Michael S. Hsiao

Sequential circuit test generation using dynamic state traversal

A new method for state justification is proposed for sequential circuit test generation. The linear list of states dynamically obtained during the derivation of test vectors is used to guide the search during state justification. State-transfer sequences may already be known that drive the circuit from the current state to the target state. Otherwise, genetic engineering of existing state-transfer sequences is required. In both cases, genetic-algorithm-based techniques are used to generate valid state justification sequences for the circuit in the presence of the target fault. This approach achieves extremely high fault coverages and thus outperforms previous deterministic and simulation-based techniques.

A region based approach for the identification of hardware Trojans

Outsourcing of SoC fabrication units has created the potential threat of design tampering using hardware Trojans. Methods based on side-channel analysis exist to differentiate such maligned ICs from the genuine ones but process variation in the foundries limit the effectiveness of such approaches. In this work, we propose a circuit partition based approach to detect and locate the embedded Trojan. Results show that our approach is effective in separating out candidate Trojans in the circuit. In addition, we provide a power profile based method for refining the candidate regions that may contain a Trojan. In many cases, such an isolation method leads to noticeable manifestation of the anomalous behavior of the circuit due to the presence of the Trojan thereby enhancing chances of their detection.

Hardware Trojan Attacks: Threat Analysis and Countermeasures

Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.

Denial-of-service attacks on battery-powered mobile computers

Sleep deprivation attacks are a form of denial of service attack whereby an attacker renders a pervasive computing device inoperable by draining the battery more quickly than it would be drained under normal usage. We describe three main methods for an attacker to drain the battery: (1) service request power attacks, where repeated requests are made to the victim for services, typically over a network - even if the service is not provided the victim must expend energy deciding whether or not to honor the request; (2) benign power attacks, where the victim is made to execute a valid but energy-hungry task repeatedly, and (3) malignant power attacks, where the attacker modifies or creates an executable to make the system consume more energy than it would otherwise. Our initial results demonstrate the increased power consumption due to these attacks, which we believe are the first real examples of these attacks to appear in the literature. We also propose a power-secure architecture to thwart these power attacks by employing multi-level authentication and energy signatures.

A Novel Sustained Vector Technique for the Detection of Hardware Trojans

Intentional tampering in the internal circuit structure by implanting Trojans can result in disastrous operational consequences. While a faulty manufacturing leads to a nonfunctional device, effect of an external implant can be far more detrimental. Therefore, effective detection and diagnosis of such maligned ICs in the post silicon testing phase is imperative, if the parts are intended to be used in mission critical applications. We propose a novel sustained vector methodology that proves to be very effective in detecting the presence of a Trojan in an IC. Each vector is repeated multiple times at the input of both the genuine and the Trojan circuits that ensures the reduction of extraneous toggles within the genuine circuit. Regions showing wide variations in the power behavior are analyzed to isolate the infected gate(s). Experimental results on ISCAS benchmark circuits show that this approach can magnify the behavioral difference between a genuine and infected IC up to thirty times as compared to the previous approaches.

Cognitive Radio and Networking Research at Virginia Tech

More than a dozen Wireless @ Virginia Tech faculty are working to address the broad research agenda of cognitive radio and cognitive networks. Our core research team spans the protocol stack from radio and reconfigurable hardware to communications theory to the networking layer. Our work includes new analysis methods and the development of new software architectures and applications, in addition to work on the core concepts and architectures underlying cognitive radios and cognitive networks. This paper describes these contributions and points towards critical future work that remains to fulfill the promise of cognitive radio. We briefly describe the history of work on cognitive radios and networks at Virginia Tech and then discuss our contributions to the core cognitive processing underlying these systems, focusing on our cognitive engine. We also describe developments that support the cognitive engine and advances in radio technology that provide the flexibility desired in a cognitive radio node. We consider securing and verifying cognitive systems and examine the challenges of expanding the cognitive paradigm up the protocol stack to optimize end-to-end network performance. Lastly, we consider the analysis of cognitive systems using game theory and the application of cognitive techniques to problems in dynamic spectrum sharing and control of multiple-input multiple-output radios.

Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices

Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. In this paper we present our first steps in the design of an intrusion detection system for these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices. This intrusion detection system uses several parameters, such as CPU load and disk accesses, to estimate the power consumption using a linear regression model, allowing us to find the energy used on a per process basis, and thus identifying processes that are potentially battery exhaustion attacks.

Protection Against Hardware Trojan Attacks: Towards a Comprehensive Solution

With the increasing disintegration of the design and manufacturing chain of our microelectronic products, we should not only worry about including unintentional, unwanted hardware features (“bugs”), but also about including intentional malicious hardware features: “Trojan Horses,”which act as spies or terrorists. This article provides an overview of hardware Trojans and countermeasures.

Compiler-Directed Dynamic Frequency and Voltage Scheduling

Dynamic voltage and frequency scaling has been identified as one of the most effective ways to reduce power dissipation. This paper discusses a compilation strategy that identifies opportunities for dynamic voltage and frequency scaling of the CPU without significant increase in overall program execution time. The paper introduces a simple, yet effective performance model to determine an efficient CPU slowdown factor for memory bound loop computations. Simulation results of a superscalar target architecture and a program kernel compiled at different optimizations levels show the potential benefit of the proposed compiler optimization. The energy savings are reported for a hypothetical target machine with power dissipation characteristics similar to Transmetas Crusoe TM5400 processor.

Fast static compaction algorithms for sequential circuit test vectors

Two fast algorithms for static test sequence compaction are proposed for sequential circuits. The algorithms are based on the observation that test sequences traverse through a small set of states and some states are frequently revisited throughout the application of a test set. Subsequences that start and end on the same states may be removed if necessary and if sufficient conditions are met for them. Contrary to the previously proposed methods, where multitudes of fault simulations are required, the techniques described in this paper require only two fault simulation passes and are applied to test sequences generated by various test generators, resulting in significant compactions very quickly for circuits that have many revisited states.