Reinhold Weiss

High level fault injection for attack simulation in smart cards

Smart cards are one of the smallest computing platforms in use today. They are used in an increasing number of security applications. To gain sensitive data, a lot of security attacks are performed on smart cards. Therefore it is mandatory to test smart cards for robustness in matters of security. Tests are very time consuming and are performed often very late in the design process. This paper presents a methodology for high-level fault injection for security attack simulation in smart cards. The fault injection technique into SystemC designs is described and the fault injection tool is presented. Moreover, the system behaviour analysis is depicted. Preliminary results show that this methodology can assist in finding system components vulnerable to security attacks.

Automated Power Characterization for Run-Time Power Emulation of SoC Designs

With the advent of increasingly complex systems, the use of traditional power estimation approaches is rendered infeasible due to extensive simulation times. Hardware accelerated power emulation techniques, performing power estimation as a by-product of functional emulation, are a promising solution to this problem. However, only little attention has been awarded so far to the problem of devising a generic methodology capable of automatically enabling the power emulation of a given system-under-test. In this paper, we propose an automated power characterization and modeling methodology for high level power emulation. Our methodology automatically extracts relevant model parameters from training set data and generates an according power model. Furthermore, we investigate the automation of the power model hardware implementation and the automated integration into the overall system’s HDL description. For a smart card controller test-system the automatically created power model reduces the average estimation error from 11.78% to 4.71% as compared to a manually optimized one.

A UHF RFID measurement and evaluation test system

SummaryUHF RFID tags have demonstrated considerable degradation of performance when being attached to products. Absorption, reflection, detuning, and other RF effects decrease the sensitivity of the tags. We are presenting an UHF RFID measurement and performance evaluation test system, which allows for evaluations of designs of labels and ICs. Furthermore, it provides means for quantifying tag performance in various applications through measurements and tests.ZusammenfassungUHF RFID Tags zeigen eine beachtliche Verschlechterung der Leistung, sobald sie an Objekten angebracht werden. Absorption, Reflexion, Verstimmung und andere RF-Effekte vermindern die Transponder-Sensitivität. Es wird ein UHF RFID-Mess- und Leistungsevaluationstestsystem vorgestellt, welches bei der Evaluierung von Labeldesigns und ICs zur Anwendung kommt.

An emulation-based real-time power profiling unit for embedded software

The power consumption of battery-powered and energy-scavenging devices has become a major design metric for embedded systems. Increasingly complex software applications as well as rising demands in operating times while having restricted power budgets make power-aware system design indispensable. In this paper we present an emulation-based power profiling approach allowing for real-time power analysis of embedded systems. Power saving potential as well as power-critical events can be identified in much less time compared to power simulations. Hence, the designer can take countermeasures already in early design stages, which enhances development efficiency and decreases time-to-market. Accuracies achieved for a deep submicron smart-card controller are greater than 90% compared to gate-level simulations.

Simulation based verification of energy storage architectures for higher class tags supported by energy harvesting devices

Abstract Enhanced RFID tag technology especially in the UHF frequency range provides an extended functionality like high operating range and sensing and monitoring capabilities. Such complex functionality requires extended system structures including data acquisition units, real time clocks and active transmitters that cause a high energy consumption of the tag and require an on-board energy store (battery). Since the lifetime is a key parameter for the reliability of an RFID system, the energy budget of the higher class tag has to be as balanced as possible. This can be achieved by using energy harvesting devices as additional power supplies. The PowerTag 1 project and thus this paper propose special energy storage structures, which interface energy harvesting devices and deal with their special requirements to be used with battery-driven higher class UHF RFID tags. Different implementation variants of such structures are compared by using accurate simulation models of various parts of the system. The results of the simulation are compared to provided manufacturer performance parameters of a state-of-the-art higher class UHF RFID system.

Fuzzy-based Support for Service Composition in Mobile Ad Hoc Networks

In mobile ad hoc networks (MANETs) devices may join and leave the network anytime, and devices may move randomly within the network. The arbitrary topology can vary rapidly and unpredictably which leads to a permanently changing availability of services. Devices in the network could typically be very resource-constraint and the resource situation may change rapidly, e.g. battery power may fade away, or due to memory limits a service may not currently run on a device, though it is available in principle. Therefore, dynamic service composition is inevitable and possible alternative compositions should be evaluated even if a valid composite service was found for a given task. These alternative compositions can be used in case a service or device of a selected composite service becomes unavailable. In order to manage the networks dynamic behavior which could introduce great complexity we propose a resource management component on every device which offers services to be used by other devices. This middleware layer should constantly benchmark the capability of a service being a potential candidate for a composite service in a certain situation. Hence, the process of service selection and the procedure of rating different possible valid compositions are disburdened allowing fast decision making and contingency reaction.

The Entity Container - An Object-Oriented and Model-Driven Persistency Cache

Data persistency is a fundamental, but complex aspect of a modern software development process. Therefore, in order to reduce development costs and improve a systems quality, support for data persistency must be provided to common software paradigms, such as object-oriented programming or component based development. In this paper we present a new approach of an object persistency cache - the Entity Container (EC), based on a data model. The EC allows data and metadata management according to a data model independent of any specific persistency mechanism. We present the complete architecture, functionality and implementation of the system and compare our new approach with existing frameworks in order to point out features and major improvements of the EC.

Local components and reuse of legacy code in the CORBA component model

The CORBA component model (CCM) seemed to be a new powerful multi-language and multi-platform component development framework. First applications based on CCM have shown that there are some drawbacks in practical use. We present a new approach for the CCM component implementation which improves communication performance of components living in the same address space. At the same time we simplify the component development process and the reuse of legacy code within components. These extensions to CCM are possible without changing its specification.

A side channel attack countermeasure using system-on-chip power profile scrambling

Since the discovery that hardware used for cryptographic applications could leak secret information through its power or radiation profile a wide range of possible attack methods has been published. The rapid evolution of these side-channel attacks made it increasingly important to minimize this possible information leakage. Additionally timing information also derived from this power profile is used to control fault-attack campaigns to drive the system into an unintended state. Therefore a wide range of leakage countermeasures has been developed for dedicated cryptographic hardware. Contrariwise only little work is available concerning power profile scrambling techniques for cryptographic software implementations running on general purpose architectures. Such implementations often include power management hardware to cope with several power budget constraints which could be used to influence the systems power consumption during run-time. This paper proposes a novel side channel attack countermeasure technique using such power management methods in combination with techniques for power profile manipulation. State-of-the-art power estimation hardware using a reduced power model allows for the efficient on-line monitoring and manipulation of the power consumption and radiation profile.

Accelerating early design phase differential power analysis using power emulation techniques

The personal banking and ID sector has seen a tremendous change in recent years, partially caused by the widespread introduction of smart-cards. Because of the extensive implications of a successful attack on these devices, a wide range of practical as well as purely academic attacks has been developed during the last years. These attacks have unveiled weaknesses in hardware as well as software implementations of several different, partially widely used cryptographic algorithms. An especially powerful method, the differential power analysis (DPA), extracts secret information from power consumption and electro-magnetic emission profiles. The efficiency of a DPA attack significantly depends on the quality of the cryptographic algorithm implementation. These traces currently can only be generated using real hardware or simulation-based approaches. Depending on the chosen simulation accuracy these evaluations result in time-consuming RTL and SPICE simulations often limiting the maximum amount of available execution traces. This paper introduces a novel high-speed methodology for early security evaluations of integrated processor systems using power emulation. First, the usage of power emulation hardware allows for the estimation of attack effort that an adversary will have to invest to gain secret information from an algorithms execution profile. Second, countermeasures against differential power analysis attacks can be quickly evaluated in terms of effectiveness. The shown approach uses semi-automatic characterization techniques and fully synthesizable emulation hardware to reduce the designers dependency on time-consuming simulation runs.