SlideShare a Scribd company logo

Vulnerabilities analysis of fault and Trojan attacks in FSM

Kurra Gopi
Kurra Gopi

The security of the whole system can be compromised if there are vulnerabilities in the FSM. I These vulnerabilities can be created by improper designs or by the synthesis tool which introduces additional dont care states and transitions during the optimization and synthesis process. I An attacker can utilize these vulnerabilities to perform fault injection attacks or insert malicious hardware modi cations (Trojan) to gain unauthorized access to some speci c states.

Engineering
1 of 43
Download to read offline
VULNERABILITIES ANALYSIS OF FAULT AND TROJAN ATTACKS IN FSM Gopi Kurra (2016VLSI-17) Mani Shankar (2016VLSI-18) N Vishnu Vardhan Rao (2016VLSI-19) ABV-Indian Institute of Information Technology and Management Gwalior, Morena Link Road, Gwalior, Madhya Pradesh, INDIA - 474010. April 27, 2017
IMPORTANCE OF FSM IMPORTANCE OF FSM A finite state machine (FSM) is responsible for controlling the overall functionality of most digital systems. Therefore, The security of the whole system can be compromised if there are vulnerabilities in the FSM. These vulnerabilities can be created by improper designs or by the synthesis tool which introduces additional dont care states and transitions during the optimization and synthesis process. An attacker can utilize these vulnerabilities to perform fault injection attacks or insert malicious hardware modifications (Trojan) to gain unauthorized access to some specific states.
What are the Vulnerabilities in FSM What are the Vulnerabilities in FSM The main vulnerabilities in FSM are as follows, Fault injection attack Trojan attack These attacks are due to don’t care states and transitions, So we propose a technique called analysing vulnerabilities in FSM(AVFSM).
AVFSM(Analyzing the Vulnerabilities in FSM) AVFSM(Analyzing the Vulnerabilities in FSM) We propose a novel ATPG-based technique to extract the functionality of the FSM from a gate-level netlist. In addition to the states and transitions specified in the RTL level, our proposed technique can extract the dont-care states and transitions which are introduced during the synthesis process. Based on the extracted state transition table, our proposed framework, AVFSM analyzes each transition and reports all the transitions during which a fault can be injected to gain unauthorized access to some secured or protected states.
AVFSM(Analyzing the Vulnerabilities in FSM) AVFSM(Analyzing the Vulnerabilities in FSM) We propose two metrics that use the extracted information as well as the design to quantify how susceptible the FSM is to fault injection and hardware Trojans. We analyze each reported transition using static timing analysis to determine the difficulty of inducing setup time violation based fault injection attacks. We perform case study for the FSM of AES encryption modules using the proposed metrics.
Overall Workflow of the AVFSM Overall Workflow of the AVFSM Input User Timing Report Static Gate Level Netlist Report RTL FSM Report FSM Extraction (FE) FSM Fault Injection Analysis Factor Of Fault Injection States and Don’t Care transitions Trojan Vulnerability Trojan Insertion Don’t Care Sd & Td Extracted Identification Insertion Analysis Vulnerability Factor of FSM Synthesis Results grnrated by the ModuleInputs to the Module Modules of the Framework Figure 1 : Overall Workflow of the AVFSM
Overall Workflow of the AVFSM Overall Workflow of the AVFSM The overall workflow of our AVFSM framework is shown in Fig.1. The AVFSM framework is composed of four modules: 1. FSM Extraction (FE): Extracts the STG of the FSM from the gate-level netlist. 2. Dont-care SD and TD Identification (DCSTI): Reports the SD and TD introduced by the synthesis process. 3. Fault Injection Analysis (FIA): Reports a quantitative measure of the vulnerability of FSM to fault injection attack. 4. Trojan Insertion Analysis (TIA): Reports a quantitative measure of the vulnerability of FSM to Trojan insertion.
Extraction of STG Extraction of STG To analyze vulnerabilities in the FSM, We first need to extract the state transition graph (STG) from the synthesized gate-level netlist. Synthesized gate level netlist is generated by ISE project navigator. The extracted STG must incorporate the dont-care states and transitions which were introduced by the synthesis process. By using the Algorithm-I, Extracted the State Transition Graph with don’t care transitions and states.
Algorithm 1 Extraction of STG of FSM Algorithm 1 Extraction of STG of FSM Procedure I:MODIFIED NETLIST GENRATION Input:Gate−level netlist of the the FSM,FSM synthesis report Output:Modified netlist for ATPG−based FSM extraction Fs Identify state FFs for each f Identify non−state FFs in the input cone of f Remove NSF primary input,PI end for for each f Fs do Remove f from the Netlist Add the net where Q pin of f was connected as primary input, PIpresent state Add XOR gate at the net where D pin of f was connected Add the other input XOR gate gate as primary input,PI ORed all the outputs of XOR gates and add output of the OR gate as primary output,PO Add inverter to compensate for QN pin of f end for end procedure XOR OR Fs do Add inverter to compensate for QN pin of fNS FNS and add the net where Q pin of F was connected as NSF NS Algorithm 1 Extraction of STG of FSM 1: 2: 3: 4: 5: 6: 7: 10: 9: 11: 12: 17: 18: 16: 15: 14: 13: 8:
Algorithm 1 Extraction of STG of FSM Algorithm 1 Extraction of STG of FSM for each s S doEN SEN Get state encodings XORApply the logical value of s as constraint PI Remove all faults and add stuck−at−1 fault at PO Genrate test pattern n times for the mentioned fault Extracted the present state values and conditions that causes transition to s from genrated test patterns OR Procedure II:STATE TRANSITION GRAPH EXTRACTION Input:Modified gate−level netlist ,FSM synthesis report Output:Extracted State Transition Graph end procedure end for 1: 2: 3: 4: 5: 7: 8: 9: 10: 6: 11: Algorithm 1 Extraction of STG of FSM
Procedure I: Generation of modified netlist Procedure I: Generation of modified netlist We are taken AES model FSM for demonstration of our technique. Wait Key Initial Round Do Round Final Round Wait Data KR=1 DS=1 KR=0 KR=0 KR=1 KR=0 KR=1 DS=0 N0_Round Figure 2 : AES FSM diagram
Procedure I: Generation of modified netlist Procedure I: Generation of modified netlist We used two different encoding schemes, Scheme-1 is [Wait Key, Wait Data, Initial Round, Final Round]=[000, 001, 010, 011]. Scheme-2 is [Wait Key, Wait Data, Initial Round, Final Round]=[001, 010, 011, 000].
Scheme-1 AES FSM Scheme-1 AES FSM This can be generated by using QUARTUS II tool from Verilog code of FSM, 001 000 010 011 100
Logic diagram of AES for Scheme-1 Logic diagram of AES FSM for Scheme-1 This is generated by ISE project navigator by using Verilog code of FSM, B B A A D K KD C C C B B C CLK D D D Figure 4 : Logic Diagram of AES FSM for scheme-1
Modified logic diagram for Scheme-1 Modified logic diagram for scheme1 According to Algorithm-1 Procedure-I is, Combinational Circuit State FFs FFs Next States Inputs presentState Non state Figure 5 : Original FSM Combinational Circuit PIpresentState Inputs PIFNS OR PIxor1 PO PIxorN Figure 6 : Modified FSM for ATGP-based STG extraction
Modified logic diagram for Scheme-1 Modified logic diagram for Scheme-1 PIXOR1 PIXOR2 PI XOR3 PO OR B B C K D B C C B K K D D K K B D C K D B C Figure 7 : Modified Logic diagram for Scheme-1
MODIFIED NETLIST MODIFIED NETLIST GENERATION By Considering stuck at 1 fault at POOR generate all input test pattern by using ATGP tool. We generated test bench for the modified logic diagram for each and every input and generated the all possible states when the POOR will be 0 by using the ISE project navigator. And ISE Project navigator generates the synthesized Modified netlist.
Simulation results for Scheme-1 Simulation results for Scheme-1 Figure 8 : Simulation Results for Scheme-1
PROCEDURE II STG extraction PROCEDURE II STG extraction STG with don’t care transitions and states generated by QUARTUS II tool by using the modified netlist. 101 110 111 001 000 010 011 100 Figure 9 : STG of AES FSM with don’t care transitions and states
Scheme-2 AES FSM Scheme-2 AES FSM This can be generated by using QUARTUS-II tool from Verilog code of FSM, 000 001 010 100 011 Figure 10 : Scheme-2 AES FSM diagram
Logic diagram of AES for Scheme-2 Logic diagram of AES FSM for Scheme-2 This is generated by ISE project navigator by using Verilog code of FSM, B B A A D K KD C C C B B C A A CLK D D D Figure 11 : Logic Diagram of AES FSM for scheme-2
Modified logic diagram for Scheme-2 Modified logic diagram for Scheme-2 C K B D C A B K A B K B C D K A C K B C K B C K D PIxor1 PIxor2 PIxor3 PO Figure 12 : Modified Logic diagram for Scheme-2
MODIFIED NETLIST MODIFIED NETLIST By Considering stuck at 1 fault at POOR generate all input test pattern by using ATGP tool. We generated test bench for the modified logic diagram for each and every input and generated the all possible states when the POOR will be 0 by using the ISE project navigator. And ISE Project navigator generates the synthesized Modified netlist.
Simulation results for Scheme-2 Simulation results for Scheme-2 Figure 13 : Simulation Results for scheme-2
PROCEDURE II STG Extraction PROCEDURE II STG Extraction STG with don’t care transitions and states generated by QUARTUS II tool by using the modified netlist. 101 110 000 001 010 100 011 111 Figure 14 : STG of AES FSM with don’t care transitions and states for scheme-2
Vulnerability Analysis:Fault Injection Vulnerability Analysis:Fault Injection We propose a technique which analyzes each transition of the STG. Based on a proposed metric quantitatively measures how susceptible that transition is to a fault injection attack. For scheme 2, AVFSM reports 12 VT during which a fault can be injected to gain access to the protected state Final Round (000).
Vulnerability Analysis:Fault Injection Vulnerability Analysis:Fault Injection Our vulnerability analysis is based on the observation shown in Fig.13 and 14. Let us consider the state transition T(00;10) where the current state is 00 and the next state is 10. 00 10 01Fault is not possible P Figure 15 : Setup time Violation based fault injection attack During this transition, one cannot perform time violation based fault injection attack to go to state 01, So fault attack is not possible. It is because during this state transition (T(00;10)), the LSB bit of both the current state and the next state remains 0 and therefore, a setup time violation based fault cannot be injected at this bit position to change the bit value to 1.
Vulnerability Analysis:Fault Injection Vulnerability Analysis:Fault Injection 11 10 01 PFault is possible Figure 16 : Setup time Violation based fault injection attack On the other hand during T(10;01), one can inject a fault to go to state 11. To successfully inject this fault, the setup time constraint of MSB state FF needs to be violated whereas the setup time constraint of LSB state FF needs to be maintained. By using the Algorithm-2 we find the conditions for fault attacks.
Algorithm2 Conditions for fault attack Algorithm2 Conditions for fault attack Sx = [b x1 bb ]x0x(n−1) (bxi( yib PathViolated X,Y = {Path Fs (i) } PathOK X,Y = {Path (i) } Fs = {Path (i) } Fs PathNo Effect X,Y Algorithm 2 Condition for fault attack Procedure Input:Extracted for each T(x,y) do bb ] bb ] Sy = [by(n−1) y0y1 P = [b p(n−1) p1 p0 Compute C= i=0 (n−1) ) +(b b ))xi if (C==1) then fault attack possible for T(X,Y) VT(X,Y) for i=0 to (n−1) do if xi( yibb ) then Input:set of protected state P Output:Conditions for sucessful fault attack else else end for else fault attack not possible for T(X,Y) end for end procedure State Transition Graph T(x,y) Extracted State Transition Graph pi T(X,Y) 1: 2: 5: 26: 3: 4: 6: 7: 8: 9: 10: 11: 12: 13: 14: 16: 15: 17: 18: 19: 20: 21: 22: 23: 24: 25: pixiif (b == b )
Algorithm2 Conditions for fault attack Algorithm2 Conditions for fault attack PathViolated: Setup time constraint of the state FF in this path needs to be violated (lines 16-17). PathOK: Setup time constraint of the state FF in this path needs to be maintained (lines 18-19). PathNoEffect: State logic bit in this path does not change during the transition and therefore this path has no impact on the vulnerability analysis (lines 20-21).
c code for Algorithm 2 c code for algorithm 2 We implemented Algorithm-2 by a simple c program. void states(int sx, int sy, int sp) { int Sx,Sy; Sx=sx; Sy=sy; int bx0=0, bx1=0, bx2=0; int by0=0, by1=0, by2=0; int bp0=0, bp1=0, bp2=0; int c; if(sx!=0) { bx0=sx%2; sx=sx/2; if(sx!=0) { bx1=sx%2; sx=sx/2; if(sx!=0) {
c code for Algorithm 2 c code for algorithm 2 bx2=sx%2; } } } printf(”%d%d%d”,bx2,bx1,bx0); c=((bx0 ˆ by0) (bx0&bp0)) & ((bx1 ˆ by1) (bx1&bp1)) & ((bx2 ˆ by2) (bx2&bp2))&((bx0 ˆ by0) (bx0&bp0)) ; if(c==1) { printf(” fault attack is possible for transistion s%d to s%d ”,Sx,Sy); if(bx0ˆ by0) { if(bx0==bp0) printf(” PathViolated = Path(0)”); else printf(” PathOK = Path(0)”); }
C code for Algorithm-2 C code for Algorithm-2 else printf(” PathNoEffect = Path(0)”); } else printf(” fault attack is not possible for transistion s%d to s%d ”,Sx,Sy); }
Output of c code Output of c code Table 1 : Outputs of the C program of Algorithm-2 Transition Faultstate Path Violated PathOk PathNoeffect (111)to(000) 000 Path(2) Path(0) Path(1) (011)to(100) 100 Path(2) Path(1) Path(0) (110)to(001) 001 Path(2) Path(0) Path(1)
Path delay calculation Path delay calculation Module FIA uses Xilinx ISE Timing analyzer to find the maximum path delay of each state Flip Flop(FF). Table 2 : Path delays of each FF Path Name Maximum Path delay(nS) Path(0) 4.291 Path(1) 4.4883 Path(2) 4.285
Susceptibility Factor Metric Susceptibility Factor(SF) Metric To quantify how susceptible each VT is to fault injection attack, We propose the susceptibility factor metric, SF to quantitatively measure the vulnerability of each transition is to fault injection attack. SF = PathDifference avg(PathFS ) SF is function of PathDifference where PathDifference is defined as PathDifference =PathFS (i)-PathFS (j) where i∈PathOK and j∈PathViolated Here, PathFs (i) represents the maximum path delay to ith state FF and avg(PathFs ) is calculated by taking the mean value of all the PathFS. High value of PathDifference means that attacker has a grater ability to successfully inject the fault.
Susceptibility Factor Metric Susceptibility Factor(SF) Metric Table 3 : Susceptibility Factor of Vulnerable transitions Transition Fault state SF (111 to 000) 000 0.133 (011 to 100) 100 0.045 (110 to 001) 001 0.133
Vulnerability Factor of Fault Injection(VFFI) Vulnerability Factor of Fault Injection Module FIA use the metric, Vulnerability Factor of Fault Injection to measure the overall vulnerability the FSM to fault injection attack. VFFI =(PVT(%), ASF),where PVT(%) = TotalvulnerableTransition (NVT ) TotalTransition . ASF = NVT i=1 SF(i) NVT The metric VFFI is composed of two parameters PVT(%), ASF. PVT(%) indicates the percentage of VT to TotalTransition. ASF signifies the average of SF. The greater the values of these two parameters are, the more susceptible the FSM is to fault attacks.
Vulnerability Analysis: Trojan Attack Vulnerability Analysis: Trojan Attack We use the extracted STG to analyze how susceptible the FSM is to Trojan attacks. In our analysis, we consider the dont-care states which can be utilized to insert Trojans and gain access to a protected state. Module TIA performs the vulnerability analysis of Trojan attacks. It first reads the extracted STG and the dont-care states (SD) and transitions and gets the set of protected states (P) from the designer. Module TIA then searches for the Dangerous Dont-Care States (DDCS) and use the following metric vulnerability factor of Trojan insertion (VFTro) to evaluate the vulnerability of the FSM to Trojan insertion. VFTro = Total number of s TotalTransition where,s’∈DDCS
Vulnerability Analysis: Trojan Attack Vulnerability Analysis: Trojan Attack Total number of s’=3 Total transitions=17 Table 4 : Vulnerability analysis for scheme 1 and scheme 2 of AES. Factor Scheme-1 Scheme-2 VFFI =(PVT(%), ASF) (0,0) (52.9%,0.034) VFTro 0 0.176
Conclusion Conclusion In This paper, We systematically analyzes and evaluates vulnerabilities in the FSM against fault injection and Trojan attacks. Our proposed Vulnerabilities Analysis of Fault and Trojan Attack in FSM allows the designer to find security vulnerabilities in the FSM at an early design stage. AVFSM also enables the designer to quantitatively compare the security of different implementations of the same design.
References References 1. Adib Nahiyan1, Kan Xiao2, Kun Yang1, Yier Jin3, Domenic Forte1 and Mark Tehranipoor1,”AVFSM: A Framework for Identifying and Mitigating Vulnerabilities in FSMs”,DAC 16, June 05-09, 2016, Austin, TX, USA. 2. H. Salmani and M. Tehranipoor, ”Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level,” in Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2013. 3. B. Yuce et al., ”TVVF Estimating the vulnerability of hardware cryptosystems against timing violation attacks,” in Hardware Oriented Security and Trust (HOST), 2015.
References Thank You!

Recommended

Embedded system (Chapter 2) part 2
Embedded system (Chapter 2) part 2Embedded system (Chapter 2) part 2
Embedded system (Chapter 2) part 2
Ikhwan_Fakrudin
 
Synthesis & FPGA Implementation of UART IP Soft Core
Synthesis & FPGA Implementation of UART IP Soft CoreSynthesis & FPGA Implementation of UART IP Soft Core
Synthesis & FPGA Implementation of UART IP Soft Core
ijsrd.com
 
UART MCU
UART MCUUART MCU
UART MCU
Corrado Santoro
 
Lecture 4 (8051 instruction set) rv01
Lecture 4 (8051 instruction set) rv01Lecture 4 (8051 instruction set) rv01
Lecture 4 (8051 instruction set) rv01
cairo university
 
Xilinxaxi uart16550
Xilinxaxi uart16550Xilinxaxi uart16550
Xilinxaxi uart16550
Moorthy Venkatachalam
 
Pdf tp3076 national
Pdf tp3076 nationalPdf tp3076 national
Pdf tp3076 national
Hoopeer Hoopeer
 
Lecture 5 (system clock crossbar and gpio) rv012
Lecture 5 (system clock crossbar and gpio) rv012Lecture 5 (system clock crossbar and gpio) rv012
Lecture 5 (system clock crossbar and gpio) rv012
cairo university
 
MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...
MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...
MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...
MIPI Alliance
 

Recommended

Embedded system (Chapter 2) part 2
Embedded system (Chapter 2) part 2Embedded system (Chapter 2) part 2
Embedded system (Chapter 2) part 2
Ikhwan_Fakrudin
 
Synthesis & FPGA Implementation of UART IP Soft Core
Synthesis & FPGA Implementation of UART IP Soft CoreSynthesis & FPGA Implementation of UART IP Soft Core
Synthesis & FPGA Implementation of UART IP Soft Core
ijsrd.com
 
UART MCU
UART MCUUART MCU
UART MCU
Corrado Santoro
 
Lecture 4 (8051 instruction set) rv01
Lecture 4 (8051 instruction set) rv01Lecture 4 (8051 instruction set) rv01
Lecture 4 (8051 instruction set) rv01
cairo university
 
Xilinxaxi uart16550
Xilinxaxi uart16550Xilinxaxi uart16550
Xilinxaxi uart16550
Moorthy Venkatachalam
 
Pdf tp3076 national
Pdf tp3076 nationalPdf tp3076 national
Pdf tp3076 national
Hoopeer Hoopeer
 
Lecture 5 (system clock crossbar and gpio) rv012
Lecture 5 (system clock crossbar and gpio) rv012Lecture 5 (system clock crossbar and gpio) rv012
Lecture 5 (system clock crossbar and gpio) rv012
cairo university
 
MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...
MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...
MIPI DevCon 2016: MIPI C-PHY - Introduction From Basic Theory to Practical Im...
MIPI Alliance
 
Wireless UART Controller: XR18W750
Wireless UART Controller: XR18W750Wireless UART Controller: XR18W750
Wireless UART Controller: XR18W750
Premier Farnell
 
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device DriversFast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Pantazis Deligiannis
 
Control processing unit and control sequence of ADD and SUB
Control processing unit and control sequence of ADD and SUBControl processing unit and control sequence of ADD and SUB
Control processing unit and control sequence of ADD and SUB
Romilkumar Siddhapura
 
Ch2 microcontroller architecture
Ch2 microcontroller architectureCh2 microcontroller architecture
Ch2 microcontroller architecture
Ahmad Sidik
 
Chp5 pic microcontroller instruction set copy
Chp5 pic microcontroller instruction set copyChp5 pic microcontroller instruction set copy
Chp5 pic microcontroller instruction set copy
mkazree
 
Chp7 pic 16 f84 interfacing - copy
Chp7 pic 16 f84 interfacing - copyChp7 pic 16 f84 interfacing - copy
Chp7 pic 16 f84 interfacing - copy
mkazree
 
Cryptoppt
CryptopptCryptoppt
Cryptoppt
Meenakshi Tripathi
 
Introduction to Microcontrollers
Introduction to MicrocontrollersIntroduction to Microcontrollers
Introduction to Microcontrollers
SaravananVijayakumar4
 
CCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukarCCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukar
ALLCAD Services Pvt Limited
 
Microcontrollers ii
Microcontrollers iiMicrocontrollers ii
Microcontrollers ii
Kumar Kumar
 
Interrupts for PIC18
Interrupts for PIC18Interrupts for PIC18
Interrupts for PIC18
raosandy11
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development
FastBit Embedded Brain Academy
 
Dima kovalenko - Is ARMv8.3 the end of ROP?
Dima kovalenko - Is ARMv8.3 the end of ROP?Dima kovalenko - Is ARMv8.3 the end of ROP?
Dima kovalenko - Is ARMv8.3 the end of ROP?
Hacken_Ecosystem
 
Interface gsm module with pic
Interface gsm module with picInterface gsm module with pic
Interface gsm module with pic
Ravindra Saini
 
Lecture 4 i2 c bus & interrupts
Lecture 4 i2 c bus & interruptsLecture 4 i2 c bus & interrupts
Lecture 4 i2 c bus & interrupts
أشرف أمجد الشريف
 
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
IJET - International Journal of Engineering and Techniques
 
Timers and Endge-aligned PWM
Timers and Endge-aligned PWMTimers and Endge-aligned PWM
Timers and Endge-aligned PWM
Ariel Tonatiuh Espindola
 
Embedded system (Chapter )
Embedded system (Chapter )Embedded system (Chapter )
Embedded system (Chapter )
Ikhwan_Fakrudin
 
Soc
SocSoc
Soc
Corrado Santoro
 
LinuxCNC 入門簡介
LinuxCNC 入門簡介LinuxCNC 入門簡介
LinuxCNC 入門簡介
roboard
 
On chip crosstalk_avoidance_codec_design_using_fibonacci
On chip crosstalk_avoidance_codec_design_using_fibonacciOn chip crosstalk_avoidance_codec_design_using_fibonacci
On chip crosstalk_avoidance_codec_design_using_fibonacci
bharath naidu
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
IOSR Journals
 

More Related Content

What's hot

Wireless UART Controller: XR18W750
Wireless UART Controller: XR18W750Wireless UART Controller: XR18W750
Wireless UART Controller: XR18W750
Premier Farnell
 
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device DriversFast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Pantazis Deligiannis
 
Control processing unit and control sequence of ADD and SUB
Control processing unit and control sequence of ADD and SUBControl processing unit and control sequence of ADD and SUB
Control processing unit and control sequence of ADD and SUB
Romilkumar Siddhapura
 
Ch2 microcontroller architecture
Ch2 microcontroller architectureCh2 microcontroller architecture
Ch2 microcontroller architecture
Ahmad Sidik
 
Chp5 pic microcontroller instruction set copy
Chp5 pic microcontroller instruction set copyChp5 pic microcontroller instruction set copy
Chp5 pic microcontroller instruction set copy
mkazree
 
Chp7 pic 16 f84 interfacing - copy
Chp7 pic 16 f84 interfacing - copyChp7 pic 16 f84 interfacing - copy
Chp7 pic 16 f84 interfacing - copy
mkazree
 
Cryptoppt
CryptopptCryptoppt
Cryptoppt
Meenakshi Tripathi
 
Introduction to Microcontrollers
Introduction to MicrocontrollersIntroduction to Microcontrollers
Introduction to Microcontrollers
SaravananVijayakumar4
 
CCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukarCCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukar
ALLCAD Services Pvt Limited
 
Microcontrollers ii
Microcontrollers iiMicrocontrollers ii
Microcontrollers ii
Kumar Kumar
 
Interrupts for PIC18
Interrupts for PIC18Interrupts for PIC18
Interrupts for PIC18
raosandy11
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development
FastBit Embedded Brain Academy
 
Dima kovalenko - Is ARMv8.3 the end of ROP?
Dima kovalenko - Is ARMv8.3 the end of ROP?Dima kovalenko - Is ARMv8.3 the end of ROP?
Dima kovalenko - Is ARMv8.3 the end of ROP?
Hacken_Ecosystem
 
Interface gsm module with pic
Interface gsm module with picInterface gsm module with pic
Interface gsm module with pic
Ravindra Saini
 
Lecture 4 i2 c bus & interrupts
Lecture 4 i2 c bus & interruptsLecture 4 i2 c bus & interrupts
Lecture 4 i2 c bus & interrupts
أشرف أمجد الشريف
 
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
IJET - International Journal of Engineering and Techniques
 
Timers and Endge-aligned PWM
Timers and Endge-aligned PWMTimers and Endge-aligned PWM
Timers and Endge-aligned PWM
Ariel Tonatiuh Espindola
 
Embedded system (Chapter )
Embedded system (Chapter )Embedded system (Chapter )
Embedded system (Chapter )
Ikhwan_Fakrudin
 
Soc
SocSoc
Soc
Corrado Santoro
 
LinuxCNC 入門簡介
LinuxCNC 入門簡介LinuxCNC 入門簡介
LinuxCNC 入門簡介
roboard
 

What's hot (20)

Wireless UART Controller: XR18W750
Wireless UART Controller: XR18W750Wireless UART Controller: XR18W750
Wireless UART Controller: XR18W750
 
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device DriversFast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
 
Control processing unit and control sequence of ADD and SUB
Control processing unit and control sequence of ADD and SUBControl processing unit and control sequence of ADD and SUB
Control processing unit and control sequence of ADD and SUB
 
Ch2 microcontroller architecture
Ch2 microcontroller architectureCh2 microcontroller architecture
Ch2 microcontroller architecture
 
Chp5 pic microcontroller instruction set copy
Chp5 pic microcontroller instruction set copyChp5 pic microcontroller instruction set copy
Chp5 pic microcontroller instruction set copy
 
Chp7 pic 16 f84 interfacing - copy
Chp7 pic 16 f84 interfacing - copyChp7 pic 16 f84 interfacing - copy
Chp7 pic 16 f84 interfacing - copy
 
Cryptoppt
CryptopptCryptoppt
Cryptoppt
 
Introduction to Microcontrollers
Introduction to MicrocontrollersIntroduction to Microcontrollers
Introduction to Microcontrollers
 
CCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukarCCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukar
 
Microcontrollers ii
Microcontrollers iiMicrocontrollers ii
Microcontrollers ii
 
Interrupts for PIC18
Interrupts for PIC18Interrupts for PIC18
Interrupts for PIC18
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development
 
Dima kovalenko - Is ARMv8.3 the end of ROP?
Dima kovalenko - Is ARMv8.3 the end of ROP?Dima kovalenko - Is ARMv8.3 the end of ROP?
Dima kovalenko - Is ARMv8.3 the end of ROP?
 
Interface gsm module with pic
Interface gsm module with picInterface gsm module with pic
Interface gsm module with pic
 
Lecture 4 i2 c bus & interrupts
Lecture 4 i2 c bus & interruptsLecture 4 i2 c bus & interrupts
Lecture 4 i2 c bus & interrupts
 
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
[IJET-V1I3P17] Authors :Prof. U. R. More. S. R. Adhav
 
Timers and Endge-aligned PWM
Timers and Endge-aligned PWMTimers and Endge-aligned PWM
Timers and Endge-aligned PWM
 
Embedded system (Chapter )
Embedded system (Chapter )Embedded system (Chapter )
Embedded system (Chapter )
 
Soc
SocSoc
Soc
 
LinuxCNC 入門簡介
LinuxCNC 入門簡介LinuxCNC 入門簡介
LinuxCNC 入門簡介
 

Similar to Vulnerabilities analysis of fault and Trojan attacks in FSM

On chip crosstalk_avoidance_codec_design_using_fibonacci
On chip crosstalk_avoidance_codec_design_using_fibonacciOn chip crosstalk_avoidance_codec_design_using_fibonacci
On chip crosstalk_avoidance_codec_design_using_fibonacci
bharath naidu
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
IOSR Journals
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
IOSR Journals
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
D0364017024
D0364017024D0364017024
D0364017024
theijes
 
C211824
C211824C211824
C211824
irjes
 
Fpga applications using hdl
Fpga applications using hdlFpga applications using hdl
Fpga applications using hdl
Sankarshan D
 
Information Gathering 2
Information Gathering 2Information Gathering 2
Information Gathering 2
Aero Plane
 
Optimized architecture for SNOW 3G
Optimized architecture for SNOW 3GOptimized architecture for SNOW 3G
Optimized architecture for SNOW 3G
IJECEIAES
 
Host manual sysmex-xe2100
Host manual sysmex-xe2100Host manual sysmex-xe2100
Host manual sysmex-xe2100
Julio Cesar Mace
 
project on OSPF
project on OSPFproject on OSPF
project on OSPF
Om Prakash
 
Eigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configurationEigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configuration
3Anetwork com
 
IJCER (www.ijceronline.com) International Journal of computational Engineeri...
IJCER (www.ijceronline.com) International Journal of computational Engineeri... IJCER (www.ijceronline.com) International Journal of computational Engineeri...
IJCER (www.ijceronline.com) International Journal of computational Engineeri...
ijceronline
 
Simulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal SimulatorSimulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal Simulator
IOSR Journals
 
Cgc2
Cgc2Cgc2
Cgc2
Chong-Kuan Chen
 
C041221821
C041221821C041221821
C041221821
IOSR-JEN
 
General lab documentation~cisco router configuration
General lab documentation~cisco router configurationGeneral lab documentation~cisco router configuration
General lab documentation~cisco router configuration
sayedatif
 
Live streaming in Android
Live streaming in AndroidLive streaming in Android
Live streaming in Android
Ahmet Mermerkaya
 
CNF.Chap.5.pptx
CNF.Chap.5.pptxCNF.Chap.5.pptx
CNF.Chap.5.pptx
halosidiq1
 
Manual psim
Manual psimManual psim
Manual psim
Wilder Samo Castillo
 

Similar to Vulnerabilities analysis of fault and Trojan attacks in FSM (20)

On chip crosstalk_avoidance_codec_design_using_fibonacci
On chip crosstalk_avoidance_codec_design_using_fibonacciOn chip crosstalk_avoidance_codec_design_using_fibonacci
On chip crosstalk_avoidance_codec_design_using_fibonacci
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
 
D0364017024
D0364017024D0364017024
D0364017024
 
C211824
C211824C211824
C211824
 
Fpga applications using hdl
Fpga applications using hdlFpga applications using hdl
Fpga applications using hdl
 
Information Gathering 2
Information Gathering 2Information Gathering 2
Information Gathering 2
 
Optimized architecture for SNOW 3G
Optimized architecture for SNOW 3GOptimized architecture for SNOW 3G
Optimized architecture for SNOW 3G
 
Host manual sysmex-xe2100
Host manual sysmex-xe2100Host manual sysmex-xe2100
Host manual sysmex-xe2100
 
project on OSPF
project on OSPFproject on OSPF
project on OSPF
 
Eigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configurationEigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configuration
 
IJCER (www.ijceronline.com) International Journal of computational Engineeri...
IJCER (www.ijceronline.com) International Journal of computational Engineeri... IJCER (www.ijceronline.com) International Journal of computational Engineeri...
IJCER (www.ijceronline.com) International Journal of computational Engineeri...
 
Simulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal SimulatorSimulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal Simulator
 
Cgc2
Cgc2Cgc2
Cgc2
 
C041221821
C041221821C041221821
C041221821
 
General lab documentation~cisco router configuration
General lab documentation~cisco router configurationGeneral lab documentation~cisco router configuration
General lab documentation~cisco router configuration
 
Live streaming in Android
Live streaming in AndroidLive streaming in Android
Live streaming in Android
 
CNF.Chap.5.pptx
CNF.Chap.5.pptxCNF.Chap.5.pptx
CNF.Chap.5.pptx
 
Manual psim
Manual psimManual psim
Manual psim
 

Recently uploaded

SMT process how to making and defects finding
SMT process how to making and defects findingSMT process how to making and defects finding
SMT process how to making and defects finding
rameshqapcba
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Transcat
 
Ericsson LTE Throughput Troubleshooting Techniques.ppt
Ericsson LTE Throughput Troubleshooting Techniques.pptEricsson LTE Throughput Troubleshooting Techniques.ppt
Ericsson LTE Throughput Troubleshooting Techniques.ppt
wafawafa52
 
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUESAN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
drshikhapandey2022
 
DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...
DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...
DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...
OKORIE1
 
Supermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdfSupermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdf
Kamal Acharya
 
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICSUNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
vmspraneeth
 
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)3rd International Conference on Artificial Intelligence Advances (AIAD 2024)
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)
GiselleginaGloria
 
Object Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOADObject Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOAD
PreethaV16
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdfAsymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
felixwold
 
Lateral load-resisting systems in buildings.pptx
Lateral load-resisting systems in buildings.pptxLateral load-resisting systems in buildings.pptx
Lateral load-resisting systems in buildings.pptx
DebendraDevKhanal1
 
Impartiality as per ISO /IEC 17025:2017 Standard
Impartiality as per ISO /IEC 17025:2017 StandardImpartiality as per ISO /IEC 17025:2017 Standard
Impartiality as per ISO /IEC 17025:2017 Standard
MuhammadJazib15
 
Open Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surfaceOpen Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surface
Indrajeet sahu
 
ITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptxITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
VANDANAMOHANGOUDA
 
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Dr.Costas Sachpazis
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call GirlCall Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
sapna sharmap11
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
ijseajournal
 
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
b0754201
 

Recently uploaded (20)

SMT process how to making and defects finding
SMT process how to making and defects findingSMT process how to making and defects finding
SMT process how to making and defects finding
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
 
Ericsson LTE Throughput Troubleshooting Techniques.ppt
Ericsson LTE Throughput Troubleshooting Techniques.pptEricsson LTE Throughput Troubleshooting Techniques.ppt
Ericsson LTE Throughput Troubleshooting Techniques.ppt
 
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUESAN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
 
DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...
DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...
DESIGN AND MANUFACTURE OF CEILING BOARD USING SAWDUST AND WASTE CARTON MATERI...
 
Supermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdfSupermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdf
 
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICSUNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
 
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)3rd International Conference on Artificial Intelligence Advances (AIAD 2024)
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)
 
Object Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOADObject Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOAD
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdfAsymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
 
Lateral load-resisting systems in buildings.pptx
Lateral load-resisting systems in buildings.pptxLateral load-resisting systems in buildings.pptx
Lateral load-resisting systems in buildings.pptx
 
Impartiality as per ISO /IEC 17025:2017 Standard
Impartiality as per ISO /IEC 17025:2017 StandardImpartiality as per ISO /IEC 17025:2017 Standard
Impartiality as per ISO /IEC 17025:2017 Standard
 
Open Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surfaceOpen Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surface
 
ITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptxITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
 
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call GirlCall Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
 
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
 

Vulnerabilities analysis of fault and Trojan attacks in FSM

  • 1. VULNERABILITIES ANALYSIS OF FAULT AND TROJAN ATTACKS IN FSM Gopi Kurra (2016VLSI-17) Mani Shankar (2016VLSI-18) N Vishnu Vardhan Rao (2016VLSI-19) ABV-Indian Institute of Information Technology and Management Gwalior, Morena Link Road, Gwalior, Madhya Pradesh, INDIA - 474010. April 27, 2017
  • 2. IMPORTANCE OF FSM IMPORTANCE OF FSM A finite state machine (FSM) is responsible for controlling the overall functionality of most digital systems. Therefore, The security of the whole system can be compromised if there are vulnerabilities in the FSM. These vulnerabilities can be created by improper designs or by the synthesis tool which introduces additional dont care states and transitions during the optimization and synthesis process. An attacker can utilize these vulnerabilities to perform fault injection attacks or insert malicious hardware modifications (Trojan) to gain unauthorized access to some specific states.
  • 3. What are the Vulnerabilities in FSM What are the Vulnerabilities in FSM The main vulnerabilities in FSM are as follows, Fault injection attack Trojan attack These attacks are due to don’t care states and transitions, So we propose a technique called analysing vulnerabilities in FSM(AVFSM).
  • 4. AVFSM(Analyzing the Vulnerabilities in FSM) AVFSM(Analyzing the Vulnerabilities in FSM) We propose a novel ATPG-based technique to extract the functionality of the FSM from a gate-level netlist. In addition to the states and transitions specified in the RTL level, our proposed technique can extract the dont-care states and transitions which are introduced during the synthesis process. Based on the extracted state transition table, our proposed framework, AVFSM analyzes each transition and reports all the transitions during which a fault can be injected to gain unauthorized access to some secured or protected states.
  • 5. AVFSM(Analyzing the Vulnerabilities in FSM) AVFSM(Analyzing the Vulnerabilities in FSM) We propose two metrics that use the extracted information as well as the design to quantify how susceptible the FSM is to fault injection and hardware Trojans. We analyze each reported transition using static timing analysis to determine the difficulty of inducing setup time violation based fault injection attacks. We perform case study for the FSM of AES encryption modules using the proposed metrics.
  • 6. Overall Workflow of the AVFSM Overall Workflow of the AVFSM Input User Timing Report Static Gate Level Netlist Report RTL FSM Report FSM Extraction (FE) FSM Fault Injection Analysis Factor Of Fault Injection States and Don’t Care transitions Trojan Vulnerability Trojan Insertion Don’t Care Sd & Td Extracted Identification Insertion Analysis Vulnerability Factor of FSM Synthesis Results grnrated by the ModuleInputs to the Module Modules of the Framework Figure 1 : Overall Workflow of the AVFSM
  • 7. Overall Workflow of the AVFSM Overall Workflow of the AVFSM The overall workflow of our AVFSM framework is shown in Fig.1. The AVFSM framework is composed of four modules: 1. FSM Extraction (FE): Extracts the STG of the FSM from the gate-level netlist. 2. Dont-care SD and TD Identification (DCSTI): Reports the SD and TD introduced by the synthesis process. 3. Fault Injection Analysis (FIA): Reports a quantitative measure of the vulnerability of FSM to fault injection attack. 4. Trojan Insertion Analysis (TIA): Reports a quantitative measure of the vulnerability of FSM to Trojan insertion.
  • 8. Extraction of STG Extraction of STG To analyze vulnerabilities in the FSM, We first need to extract the state transition graph (STG) from the synthesized gate-level netlist. Synthesized gate level netlist is generated by ISE project navigator. The extracted STG must incorporate the dont-care states and transitions which were introduced by the synthesis process. By using the Algorithm-I, Extracted the State Transition Graph with don’t care transitions and states.
  • 9. Algorithm 1 Extraction of STG of FSM Algorithm 1 Extraction of STG of FSM Procedure I:MODIFIED NETLIST GENRATION Input:Gate−level netlist of the the FSM,FSM synthesis report Output:Modified netlist for ATPG−based FSM extraction Fs Identify state FFs for each f Identify non−state FFs in the input cone of f Remove NSF primary input,PI end for for each f Fs do Remove f from the Netlist Add the net where Q pin of f was connected as primary input, PIpresent state Add XOR gate at the net where D pin of f was connected Add the other input XOR gate gate as primary input,PI ORed all the outputs of XOR gates and add output of the OR gate as primary output,PO Add inverter to compensate for QN pin of f end for end procedure XOR OR Fs do Add inverter to compensate for QN pin of fNS FNS and add the net where Q pin of F was connected as NSF NS Algorithm 1 Extraction of STG of FSM 1: 2: 3: 4: 5: 6: 7: 10: 9: 11: 12: 17: 18: 16: 15: 14: 13: 8:
  • 10. Algorithm 1 Extraction of STG of FSM Algorithm 1 Extraction of STG of FSM for each s S doEN SEN Get state encodings XORApply the logical value of s as constraint PI Remove all faults and add stuck−at−1 fault at PO Genrate test pattern n times for the mentioned fault Extracted the present state values and conditions that causes transition to s from genrated test patterns OR Procedure II:STATE TRANSITION GRAPH EXTRACTION Input:Modified gate−level netlist ,FSM synthesis report Output:Extracted State Transition Graph end procedure end for 1: 2: 3: 4: 5: 7: 8: 9: 10: 6: 11: Algorithm 1 Extraction of STG of FSM
  • 11. Procedure I: Generation of modified netlist Procedure I: Generation of modified netlist We are taken AES model FSM for demonstration of our technique. Wait Key Initial Round Do Round Final Round Wait Data KR=1 DS=1 KR=0 KR=0 KR=1 KR=0 KR=1 DS=0 N0_Round Figure 2 : AES FSM diagram
  • 12. Procedure I: Generation of modified netlist Procedure I: Generation of modified netlist We used two different encoding schemes, Scheme-1 is [Wait Key, Wait Data, Initial Round, Final Round]=[000, 001, 010, 011]. Scheme-2 is [Wait Key, Wait Data, Initial Round, Final Round]=[001, 010, 011, 000].
  • 13. Scheme-1 AES FSM Scheme-1 AES FSM This can be generated by using QUARTUS II tool from Verilog code of FSM, 001 000 010 011 100
  • 14. Logic diagram of AES for Scheme-1 Logic diagram of AES FSM for Scheme-1 This is generated by ISE project navigator by using Verilog code of FSM, B B A A D K KD C C C B B C CLK D D D Figure 4 : Logic Diagram of AES FSM for scheme-1
  • 15. Modified logic diagram for Scheme-1 Modified logic diagram for scheme1 According to Algorithm-1 Procedure-I is, Combinational Circuit State FFs FFs Next States Inputs presentState Non state Figure 5 : Original FSM Combinational Circuit PIpresentState Inputs PIFNS OR PIxor1 PO PIxorN Figure 6 : Modified FSM for ATGP-based STG extraction
  • 16. Modified logic diagram for Scheme-1 Modified logic diagram for Scheme-1 PIXOR1 PIXOR2 PI XOR3 PO OR B B C K D B C C B K K D D K K B D C K D B C Figure 7 : Modified Logic diagram for Scheme-1
  • 17. MODIFIED NETLIST MODIFIED NETLIST GENERATION By Considering stuck at 1 fault at POOR generate all input test pattern by using ATGP tool. We generated test bench for the modified logic diagram for each and every input and generated the all possible states when the POOR will be 0 by using the ISE project navigator. And ISE Project navigator generates the synthesized Modified netlist.
  • 18. Simulation results for Scheme-1 Simulation results for Scheme-1 Figure 8 : Simulation Results for Scheme-1
  • 19. PROCEDURE II STG extraction PROCEDURE II STG extraction STG with don’t care transitions and states generated by QUARTUS II tool by using the modified netlist. 101 110 111 001 000 010 011 100 Figure 9 : STG of AES FSM with don’t care transitions and states
  • 20. Scheme-2 AES FSM Scheme-2 AES FSM This can be generated by using QUARTUS-II tool from Verilog code of FSM, 000 001 010 100 011 Figure 10 : Scheme-2 AES FSM diagram
  • 21. Logic diagram of AES for Scheme-2 Logic diagram of AES FSM for Scheme-2 This is generated by ISE project navigator by using Verilog code of FSM, B B A A D K KD C C C B B C A A CLK D D D Figure 11 : Logic Diagram of AES FSM for scheme-2
  • 22. Modified logic diagram for Scheme-2 Modified logic diagram for Scheme-2 C K B D C A B K A B K B C D K A C K B C K B C K D PIxor1 PIxor2 PIxor3 PO Figure 12 : Modified Logic diagram for Scheme-2
  • 23. MODIFIED NETLIST MODIFIED NETLIST By Considering stuck at 1 fault at POOR generate all input test pattern by using ATGP tool. We generated test bench for the modified logic diagram for each and every input and generated the all possible states when the POOR will be 0 by using the ISE project navigator. And ISE Project navigator generates the synthesized Modified netlist.
  • 24. Simulation results for Scheme-2 Simulation results for Scheme-2 Figure 13 : Simulation Results for scheme-2
  • 25. PROCEDURE II STG Extraction PROCEDURE II STG Extraction STG with don’t care transitions and states generated by QUARTUS II tool by using the modified netlist. 101 110 000 001 010 100 011 111 Figure 14 : STG of AES FSM with don’t care transitions and states for scheme-2
  • 26. Vulnerability Analysis:Fault Injection Vulnerability Analysis:Fault Injection We propose a technique which analyzes each transition of the STG. Based on a proposed metric quantitatively measures how susceptible that transition is to a fault injection attack. For scheme 2, AVFSM reports 12 VT during which a fault can be injected to gain access to the protected state Final Round (000).
  • 27. Vulnerability Analysis:Fault Injection Vulnerability Analysis:Fault Injection Our vulnerability analysis is based on the observation shown in Fig.13 and 14. Let us consider the state transition T(00;10) where the current state is 00 and the next state is 10. 00 10 01Fault is not possible P Figure 15 : Setup time Violation based fault injection attack During this transition, one cannot perform time violation based fault injection attack to go to state 01, So fault attack is not possible. It is because during this state transition (T(00;10)), the LSB bit of both the current state and the next state remains 0 and therefore, a setup time violation based fault cannot be injected at this bit position to change the bit value to 1.
  • 28. Vulnerability Analysis:Fault Injection Vulnerability Analysis:Fault Injection 11 10 01 PFault is possible Figure 16 : Setup time Violation based fault injection attack On the other hand during T(10;01), one can inject a fault to go to state 11. To successfully inject this fault, the setup time constraint of MSB state FF needs to be violated whereas the setup time constraint of LSB state FF needs to be maintained. By using the Algorithm-2 we find the conditions for fault attacks.
  • 29. Algorithm2 Conditions for fault attack Algorithm2 Conditions for fault attack Sx = [b x1 bb ]x0x(n−1) (bxi( yib PathViolated X,Y = {Path Fs (i) } PathOK X,Y = {Path (i) } Fs = {Path (i) } Fs PathNo Effect X,Y Algorithm 2 Condition for fault attack Procedure Input:Extracted for each T(x,y) do bb ] bb ] Sy = [by(n−1) y0y1 P = [b p(n−1) p1 p0 Compute C= i=0 (n−1) ) +(b b ))xi if (C==1) then fault attack possible for T(X,Y) VT(X,Y) for i=0 to (n−1) do if xi( yibb ) then Input:set of protected state P Output:Conditions for sucessful fault attack else else end for else fault attack not possible for T(X,Y) end for end procedure State Transition Graph T(x,y) Extracted State Transition Graph pi T(X,Y) 1: 2: 5: 26: 3: 4: 6: 7: 8: 9: 10: 11: 12: 13: 14: 16: 15: 17: 18: 19: 20: 21: 22: 23: 24: 25: pixiif (b == b )
  • 30. Algorithm2 Conditions for fault attack Algorithm2 Conditions for fault attack PathViolated: Setup time constraint of the state FF in this path needs to be violated (lines 16-17). PathOK: Setup time constraint of the state FF in this path needs to be maintained (lines 18-19). PathNoEffect: State logic bit in this path does not change during the transition and therefore this path has no impact on the vulnerability analysis (lines 20-21).
  • 31. c code for Algorithm 2 c code for algorithm 2 We implemented Algorithm-2 by a simple c program. void states(int sx, int sy, int sp) { int Sx,Sy; Sx=sx; Sy=sy; int bx0=0, bx1=0, bx2=0; int by0=0, by1=0, by2=0; int bp0=0, bp1=0, bp2=0; int c; if(sx!=0) { bx0=sx%2; sx=sx/2; if(sx!=0) { bx1=sx%2; sx=sx/2; if(sx!=0) {
  • 32. c code for Algorithm 2 c code for algorithm 2 bx2=sx%2; } } } printf(”%d%d%d”,bx2,bx1,bx0); c=((bx0 ˆ by0) (bx0&bp0)) & ((bx1 ˆ by1) (bx1&bp1)) & ((bx2 ˆ by2) (bx2&bp2))&((bx0 ˆ by0) (bx0&bp0)) ; if(c==1) { printf(” fault attack is possible for transistion s%d to s%d ”,Sx,Sy); if(bx0ˆ by0) { if(bx0==bp0) printf(” PathViolated = Path(0)”); else printf(” PathOK = Path(0)”); }
  • 33. C code for Algorithm-2 C code for Algorithm-2 else printf(” PathNoEffect = Path(0)”); } else printf(” fault attack is not possible for transistion s%d to s%d ”,Sx,Sy); }
  • 34. Output of c code Output of c code Table 1 : Outputs of the C program of Algorithm-2 Transition Faultstate Path Violated PathOk PathNoeffect (111)to(000) 000 Path(2) Path(0) Path(1) (011)to(100) 100 Path(2) Path(1) Path(0) (110)to(001) 001 Path(2) Path(0) Path(1)
  • 35. Path delay calculation Path delay calculation Module FIA uses Xilinx ISE Timing analyzer to find the maximum path delay of each state Flip Flop(FF). Table 2 : Path delays of each FF Path Name Maximum Path delay(nS) Path(0) 4.291 Path(1) 4.4883 Path(2) 4.285
  • 36. Susceptibility Factor Metric Susceptibility Factor(SF) Metric To quantify how susceptible each VT is to fault injection attack, We propose the susceptibility factor metric, SF to quantitatively measure the vulnerability of each transition is to fault injection attack. SF = PathDifference avg(PathFS ) SF is function of PathDifference where PathDifference is defined as PathDifference =PathFS (i)-PathFS (j) where i∈PathOK and j∈PathViolated Here, PathFs (i) represents the maximum path delay to ith state FF and avg(PathFs ) is calculated by taking the mean value of all the PathFS. High value of PathDifference means that attacker has a grater ability to successfully inject the fault.
  • 37. Susceptibility Factor Metric Susceptibility Factor(SF) Metric Table 3 : Susceptibility Factor of Vulnerable transitions Transition Fault state SF (111 to 000) 000 0.133 (011 to 100) 100 0.045 (110 to 001) 001 0.133
  • 38. Vulnerability Factor of Fault Injection(VFFI) Vulnerability Factor of Fault Injection Module FIA use the metric, Vulnerability Factor of Fault Injection to measure the overall vulnerability the FSM to fault injection attack. VFFI =(PVT(%), ASF),where PVT(%) = TotalvulnerableTransition (NVT ) TotalTransition . ASF = NVT i=1 SF(i) NVT The metric VFFI is composed of two parameters PVT(%), ASF. PVT(%) indicates the percentage of VT to TotalTransition. ASF signifies the average of SF. The greater the values of these two parameters are, the more susceptible the FSM is to fault attacks.
  • 39. Vulnerability Analysis: Trojan Attack Vulnerability Analysis: Trojan Attack We use the extracted STG to analyze how susceptible the FSM is to Trojan attacks. In our analysis, we consider the dont-care states which can be utilized to insert Trojans and gain access to a protected state. Module TIA performs the vulnerability analysis of Trojan attacks. It first reads the extracted STG and the dont-care states (SD) and transitions and gets the set of protected states (P) from the designer. Module TIA then searches for the Dangerous Dont-Care States (DDCS) and use the following metric vulnerability factor of Trojan insertion (VFTro) to evaluate the vulnerability of the FSM to Trojan insertion. VFTro = Total number of s TotalTransition where,s’∈DDCS
  • 40. Vulnerability Analysis: Trojan Attack Vulnerability Analysis: Trojan Attack Total number of s’=3 Total transitions=17 Table 4 : Vulnerability analysis for scheme 1 and scheme 2 of AES. Factor Scheme-1 Scheme-2 VFFI =(PVT(%), ASF) (0,0) (52.9%,0.034) VFTro 0 0.176
  • 41. Conclusion Conclusion In This paper, We systematically analyzes and evaluates vulnerabilities in the FSM against fault injection and Trojan attacks. Our proposed Vulnerabilities Analysis of Fault and Trojan Attack in FSM allows the designer to find security vulnerabilities in the FSM at an early design stage. AVFSM also enables the designer to quantitatively compare the security of different implementations of the same design.
  • 42. References References 1. Adib Nahiyan1, Kan Xiao2, Kun Yang1, Yier Jin3, Domenic Forte1 and Mark Tehranipoor1,”AVFSM: A Framework for Identifying and Mitigating Vulnerabilities in FSMs”,DAC 16, June 05-09, 2016, Austin, TX, USA. 2. H. Salmani and M. Tehranipoor, ”Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level,” in Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2013. 3. B. Yuce et al., ”TVVF Estimating the vulnerability of hardware cryptosystems against timing violation attacks,” in Hardware Oriented Security and Trust (HOST), 2015.