad Analysis Session_01
Ad Analysis Session_01
 
Project based learning
Project based learningProject based learning
Project based learning
 
Banco Geometria Trigonometria FCYT UMSS
Banco Geometria Trigonometria FCYT UMSSBanco Geometria Trigonometria FCYT UMSS
Banco Geometria Trigonometria FCYT UMSS
 
Curation Technologies for Multilingual Europe
Curation Technologies for Multilingual EuropeCuration Technologies for Multilingual Europe
Curation Technologies for Multilingual Europe
 
Polymorphism and crystallisation : The mysterious phenomenon
Polymorphism and crystallisation : The mysterious phenomenonPolymorphism and crystallisation : The mysterious phenomenon
Polymorphism and crystallisation : The mysterious phenomenon
 

Similar to Final Paper

IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...IEEEGLOBALSOFTSTUDENTPROJECTS
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...IEEEGLOBALSOFTSTUDENTSPROJECTS
 
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...VLSICS Design
 
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...VLSICS Design
 
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...VLSICS Design
 
54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-project54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-projectveenanandkakarla
 
Defending Reactive Jammers in WSN using a Trigger Identification Service.
Defending Reactive Jammers in WSN using a Trigger Identification Service.Defending Reactive Jammers in WSN using a Trigger Identification Service.
Defending Reactive Jammers in WSN using a Trigger Identification Service.ijsrd.com
 
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...JPJ1439 On False Data-Injection Attacks against Power System State Estimation...
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...chennaijp
 
On false data injection attacks against power system
On false data injection attacks against power systemOn false data injection attacks against power system
On false data injection attacks against power systemShakas Technologies
 
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...Papitha Velumani
 
IRJET- Real Time Implementation of Air Writing
IRJET- Real Time Implementation of Air WritingIRJET- Real Time Implementation of Air Writing
IRJET- Real Time Implementation of Air WritingIRJET Journal
 
Performance Analysis of multithreaded applications based on Hardware Simulati...
Performance Analysis of multithreaded applications based on Hardware Simulati...Performance Analysis of multithreaded applications based on Hardware Simulati...
Performance Analysis of multithreaded applications based on Hardware Simulati...Maria Stylianou
 
IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...
IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...
IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...IRJET Journal
 
Reproducible Emulation of Analog Behavioral Models
Reproducible Emulation of Analog Behavioral ModelsReproducible Emulation of Analog Behavioral Models
Reproducible Emulation of Analog Behavioral Modelsfnothaft
 
Acceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemAcceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemSheela ArokiaMary
 
Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...
Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...
Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...IRJET Journal
 
Fault diagnosis of a high voltage transmission line using waveform matching a...
Fault diagnosis of a high voltage transmission line using waveform matching a...Fault diagnosis of a high voltage transmission line using waveform matching a...
Fault diagnosis of a high voltage transmission line using waveform matching a...ijsc
 
Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...
Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...
Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...IJMERJOURNAL
 

Similar to Final Paper (20)

publication1
publication1publication1
publication1
 
Ieee 07059100
Ieee 07059100Ieee 07059100
Ieee 07059100
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT On false-data-injection-attacks-a...
 
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
 
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
 
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
COVERAGE DRIVEN FUNCTIONAL TESTING ARCHITECTURE FOR PROTOTYPING SYSTEM USING ...
 
54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-project54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-project
 
Defending Reactive Jammers in WSN using a Trigger Identification Service.
Defending Reactive Jammers in WSN using a Trigger Identification Service.Defending Reactive Jammers in WSN using a Trigger Identification Service.
Defending Reactive Jammers in WSN using a Trigger Identification Service.
 
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...JPJ1439 On False Data-Injection Attacks against Power System State Estimation...
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...
 
On false data injection attacks against power system
On false data injection attacks against power systemOn false data injection attacks against power system
On false data injection attacks against power system
 
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
 
IRJET- Real Time Implementation of Air Writing
IRJET- Real Time Implementation of Air WritingIRJET- Real Time Implementation of Air Writing
IRJET- Real Time Implementation of Air Writing
 
Performance Analysis of multithreaded applications based on Hardware Simulati...
Performance Analysis of multithreaded applications based on Hardware Simulati...Performance Analysis of multithreaded applications based on Hardware Simulati...
Performance Analysis of multithreaded applications based on Hardware Simulati...
 
IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...
IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...
IRJET- Low Priced and Energy Economical Detection of Replicas for Wireles...
 
Reproducible Emulation of Analog Behavioral Models
Reproducible Emulation of Analog Behavioral ModelsReproducible Emulation of Analog Behavioral Models
Reproducible Emulation of Analog Behavioral Models
 
Acceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga systemAcceleration of stochastic algorithm on fpga system
Acceleration of stochastic algorithm on fpga system
 
Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...
Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...
Advancing VLSI Design Reliability: A Comprehensive Examination of Embedded De...
 
Fault diagnosis of a high voltage transmission line using waveform matching a...
Fault diagnosis of a high voltage transmission line using waveform matching a...Fault diagnosis of a high voltage transmission line using waveform matching a...
Fault diagnosis of a high voltage transmission line using waveform matching a...
 
Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...
Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...
Complex Test Pattern Generation for high speed fault diagnosis in FPGA based ...
 

Final Paper

  • 1. 1 Fault Injection using the Raspberry Pi 3 Computer Colby Stanley Department of ECE Duke University Durham, NC 27701 cts20@duke.edu Abstract Throughout this project, multiple means of fault injection are explored using a Raspberry Pi 3 computer as the test bed. The two major sets of fault injection experiments are electromagnetic fault injection and magnetic fault injection. The presence of a fault is determined based on what is expected to be in the SRAM versus what is read out of the SRAM of the CPU of the device after each experiment. If an unexpected value is found, such as a 0 when a 1 was expected, this course of action is deemed to have injected a transient fault into the Raspberry Pi’s SRAM. The scope of this work is limited to transient faults in SRAM in order to have a more controlled environment where an expected value can be compared with the result of a test. Results indicated that the use of commodity devices such as wireless routers, microwaves, a permanent neodymium magnet, and an electromagnet are inconclusive in their ability to inject transient faults. 1. Introduction When developing a scheme for tolerating faults, it is important to test the design to determine how well the design handles the specific scenarios it is intended for according to its fault model. However, this leads to the question of how can a design be tested and how does one determine if the tests are passed or failed. Typically, in order to perform fault injection, simulators running a specific processor’s architecture are used. This allows control over where the fault is injected and the duration of the fault if it is transient [1]. Simulators are useful tools for injecting faults and testing a system’s ability to cope with different types of faults. The simulator, however, is only as good as the data that the simulation is based on, and the inputs that are used. If the simulated faults are not realistic in terms of the portion of the chip that is impacted, or the duration over which a voltage spike occurs, they may not truly test some of the main cases effectively. Additionally, faults may be logically masked and if careful effort is not made to determine whether the faults are being masked, the fault can go undetected even after significant testing [2]. An alternative to simulating fault injection is to inject faults using real sources of faults on real hardware. This approach is not as commonly used as simulation because it is time consuming and costly. The cost of manufacturing the hardware for the experiment and the cost of the test environment itself can be prohibitive [1]. This project aims to provide an alternative by using commonly found devices that have the potential to inject faults into real hardware. Additionally, the data gathered provides insight into how the Raspberry Pi responds to fault injection of different kinds. The Raspberry Pi is becoming more popular for different scientific and engineering applications, and it is important to be aware
  • 2. 2 of its sensitivity to different types of conditions. There is less information that can be found in terms of system state working with real hardware, unless the hardware is designed with circuitry for accessing state information at different points. This makes it important to first determine what is the expected outcome of an operation in order to have a way of comparing that which is expected with what has occurred experimentally. For this project, it was useful to target the SRAM for fault injection because the initial values can be manually selected for each SRAM cell and compared with the results without the need for additional hardware storing state information. The following information will make up the remainder of this paper. First, prior work done in the field of fault injection will be discussed as well as how it differs from this research. Next, the experimental setup and equipment used to perform fault injection experiments will be discussed, and lastly the experimental results will be included along with a detailed explanation proceeded with a conclusion. 2. Prior Work Existing methods of fault injection on real hardware rely on either hardware or software to inject faults. Software based fault injection can be done at compile-time and runtime, and does not require special equipment. This form of fault injection is limited, though, by the portions of hardware that can be reached through software. Fault injection done at compile-time works by changing certain instructions to improper instructions simulating what would happen if a fault changed their value. Runtime fault injection can work similarly to compile-time fault injection by adding code as well as the use of interrupts and exceptions to call functions used to inject faults. Hardware based fault injection can be done through contact and non-contact methods. A non- contact method would be to bombard a chip or component with radiation. When a radioactive particle strikes, it can generate a current [6]. Depending on the current generated, a bit may be flipped. As for contact methods of fault injection, probes can be used to alter the current at a specific pin. This probe based method allows for a targeted fault injection which can be useful for testing how a design handles specific faults. On the contrary, methods such as bombarding a chip with radiation can produce more realistic tests due to the unpredictable nature [1]. Additional methods of noncontact fault injection include those that rely on electromagnetic radiation including the use of lasers to change the voltage on a wire within a chip resulting in a bit flip. Such forms of fault injection can be used in testing cryptographic systems in order to test their security. The certification of a cryptographic system can rely on the system’s ability to withstand fault attacks with the intention of revealing cryptographic information. Such testing relies on a system using an electromagnetic probe which is connected to a pulse generator through which a voltage pulse is produced. The specialized magnetic probe is intended for targeted attacks directed at certain portions of a chip rather than exposing the entire chip to a magnetic field [5]. With the forms of fault injection discussed, each has its own benefits and drawbacks. Without removing a processor’s cap, fault injection using a laser or an intense pulse of light such as a camera flash would not produce desirable results. Similarly, applying a magnetic field to a system that has a metal case for fault injection would also be fruitless due to the metal case being a Faraday cage protecting
  • 3. 3 the CPU and other components [3]. Radiation based fault injection using a radioactive source provides an unpredictable means of fault injection that is more realistic in nature. However, specialized equipment would be needed to fire radioactive particles at a system and its components. With each of the possible forms of fault injection considered, it was found that noncontact fault injection using magnetic fields and electromagnetic radiation would be capable of producing realistic results similar to that of the firing of radioactive particles. If used without a magnetic probe focusing the magnetic pulse to a region of the chip or component, a magnetic field could be produced capable of impacting the entire chip at once. Another added benefit is that the two chosen fault injection methods could be achieved through the use of commonly found items or be built with relatively little cost. 3. Experimental Setup The Raspberry Pi computer is commonly referred to as a system on a chip. Aside from the small size, there is little difference between a Raspberry Pi and the average personal computer. The major differences lie in the use of a microSD card instead of a traditional hard disk drive, and the GPIO (General Purpose Input-Output Connector) that can be used to power different devices such as servos. The Raspberry Pi 3 used for each of these experiments ran the Linux based operating system Raspbian version 4.4 which provided the basic functionality for the experiments performed. Before any significant data was taken, it was important to develop a consistent way of determining whether or not an SRAM cell had been effected by the attempt at fault injection. This was done through a simple program written in C that allocates space for a user selected number of unsigned integers and stores either 1’s or 0’s in the entire allocated space. The Raspberry Pi’s processor is a Broadcom BCM2837 which has a 32 KB L1 cache for each of the four cores and a shared 512 KB L2 cache. Because each unsigned integer is 4 bytes, each trial was performed by allocating space for 136,000 unsigned integers to ensure that all of the SRAM was being used. The initial values for each of the integers are written to one file, while the final values are written to a separate file when the console receives user input. Using the diff command, it was determined whether there was a change in the integers written to file from the SRAM after the attempted fault injection or if the two files remained the same [4]. 3.1 Magnetic Fields According to Faraday’s Law, the motion of a circuit in a magnetic field, the change of a magnetic field’s strength, and the movement of a magnetic field in relation to a circuit are each capable of generating a current. This is known as electromagnetic induction and is the driving idea behind using an electromagnet to flip bits within SRAM cells. By passing a magnet over the processor in different directions, the magnetic field has the potential to impact the current being carried within the cache memory or the combinational logic. However, there are several unknowns in regards to this approach. Because the voltage that denotes a 1 or a 0 being held in the cross coupled inverters of each cache cell is not included in the Broadcom processor’s datasheet, it is only through experimental measures that a determination of this voltage can be determined [3]. During the magnetic fault injection portion of the project, several different approaches were taken. Initially, a Uxcell electromagnet solenoid was used with
  • 4. 4 multiple input voltages at a fixed distance from the processor. Also, a permanent neodymium magnet was used which proved to have a higher magnetic field strength than what could be achieved with the electromagnet. It was important for the testing done to avoid producing any permanent faults by shorting out pins through contact between the board and the magnets. This limited the proximity the magnets could be used within with respect to the Raspberry Pi and as a result this limited the magnetic field strength reaching the processor. There are several differences between the experimental setup for the magnetic fault injection experiments of this project and that of prior work including the lack of a motorized stage [4]. Rather than relying on a motorized stage, the magnet was moved manually in the x, y, and z directions. Also, the magnetic field generated was done using an electromagnet solenoid rather than a magnetic probe, and the voltage was constant for each trial rather than pulsed. 3.2 Electromagnetic Radiation Following the testing done using magnetic fields to inject faults, electromagnetic radiation was explored. Many common devices can be significant sources of electromagnetic radiation. The devices used were a wireless router and two different microwave ovens. Due to the danger of operating an open microwave, the Raspberry Pi was placed on top of a closed microwave during the experiments. This, however, does not mean that there was no microwave radiation reaching the Raspberry Pi. A simple test showed that both microwaves used leaked electromagnetic radiation. The test involved placing a cell phone inside of each microwave while they were unplugged and monitoring its connection to the wireless network. If the device lost its connection to the wireless network, this would indicate that the microwave was well insulated and did not leak electromagnetic radiation. However, it was found in the case of both microwaves that they did leak electromagnetic radiation. Wireless routers also produce electromagnetic radiation, however at a lesser intensity. Testing was performed using a wireless router alone, a wireless router and a microwave simultaneously, and the addition of parabolic reflectors to direct the electromagnetic radiation from the wireless router towards the Raspberry Pi. These devices were used over different durations and in different combinations in an attempt to inject transient faults. 4. Experimental Results and Analysis The first experiments performed were using the electromagnet at different operating voltages/currents at a fixed distance from the Raspberry Pi. At each input voltage, the magnet was moved manually in the x, y, and z directions relative to the Raspberry Pi’s processor (shown in Figure 1). Also, along with a variable voltage for electromagnet, each trial was performed with the SRAM full of 1’s and the SRAM X Y Z Figure 1: (The z axis is coming out of the page)
  • 5. 5 full of 0’s in order to account for the induction flipping bits in one direction more easily than another. The electromagnet is rated for 12 volts DC. Nonetheless, without knowing the permeability of the core’s material and the number of turns of magnetic wire it was impossible to calculate the magnetic field strength of the magnet. All that is known is the magnet’s lifting force is 50kg when operated at its threshold voltage according to its documentation. The electromagnet was operated at each voltage between 0 and 12 volts for a total of 24 trials. Some work was done operating the electromagnet beyond its rated voltage, but the magnet became dangerously hot. It was found that with the magnet used along with the experimental setup that transient faults could not be injected. One major issue is the distance between the electromagnet and the Raspberry Pi’s processor. This distance was maintained in order to keep the electromagnet from contacting pins and shorting them out. Magnetic field strength is dependent on the distance from the electromagnet itself, therefore by having this gap distance between the electromagnet and the processor the magnetic field strength reaching processor was reduced [3]. Additionally, a cylindrical neodymium magnet with a 13,500 Gauss internal magnetic field strength was tested in a similar fashion. However, due to the permanent magnet’s size, the magnet could be placed against the Raspberry Pi’s processor rather than at a fixed distance. This proximity along with the noticeably more powerful magnetic field generated by the permanent magnet created what was thought to be better conditions for performing fault injection. After performing trials with the SRAM full of 1’s and then 0’s, it was found that just as with the electromagnet no bits were flipped in the caches of the Raspberry Pi. Next, the use of electromagnetic radiation from a microwave and a wireless router were tested. Trials were done with the microwave and wireless router individually. Below in Figure 2, the table shows the various setups that were used in the hopes of isolating the change that caused enough electromagnetic radiation exposure to flip bits within the Raspberry Pi. Each of the tests in the following figure were performed with the Raspberry Pi’s cache being filled with 1’s and then with 0’s. Microwave Router Parabolic Reflectors Duration (Minutes) X 10 X 60 X X 60 X X 10 X X X 10 Figure 2: Experimental setup combinations for electromagnetic fault injection The duration in Figure 2 is the duration for which the Raspberry Pi was exposed to the sources of electromagnetic radiation before the resulting data was collected. It was found that regardless of the experimental setup used, the Raspberry Pi functioned normally and the data read out of the caches showed no flipped bits. An important aside is that the duration the microwave was run was limited by the time it took for ice to become boiling water. It is unsafe to run a microwave oven empty as it can damage it, therefore ice was used as a simple solution for running the microwave for extended periods of time without harm. One possible reason for the results attained through both methods of fault injection is that the induced current due to the magnet/electromagnet and the electromagnetic fields were not great enough to change the system’s state. Therefore, the use of more powerful sources of induction such as a more powerful
  • 6. 6 electromagnet and power supply or microwave emission device that is without shielding that limits the amount of electromagnetic radiation reaching the target device. Also, longer durations of exposure to the sources of electromagnetic radiation may increase the chance of transient faults being injection. In terms of the Raspberry Pi’s resistance to fault injection techniques, the results show that it would take a greater magnetic field strength than 13,500 Gauss to produce a transient fault, and that wireless routers and microwaves do not produce enough electromagnetic radiation to readily impact the processor’s state. Both of these pieces of information are helpful in developing future experiments for injecting faults into the Raspberry Pi and they demonstrate the device’s ability to withstand various forms of fault injection. 5. Conclusion There were two major objectives in this paper, the first of which being to develop a method of fault injection using magnets, wireless routers, and microwaves instead of costly specialized equipment that is typically used when performing hardware based fault injection. The second objective was to study the Raspberry Pi’s ability to tolerate these sources of fault injection. Raspberry Pi computers are becoming more popular for many projects, therefore the ability of the device to withstand common sources of faults is beneficial. It was found that with the experimental setup used it is not likely that a Raspberry Pi under similar conditions would experience a transient fault. However, even though there were no detected faults in the data readout from the device’s SRAM, this does not mean that transient faults did not exist in the device’s DRAM or combinational logic as a result of the testing. Transient faults in combinational logic could be logically masked, and any transient error in DRAM may not be a value that is used by the system again. This paper demonstrates a repeatable experimental setup for testing multiple forms of fault injection that could be built upon. By making use of commonly found items, the provided setup attempts to reduce the need for specialized equipment, thereby making non-contact, hardware based fault injection a more appealing choice when testing a system’s ability to handle faults. Future work could demonstrate this low-cost approach to fault injection as an effective alternative that provides realistic faults on par with the use of radioactive particles. 6. Future Work Moving forward, one major improvement that could be made is building an electromagnet specifically for the purpose of injecting faults. Some work was done to gather the materials such as magnetic wire and a ferromagnetic core, however finding a suitable power source hindered the efforts to take experimental data using this more powerful magnet. Additionally, using a voltage pulse with the electromagnet could be beneficial as well. An issue discovered with the electromagnet used is the heat that is generated, therefore reducing the time over which the current is running through the magnetic wire would aid in the reduction of temperature of the electromagnet. Another avenue would be the use of more powerful permanent magnets, but one of the determining factors in how powerful a permanent magnet is its size. Larger magnets would be more cumbersome to pass over the Raspberry Pi’s processor and the larger dimensions might require a larger gap between the magnet and the Raspberry Pi to avoid contacting the GPIO pins. This could defeat the purpose of having a more
  • 7. 7 powerful magnet because the magnetic field strength decreases proportionally to the distance from the magnetic core [3]. With that in mind, the motivations behind using a small electromagnetic magnetic probe controlled with short voltage pulses over a traditional electromagnet or permanent magnet become apparent as it is better suited for use with sensitive electronic devices. References [1] Hsueh, M., Tsai, T. K., & Iyer, R. K. (1997, April). Fault Injection Techniques and ... - ece.cmu.edu. Retrieved November 1, 2016, from https://www.ece.cmu.edu/~ece749/docs/faul tInjectionSurvey.pdf [2] Shivakumar, P., Kistler, M., Keckler, S., Burger, D., & Alvisi, L. (n.d.). Modeling the effect of technology trends on the soft error rate of combinational logic. Proceedings International Conference on Dependable Systems and Networks. 2002 [3] Griffiths, D. J. (2003). Introduction to electrodynamics (4th ed.). Pearson. [4] Raspberry Pi Hardware. (n.d.). Retrieved November 7, 2016, from https://www.raspberrypi.org/documentation/ hardware/raspberrypi/README.md [5] Dehbaoui, A., Dutertre, J., Robinson, B., Orsatelli, P., Maurine, P., & Tria, A. (n.d.). Injection of transient faults using electromagnetic pulses Practical results on a cryptographic system. Retrieved from https://www.researchgate.net/profile/Bruno_ Robisson/publication/267407641_Injection_ of_transient_faults_using_electromagnetic_ pulses_Practical_results_on_a_cryptographi c_system/links/546278520cf2cb7e9da64fe1. pdf [6] Ziegler, J. F., Curtis, H. W., Muhlfeld, H. P., Montrose, C. J., Chin, B., Nicewicz, M., . . . Wahaus, C. W. (1996). IBM experiments in soft fails in computer electronics (1978–1994). IBM Journal of Research and Development, 40(1), 3-18. doi:10.1147/rd.401.0003