prof. Ing. Hana Kubátová, CSc.

Stať ve sborníku

10.1109/DSD57027.2022.00097

Katedra číslicového návrhu

Dependability models allow calculating the rate of events leading to a hazard state – a situation, where the safety of the modeled dependable system is violated, thus the system may cause material loss, serious injuries, or casualties. The calculation of the hazard rate of the complex non-homogeneous Markov chains is time-consuming and the accuracy of the results is questionable. We have presented two methods able to calculate the hazard rate of the complex non-homogeneous Markov chains in previous papers. Both methods achieved very accurate results, thus we compare four Monte-Carlo based simulation methods (both accuracy and time-consumption) with our methods in this paper. A simple Triple Modular Redundancy (TMR) model is used in this paper since its hazard rate can be calculated analytically.

Stať ve sborníku

10.1109/DSD53832.2021.00057

Katedra číslicového návrhu

Masking is a powerful instrument for protecting cryptographic devices against side-channel analysis. Multiple masking schemes were introduced providing provable security against attacks of arbitrary order even in the presence of glitches. When a device is a part of some safety-critical system, it needs to meet dependability requirements; therefore, it should be protected against spontaneously occurring faults. Existing commonly used fault-tolerance architectures involve high area overhead as so as the masking schemes do. In this paper, we propose architectures meeting dependability properties of simple modular-redundancy schemes and SCA resistance of masking schemes, but decreasing the area overhead utilizing the randomness involved in the masking schemes. We compare our Masked Duplex architecture with Triple Modular Redundancy. While using one less redundant module, our architecture saves around 20% of the area in comparison with TMR in the case of Threshold Implementation of PRESENT cipher, promising more savings for more complex cryptographic schemes

Stať ve sborníku

10.1109/MECO49872.2020.9134244

Katedra číslicového návrhu

Publicly available blacklists are popular tools to capture and spread information about misbehaving entities on the Internet. In some cases, their straight-forward utilization leads to many false positives. In this work, we propose a system that combines blacklists with network flow data while introducing automated evaluation techniques to avoid reporting unreliable alerts. The core of the system is formed by an Adaptive Filter together with an Evaluator module. The assessment of the system was performed on data obtained from a national backbone network. The results show the contribution of such a system to the reduction of unreliable alerts.

Stať ve sborníku

10.1109/MECO49872.2020.9134348

Katedra číslicového návrhu

This paper describes the properties of wireless data transfer for Internet of Things (IoT). It focuses on low power consumption of the device. The paper presents the results of measuring latency, throughput and power consumption of a GSM module connected to an Arduino during data transfer to a remote server running at a PC. The measuring methodology of obtaining these results is discussed. Power consumption measurements include sending files of various sizes from the GSM module via the GSM network to the server. Conclusions regarding battery lifespan for the GSM module are made in the paper. Throughput over the GSM network for this module is elaborated and a static part of sending time, of a file regardless its size, is identified in this paper. The throughput is measured in order to further analyze the usability of such a device in IoT. The usability of LTE in such a configuration for fast data transfer is also discussed. The latency between the GSM module and the server is approximated because it may influence power consumption.

Stať ve sborníku

10.1109/DSD51259.2020.00108

Katedra číslicového návrhu

Dependability models allow calculating the rate of events leading to a hazard state - a situation, where safety of the modeled dependable system is violated, thus the system may cause material loss, serious injuries or casualties. This paper shows a method of calculating the hazard rate of the non-homogeneous Markov chains using different sets of homogeneous differential equations for several hundreds small time intervals (using default parameters settings - the number of the intervals can be adjusted to balance accuracy/time-consumption ratio). The method is compared to a previous version based on probability matrices and used to calculate the hazard rate of the hierarchical Markov chain. The hierarchical Markov chain allows us to calculate the hazard rates of the blocks independently and the non-homogeneous approach allows us to use them to calculate the hazard rate of the whole system. This method will allow us to calculate the hazard rate of the non-homogeneous Markov chain very accurately compared to methods based on homogeneous Markov chains.

Článek

10.1016/j.micpro.2020.103206

Katedra číslicového návrhu

This paper shows a method of calculating the hazard rate of the non-homogeneous Markov chains using different homogeneous probability matrices for several hundreds small time intervals (using default parameters settings — the number of the intervals can be adjusted to balance accuracy/time-consumption ratio). The method is compared to a pessimistic method based on homogeneous Markov chains and used to calculate the hazard rate of the hierarchical Markov chain. The hazard rates of the blocks are calculated independently and the non-homogeneous approach allows us to use them to calculate the hazard rate of the whole system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks.

Stať ve sborníku

10.1007/978-3-030-58201-2_4

Katedra číslicového návrhu

This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.

Stať ve sborníku

Katedra číslicového návrhu

P4 is a recent feasible technology that helps to make a modern infrastructure flexible and readyfor changes. Software solutions are available, but not efficient enough for high throughput and lowlatency applications. Therefore, hardware acceleration is used commonly. This paper discusses caveatsof currently existing approaches, mainly focused on FPGAs, which are flexible but resource-limited.Our aim is to propose an extension of standard P4 architecture to support external memory and explain apossible approach to overcome the issues.

Stať ve sborníku

10.1109/DSD.2019.00074

Katedra číslicového návrhu

Dependability models allow calculating the rate of events leading to a hazard state - a situation, where safety of the modeled dependable system is violated, thus the system may cause material loss, serious injuries or casualties. Hierarchical dependability models allow expressing multiple redundancies made at multiple levels of a system consisting of multiple cooperating blocks. The hazard rates of the blocks are calculated independently and, when combined, they are used to calculate the hazard rate of the whole system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks. The paper shows a method of calculating the hazard rate of the non-homogeneous Markov chains using different homogeneous probability matrices for several hundreds small time intervals. This method will allow us to calculate the hazard rate of the non-homogeneous Markov chain very accurately compared to methods based on homogeneous Markov chains.

Stať ve sborníku vyzvaná či oceněná

Katedra číslicového návrhu

Development of new technologies and especially the basic principles of Industry 4.0 (interconnection, IoT, information transparency, technical assistance, cyber physical systems and decentralization) means not only standard improvements, e.g. increasing of performance, but also some negative issues. Everybody must be on-line 24 hours, there are more and more small things with their own intelligence. The proper trade-off between the price and reliability must be solved always with respect to the application. The application-specific systems are used due to possible programmability both hardware and software blocks. It can lead to totally different principles in digital design. Here global overview of problems that must be taken into account in today interconnected world, especially with emphasizing the dependability issues will be presented. There are several basic questions: what does it mean dependability, how to predict proper parameters and how to guarantee them before the final (mostly expensive) production, what model to use and how to validate it and how to verify the final realization, what are and how to overcome the most probable faults, how to combine and express safety and security limits, and finally how to ensure these requirements concurrently both in development and production processes.

Článek

10.1016/j.micpro.2019.102858

Katedra číslicového návrhu

Correlation power analysis (CPA) is one of the most common side-channel attacks today, posing a threat to many modern ciphers, including AES. In the final step of this attack, the cipher key is usually extracted by the attacker by visually examining the correlation traces for each key guess. The naïve way to extract the correct key algorithmically is selecting the key guess with the maximum Pearson correlation coefficient. We propose another key distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard maximization, especially in the noisy environment, and it allows to significantly reduce the number of acquired power traces necessary to successfully mount an attack in noisy environment, and in some cases make the attack even feasible.

Stať ve sborníku

Katedra číslicového návrhu

Network monitoring features has been always a challenge in high-speed networks. Some of themlike detailed traffic analysis and packet inspection are not suited or simply not feasible even on modernhardware. The challenges are becoming even greater with an uprise of encrypted traffic. This leaves largeopportunity for threat actors to take advantage of. Therefore, it is necessary to develop a new generationof monitoring tools that can deal with the current issues for security purposes. This research aims toimprove traffic analysis techniques to handle encrypted traffic, and also to adapt hardware acceleratedmonitoring components for processing.

Stať ve sborníku

10.1109/DTIS.2019.8735006

Katedra číslicového návrhu

This paper shows a method of calculating the hazard rate of the non-homogeneous Markov chains using different homogeneous probability matrices for several hundreds small time intervals. The proposed method is applied on hierarchical dependability models allowing independent calculations of the hazard rates of multiple cooperating blocks of the system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks and the proposed method is very accurate compared to methods based on homogeneous Markov chains.

Stať ve sborníku

10.1109/DSD.2018.00098

Katedra číslicového návrhu

Correlation power analysis (CPA) is one of the most common side channel attacks today, posing a threat to many modern ciphers, including AES. The simplest method to extract the correct key guess is selecting the guess with the maximum Pearson correlation coefficient. We propose another distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard CPA, especially in the noisy environment.

Článek

10.1016/j.micpro.2017.10.012

Katedra číslicového návrhu

High-performance embedded architectures typically contain many stand-alone blocks which communicate and exchange data; additionally a high-speed network interface is usually needed at the boundary of the system. The software-based data processing is typically slow which leads to a need for hardware accelerated approaches. The problem is getting harder if the supported protocol stack is rapidly changing. Such problem can be effectively solved by the Field Programmable Gate Arrays and high-level synthesis which together provide a high degree of generality. This approach has several advantages like fast development or possibility to enable the area of packet-oriented communication to domain oriented experts. However, the typical disadvantage of this approach is the insufficient performance of generated system from a high-level description. This can be a serious problem in the case of a system which is required to process data at high packet rates. This work presents a generator of high-speed input (Parser) and output (Deparser) network blocks from the P4 language which is designed for the description of modern packet processing devices. The tool converts a P4 description to a synthesizable VHDL code suitable for the FPGA implementation. We present design, analysis and experimental results of our generator. Our results show that the generated circuits are able to process 100 Gbps traffic with fairly complex protocol structure at line rate on Xilinx Virtex-7 XCVH580T FPGA. The approach can be used not only in networking devices but also in other applications like packet processing engines in embedded cores because the P4 language is device and protocol independent.

Stať ve sborníku

10.1109/MECO.2018.8406012

Katedra číslicového návrhu

Side-channel attacks, including differential power analysis (DPA), are still an emerging topic. To make a deep research about DPA, one needs to be able to perform it as fast as possible. There are many possible ways to decrease the time of the attack. In this paper, we propose a way to decrease the duration of the correlation computations of this kind of attack by decreasing the number of samples per a power trace using an integration based aggregation method. We comprehensively describe this idea and present the results of an experimental evaluation focusing on the time efficiency of this approach.

Stať ve sborníku vyzvaná či oceněná

Katedra číslicového návrhu

Odolnost proti poruchám a odolnost proti útokům jsou návrhové vlastnosti, které mohou být u některých zařízení vyžadovány současně. Pro obě tyto vlastnosti existují návrhové metody, které ovšem vyžadují poměrně velkou režii plochy či spotřeby. Vzhledem k této režii by se mohlo stát, že návrh odolný proti poruchám sníží odolnost proti útokům nebo naopak návrh odolný proti útokům sníží odolnost proti poruchám. Cílem našeho výzkumu je prozkoumat tyto vzájemné vlivy a navrhnout nové metody spojující odolnost proti poruchám a odolnost proti útokům.

Stať ve sborníku

10.1109/MECO.2017.7977177

Katedra číslicového návrhu

This paper describes evaluation and consequent improvements in the field of dependability prediction from the beginning to nowadays. The necessity to determine the reliability characteristics of the electronic equipments is shown. The basic terms, definitions, and current problems are described. The demonstration of the prediction of reliability parameters according to the MIL-HDBK-217 standard based studies is presented by case studies - real examples from Czech railways track circuits projects and the discussion of the results of student tasks.

Stať ve sborníku

10.1109/DSD.2017.76

Katedra číslicového návrhu

As the security is becoming more and more important these days, we still should not forget about reliability. When designing a cryptographic device for some mission-critical or another reliability demanding system, we need to make the device not only attack-resistant, but also fault-tolerant. There are many common fault-tolerant digital design techniques, however, it is questionable, how these techniques affect the attack-resistance. Do they make the device more vulnerable e.g. to side-channel attacks? In our work we focused on finding the answer to this question. We experimentally evaluated the influence of information redundancy, space redundancy and time redundancy techniques on resistance against power analysis attack. In this paper we present our observations.

Článek

10.1016/j.micpro.2017.04.014

Katedra číslicového návrhu

Many electronic systems have to fulfill strict dependability properties, especially both fault tolerance and attack resistance. Intuitively, these requirements may seem to contradict each other. A study and an experiment description of the possible methods how to measure these impacts as well as result of first experiments are presented in this paper. Specifically, how basic passive hardware redundancy design methods affects resistance against differential power analysis attack and how the whole design can be modified to increase attack resistance will be discussed.

Stať ve sborníku

10.1109/DDECS.2017.7934563

Katedra číslicového návrhu

Differential power analysis (DPA) is one of the most common side channel attacks. To perform this attack we need to calculate a large amount of correlation coefficients. This amount is even higher when attacking FPGAs or ASICs, for higher order attacks and especially for attacking DPA protected devices. This article explains different approaches to the calculation of correlations, describes our implementation of these approaches and presents a detailed comparison considering their performance and their properties for a practical usage.

Článek

10.1016/j.micpro.2017.06.015

Katedra číslicového návrhu

This paper proposes a method improving the fault-coverage capabilities of Field Programmable Gate Array (FPGA) designs. Faults are mostly Single Event Upsets (SEUs) in the configuration memory of SRAM-based FPGAs and they can change the functionality of an implemented design. These changes may lead to crucial mistakes and cause damage to people and environment. The proposed method utilizes Concurrent Error Detection techniques and the basic architectures of actual modern FPGAs - the Look-Up Table (LUT) with two outputs. The main part of the paper is the description of the proposed method (Parity Waterfall) based on a cascade - waterfall - of several waves of inner parity generating the final parity of outputs of the whole circuit. The proposed Parity Waterfall (PWtf) method utilizes the (mostly) unused output of a two-output LUT to cover any single possible routing or LUT fault with a small area overhead. The encapsulation of the proposed PWtf method into a Duplication with Comparison scheme is presented in the second part of the paper. This encapsulation allows us to create a system containing two independent copies of all parts able to detect and localize any single fault (like common Triple Modular Redundancy method). Experiments are performed on the standard set of IWLS2005 benchmarks in our simulator. The results demonstrate differences between our proposed method and a similar existing technique - Duplication with Comparison (DwC), and between the encapsulated PWtf method and TMR. The proposed method has a lower relative overhead and requires a lower number of inputs and outputs.

Stať ve sborníku

10.1109/QRS.2017.43

Katedra číslicového návrhu
Katedra aplikované matematiky

In the presented work we predict the life expectancy of multi-part railway fail-safe signaling systems. The monitored electronic track circuits detect train locations and movement in real time, and issue alerts and warnings to prevent collisions. Based on 10 years of failure reports from the manufacturer of systems used by Czech railroads, we establish estimates of time-to-failure distributions of their components. We modify and apply survival models for censored data with various parameters for which we propose and compare new estimators. Both left and right time-based censoring of the data is considered. This approach allows us to include in the analysis components that were in operation before the study started, as well as components that were functional after the end of the study. Special attention is paid to the correct treatment of missing and incomplete data in the analyzed reports. We compare models with constant and variable failure rates. Hypotheses testing methodology is used to select a model with the best fit for the analyzed data.

Článek

10.1016/j.micpro.2017.05.004

Katedra číslicového návrhu

Markov chain models are used to evaluate the dependability properties (reliability, safety, availability, maintainability etc.) of the mission-critical systems. Dependability models are often focused only on the basic stuck-at faults. On the other hand the transient faults are present in the operational environment but not included in the dependability prediction. The aim of this paper is to show how the transient faults influence the dependability prediction using the Markov chain model. In this paper basic TMR Markov chain model using stuck-at faults is compared to our extended TMR model considering both the stuck-at and transient faults. The main focus is given on the calculation of the dependability parameter lambda (i.e. the failure rate of the system).

Stať ve sborníku

Katedra číslicového návrhu

Tento výzkum se zabývá možnostmi, jak zkombinovat metody číslicového návrhu pro odolnost proti poruchám a odolnost proti útokům. Tyto vlastnosti se mohou často navzájem potlačovat, jejich dosažení je navíc často doprovázeno výrazným zvýšením plochy a spotřeby. V současné době se výzkum zaměřuje na vzájemný vliv obou vlastností, v budoucnu bude cílem vytvořit návrhovou metodu zlepšující obě vlastnosti současně.

Stať ve sborníku

10.1109/DDECS.2016.7482480

Katedra číslicového návrhu

Single event upsets (SEU) are induced by an electric charge deposited in the material of the chip. The origin of the charge can be either from outside of the chip or it can be generated inside as a result of a nuclear reaction. We have measured the cross section of SEUs in FPGA using protons (directly ionizing particles) and neutrons (indirectly ionizing particles). Used energies up to 34 MeV are in the range, where the differences in the proton’s ionizing power are most significant thanks to the Bragg peak. Measurements have shown, that the direct ionization is not the dominant effect causing SEU.

Stať ve sborníku

10.1109/MECO.2016.7525723

Katedra číslicového návrhu

This paper presents the experience from 7 years existence of Faculty of Information Technology at Czech Technical University in Prague with respect to today Computer Engineering specialization trends. Our education process and study methods are based on programmable hardware, embedded systems and design style intended for such devices. All our courses have both parts; theoretical lectures and practical labs. Here the structure and methods how to prepare our bachelor students for both practice and for the further master study is presented.

Stať ve sborníku

10.1109/DSD.2016.91

Katedra číslicového návrhu

This paper proposes a method improving the faultcoverage capabilities of Field Programmable Gate Array (FPGA) designs. Faults are mostly single event upsets (SEUs) in the configuration memory of SRAM-based FPGAs and they can change the functionality of an implemented design. These changes may lead to crucial mistakes and cause damage to people and environment. The proposed method utilizes Concurrent Error Detection (CED) techniques and the basic architectures of actual modern FPGAs – the Look-Up Table (LUT) with two outputs. The Parity Waterfall method (based on a cascade – waterfall – of several waves of inner parity generating the final parity of outputs of the whole circuit) presented in our previous paper has been encapsulated into a Duplication scheme in this paper. This encapsulation allows us to create a system containing two independent copies of all parts able to detect and localize any single fault (like common Triple Modular Redundancy (TMR) method). Experiments are performed on the standard set of IWLS2005 benchmarks in our simulator. The results demonstrate differences between our proposed method in comparison with TMR – the proposed method has a lower relative overhead and requires a lower number of inputs and outputs.

Stať ve sborníku

10.1109/MECO.2016.7525779

Katedra číslicového návrhu

This paper describes the way how to teach the hardware-software co-design technique and basics of System-on- Chip (SoC) design and architecture on a practical example using state of the art AP SoC (All Programmable System on Chip) which combines FPGA logic and dual-core ARM Cortex-A9 CPU. Students are required to propose a new peripheral circuit in the FPGA logic and its interconnection with ARM CPU by an AXI4-Lite bus. This paper also presents the structure and results of these student's projects and the influence of previous courses oriented towards the general digital design in Informatics specialization intended for future embedded engineers.

Stať ve sborníku

10.1109/MECO.2016.7525685

Katedra číslicového návrhu

Many electronic systems has to fulfill strict dependability properties, especially both fault tolerance and attack resistance. These requirements usually contradict each other. The study and experiment descriptions of the possible methods how to measure these impacts are presented in this paper. Specifically, how fault-tolerant design methods affects resistance against differential power analysis attack and how the whole design can be modified to increase attack resistance will be discussed.

Stať ve sborníku

10.1109/CNSM.2016.7818417

Katedra číslicového návrhu

Since network attacks become more sophisticated, it is difficult to discover them using traditional analysis tools. For some kinds of attacks, it is necessary to analyze Application Layer (L7) information in order to detect them. However, there is a lack of existing tools capable of L7 processing and manipulation. Therefore, we propose a flow-based modular Network Measurements Analysis (NEMEA) system to overcome the situation. NEMEA is designed with respect to a stream-wise concept, i. e. data are analyzed continuously in memory with minimal data storage. NEMEA is developed as an open-source project and is publicly available for world-wide community. It is designed for both experimental and operational use. It is able to process off-line traffic traces as well as live network flows. The system is very flexible and can be easily extended by new modules. The modules are developed within a NEMEA framework that is a key component of the project. NEMEA thus represents a unified platform for research and development of new traffic analysis methods. It covers several important topics not limited to analysis and detection. Some of them are described in this paper. Originally, NEMEA has been developed for the purposes of Czech National Research and Education Network operator. Therefore, it is focused on handling high speed network traffic with links working at 100 Gbps.

Stať ve sborníku

10.1109/FCCM.2016.46

Katedra číslicového návrhu

Software Defined Networking and OpenFlow offer an elegant way to decouple network control plane from data plane. This decoupling has led to great innovation in the control plane, yet the data plane changes come at much slower pace, mainly due to the hard-wired implementation of network switches. The P4 language aims to overcome this obstacle by providing a description of a customized packet processing functionality for configurable switches. That enables a new generation of possibly heterogeneous networking hardware that can be runtime tailored for the needs of particular applications from various domains. In this paper we contribute to the idea of P4 by presenting design, analysis and experimental results of our packet parser generator. The generator converts a parse graph description of P4 to a synthetizable VHDL code suitable for FPGA implementation. Our results show that the generated circuit is able to parse 100 Gbps traffic with fairly complex protocol structure at line rate on a Xilinx Virtex-7 FPGA. The approach can be used not only in switches, but also in other appliances, such as application accelerators and smart NICs. We compare the generated output to a hand-written parser to show that the price for configurability is only a slightly larger and slower circuit.

Stať ve sborníku

10.1109/DDECS.2016.7482441

Katedra číslicového návrhu

This paper proposes a method for improvement of the fault-coverage capabilities of Field Programmable Gate Array (FPGA) designs. It utilizes Concurrent Error Detection (CED) techniques and the basic architectures of actual modern FPGAs the Look-Up Table (LUT) with two outputs. Proposed Parity Waterfall method is based on a cascade (waterfall) of several waves of inner parity generating the final parity of outputs of the whole circuit. The utilization of the (mostly) unused output of a two-output LUT allows the proposed method to cover any single possible routing or LUT fault with a small area overhead. The method is experimentally evaluated using the standard set of IWLS2005 benchmarks and using our simulator/emulator. The experimental results of the proposed parity waterfall method are compared with a similar existing technique (duplication with comparison). These results show that the area overhead is smaller than the overhead of the duplication with comparison method for all of the tested circuits and 100% fault coverage is achieved.

Stať ve sborníku

Katedra číslicového návrhu

Markov chain models are used to evaluate the dependability properties (reliability, safety, availability, maintainability etc.) of the systems especially those used in mission-critical applications. Based on these models the fault intensity and operational time length of such systems can be predicted. But in most cases these models are derived only by basic stuck-at fault models. The main aim of this paper is to compare the basic TMR (Triple-Modular-Redundancy) Markov chain model using the stuck-at faults only with TMR considering both per manent and transient faults. The main focus is given on the calculation of the dependability parameters. Obtained results are compared and discussed.

Stať ve sborníku

10.1109/DSD.2016.73

Katedra číslicového návrhu

Markov chain models are used to evaluate the dependability properties (reliability, safety, availability, maintainability etc.) of the mission-critical systems. Dependability models are often focused only on the basic stuck-at faults. On the other hand the transient faults are present in the operational environment but not included in the dependability prediction. The aim of this paper is to show how the transient faults influence the dependability prediction using the Markov chain model. In this paper basic TMR Markov chain model using stuck-at faults is compared to our extended TMR model considering both the stuck-at and transient faults. The main focus is given on the calculation of the dependability parameter lambda (i.e. the failure rate of the system).

Stať ve sborníku

10.1109/DSD.2015.98

Katedra číslicového návrhu

The description of equipment and methods used for conducting ionizing radiation Accelerated Life Testing (ALT) of programmable hardware, especially Field Programmable Gate Arrays (FPGA) at the cyclotron is introduced. Methodology of testing and Single Event Effects (SEE) detection and online monitoring is described together with some results of testing several SRAM and Flash based FPGAs. In the course of this work, various tool for beam monitoring and manipulating were developed.

Stať ve sborníku

Katedra číslicového návrhu

Software Defined Networking and OpenFlow offer an elegant way to decouple network control plane from data plane. This decoupling has led to great innovation in the control plane, yet the data plane changes come at much slower pace, mainly due to the hard-wired implementation of network switches. The P4 language aims to overcome this obstacle by providing a description of a customized packet processing functionality for configurable switches. That enables a new generation of possibly heterogeneous networking hardware that can be run-time tailored for the needs of particular applications from various domains, such as HPC. In this paper we contribute to the idea of P4 by presenting design, analysis and experimental results of our packet parser generator. The generator converts a parse graph description of P4 to a synthetizable VHDL code suitable for FPGA implementation. Our results show that the generated circuit is able to parse 100 Gbps traffic with fairly complex protocol structure at line rate on a Xilinx Virtex-7 FPGA. The approach can be used not only in switches, but also in other appliances, such as application accelerators and smart NICs. We compare the generated output to a handwritten parser to show that the price for configurability is only slightly larger and slower circuit.

Stať ve sborníku

Katedra číslicového návrhu

Malicious network traffic originated by malware means a serious threat. Current malware is designed to hide itself from the eyes of victim users as well as network administrators. It is very difficult or impossible to discover such traffic using traditional ways of flow-based monitoring. This paper describes a network traffic analysis of a backbone network as an attempt to discover infected devices. Cooperation with forensic laboratory and analysis of samples of malware allow to gain information that can lead to find unwanted traffic. Special tailored Nemea framework with high speed monitoring pipeline was used to discover infected devices on the network.

Stať ve sborníku

10.1007/978-3-319-20034-7_10

Katedra číslicového návrhu

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker’s motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.

Stať ve sborníku

10.1109/DSD.2014.25

Katedra číslicového návrhu

This paper deals with the architecture for effective merging of high-speed network streams into one communication line. Networking hardware typically has more than one Ethernet port and if we want to transfer data via single communication bus (PCI-Express, for example) we need to merge all the Ethernet lines into one wide data stream. This paper discusses various approaches of dealing with the emerging issues related to very wide data busses and their alignment. The main contribution of this paper is the introduction of the architecture for merging of high-speed network streams as effective as possible. We use Virtex-7 equipped FPGA card to implement and test our architecture.

Stať ve sborníku

10.1145/2658260.2661773

Katedra číslicového návrhu

This paper deals with hardware acceleration of statistical methods for detection of anomalies on 100Gb/s Ethernet. The approach is demonstrated by implementing a sequential Non-Parametric Cumulative Sum (NP-CUSUM) procedure. We use high-level synthesis in combination with emerging software defined monitoring (SDM) methodology for rapid development of FPGA-based hardware-accelerated network monitoring applications. The implemented method offloads detection of network attacks and anomalies directly into an FPGA chip. The parallel nature of FPGA allows for simultaneous detection of various kinds of anomalies. Our results show that hardware acceleration of statistical methods using the SDM concept with high-level synthesis from C/C++ is possible and very promising for traffic analysis and anomaly detection in high-speed 100Gb/s networks.

Stať ve sborníku

Katedra číslicového návrhu

This paper presents the method of dependability parameters improvement for systems based on unreliable components such as Field Programmable Gate Arrays (FPGAs). It combines concurrent Error Detection (CED) techniques, FPGA dynamic reconfigurations and our previously designed Modified Duplex System (MDS) architecture. The methodology is developed with respect to the minimal area overhead. It is aimed for practical applications of modular systems. Therefore it is applied and tested on the safety railway station system. This Fault-Tolerant (FT) design is tested to fulfill strict Czech standards [8]. The proposed method is based on static and partial dynamic reconfiguration of totally self-checking blocks which allows a full recovery from a Single Even Upset (SEU).

Stať ve sborníku

Katedra číslicového návrhu

Our research is focused on mission critical applications using SRAM based Field Programmable Gate Arrays (FPGAs).The main goal is to reach higher availability and dependability and low power using unreliable components (FPGAs) with respect to highest safety according to strict Czech standards. Our methodology is designed for fast applicatons and rapid prorotyping of modular systems, which are useful for fast development thanks to its regulars structure. The methodology combines Concurrent Error Detection (CED) techniques, FPGA dynamic recondfigurations and our previously designed Modified Duplex Systems (MDS) architecture. The methodology tries minimizes area overhead. It is aimed for practical applications of modular systems, which are composed from blocks. We applied and tested it on the safety railway station system. The proposed method is based on static and partial dynamic reconfiguration of totally self-checking blocks which allows a full recovery from a Single Even Upset (SEU).

Stať ve sborníku

10.1109/DSD.2014.54

Katedra číslicového návrhu

This paper presents the method of dependability parameters improvement for systems based on unreliable components such as Field Programmable Gate Arrays (FPGAs). It combines Concurrent Error Detection (CED) techniques [4], FPGA dynamic reconfigurations and our previously designed Modified Duplex System (MDS) architecture. The methodology is developed with respect to the minimal area overhead and high availability. It is aimed for mission critical practical applications of modular systems. Therefore it is applied and tested on the safety railway station system, where all these parameters are required. This Fault-Tolerant (FT) design is modeled and tested to fulfill strict Czech standards [7]. The proposed method is based on static and partial dynamic reconfiguration [5] of totally self-checking blocks which allows a full recovery from a Single Even Upset (SEU). This method is compared with triple module redundancy technique.

Stať ve sborníku

Katedra číslicového návrhu

The aim of this paper is a hardware realization of a statistical anomaly detection method as a part of high-speed monitoring probe for computer networks. The sequential Non-Parametric Cumulative Sum (NP-CUSUM) procedure is the detection method of our choice and we use an FPGA based accelerator card as the target platform. For rapid detection algorithm development, a high-level synthesis (HLS) approach is applied. Furthermore, we combine HLS with the usage of Software Defined Monitoring (SDM) framework on the monitoring probe, which enables easy deployment of various hardware-accelerated monitoring applications into high-speed networks. Our implementation of NP-CUSUM algorithm serves as hardware plug-in for SDM and realizes the detection of network attacks and anomalies directly in FPGA. Additionally, the parallel nature of the FPGA technology allows us to realize multiple different detections simultaneously without any losses in throughput. Our experimental results show the feasibility of HLS and SDM combination for effective realization of traffic analysis and anomaly detection in networks with speeds up to 100 Gb/s.

Stať ve sborníku

10.5755/e01.9786090210819

Katedra číslicového návrhu

Dependability models allow calculating the rate of events leading to a hazard state - a situation, where safety of the modeled dependable system (e.g. railway station signalling and interlocking equipment, automotive systems, etc.) is violated, thus the system may cause material loss, serious injuries or casualties. A hierarchical dependability model based on multiple Markov chains allows expressing multiple redundancies made at multiple levels of a system consisting of multiple cooperating blocks. The hazard rates of the blocks are calculated independently and, when combined, they are used to calculate the hazard rate of the whole system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks. The paper shows a method of reducing Markov chains and using them to create hierarchical dependability models and its extensions allowing more accurate results to be achieved. An example study is used to demonstrate the improvements obtained by the extensions when compared to the original method.

Stať ve sborníku

Katedra číslicového návrhu

Dependability models allow calculating the rate of events leading to a hazard state - a situation, where safety of the modeled dependable system (e.g. railway station signaling and interlocking equipment, automotive systems, etc.) is violated, thus the system may cause material loss, serious injuries or casualties. A hierarchical dependability model based on multiple Markov chains allows expressing multiple redundancies made at multiple levels of a system consisting of multiple cooperating blocks. The hazard rates of the blocks are calculated independently and, when combined, they are used to calculate the hazard rate of the whole system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks.

Stať ve sborníku

10.1109/CAMAD.2014.7033254

Katedra číslicového návrhu

The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel that lasts over 30 seconds can be detected in a minute. During the on-line testing on a real traffic from production network, the module signalized on average over 60 confirmed alerts including DNS tunnels per day.

Stať ve sborníku

Katedra číslicového návrhu

A dependability model allows calculating the rate of an event leading to a hazard state - a situation, where safety of the modeled system is violated, thus the system may cause material loss, serious injuries or casualties. A hierarchical dependability model allows expressing multiple redundancies made at multiple levels of a system decomposed to multiple cooperating blocks. A hierarchical dependability model based on Markov chains allows each block and its relation to the other blocks to be expressed independently by a Markov chain. This allows a decomposition of a complex dependability model into multiple small models to be made. The decomposed model is easier to read, understand and modify. A hazard rate is calculated significantly faster using hierarchical model, because the decomposition allows exponential calculation-time explosion to be avoided. The hazard rate of the system is the key value to specify the Safety Integrity Level (SIL).

Stať ve sborníku

10.1109/LATW.2013.6562660

Katedra číslicového návrhu

Dependability models allow calculating the rate of an event leading to a hazard state – a situation, where safety of the modeled dependable system (e.g. railway station signaling and interlocking equipment, automotive systems, etc.) is violated, thus the system may cause material loss, serious injuries or casualties. A hierarchical dependability model allows expressing multiple redundancies made at multiple levels of a system decomposed to multiple cooperating blocks. A hierarchical dependability model based on Markov chains allows each block and relations between these blocks to be expressed independently by Markov chains. This allows a decomposition of a complex dependability model into multiple small models to be made. The decomposed model is easier to read, understand and modify. A hazard rate is calculated significantly faster using hierarchical model, because the decomposition allows exponential calculation-time explosion to be avoided. The paper shows a method how to reduce Markov chains and use them to create hierarchical dependability models. An example study is used to demonstrate the advantages of the hierarchical dependability models (the decomposition of the complex model into multiple simple models and the speedup of the hazard rate calculation).

Stať ve sborníku

Katedra číslicového návrhu

Petri nets are widely used for the specification of problems, in particular for describing concurrent systems. On the other hand, new versions of the UML specification precisely define the semantics of activity diagrams, and state machines, which can also be used to describe parallel systems. An interesting question is whether we can replace any Petri net machine by the state machine describing the same behavior, and vice versa.

Stať ve sborníku

10.1109/DSD.2013.66

Katedra číslicového návrhu

This paper describes the analysis of dependability and predictive reliability. The proposed methodology is based on hierarchical models and the generally acclaimed standard MIL-HDBK-217F. The equipment is a real component of the railway interlocking system in Czech Republic. The equipment is designed for high dependability and with respect of disturbances caused by the near environment. A possible encapsulation using UML to model processes affecting the reliability is shown.

Stať ve sborníku

Katedra číslicového návrhu

Článek popisuje metodiku pro analýzu a predikci spolehlivosti. Navrhovaná metodika je založena na hierarchických modelech a vychází z normy MIL-HDBK-217F. Popisovaná metodika se uplatní zejména při analýze spolehlivosti drážních zabezpečovacích zařízení, kde se předpokládá jisté bezpečnostní doporučení upravené normou EN CSN 50126. Dále je nastíněno využití hierarchických modelů pro modelování se zálohou a využití provozní databáze spolehlivosti. V závěru je naznačen směr, kterým by se měla ubírat dizertační práce zabývající se právě garantovanou úrovní spolehlivosti a bezpečnosti.

Stať ve sborníku

Katedra číslicového návrhu

This paper presents the structure of the dissertation concerning two main topics. The first one is about the partial duplication - a method allowing the improvement of the fault coverage of the system based on dependable blocks implemented in FPGA (Field-programmable gate array). This method uses fault simulation to determine which part of the block that will be duplicated to obtain improvement of the fault security at the low overhead cost. The block-based design rewuires a dependability model able to make multiple levels of dependability improvements into account. There are models capable to deal with multiple levels of dependability imrpovements, but their capabatilies are limited. A new hierarchical models based on Markov chains are concerned as the second and the main topic of the dissertation thesis and this paper.

Stať ve sborníku

Katedra číslicového návrhu

Tento článek pojednává o možnosti využití COMBO-LXT karty jako ethernetového testeru pro rychlosti vyšší jak 10Gb/s na platformě NetCOPE, která byla vytvořena v rámci projektu Liberouter a slouží pro rychlý vývoj síťových aplikací na programovatelných obvodech FPGA. Výhodou vytvořeného řešení je dosažení příznivé ceny, kdy si může vlastník COMBO-LXT karty vytvořit ethernetový tester například z Netflow sondy bez změny v infrastruktuře. Generátor paketů umožňuje vysílat data na síťové rozhraní přes dvě 10Gb/s linky z uloženého PCAP souboru v přesně definované časové okamžiky. Z pohledu budoucího rozvoje je zde také rozebrán vývoj v oblasti hardwarové akcelerace síťových aplikací.

Stať ve sborníku

10.1109/DSD.2012.86

Katedra číslicového návrhu

This paper compares four different redundancy methods, which includes parity code, partial duplication and their combinations, with two standard methods (Duplex and Triple Module Redundancy). Two main attributes are observed: the Total size of system including overhead caused by redundancy addition and steady-state availability - dependability parameter defining the readiness for correct service of a system.

Stať ve sborníku

10.1109/DDECS.2012.6219050

Katedra číslicového návrhu

This paper presents a method how to reduce safety models based on Markov chains.The safety models is used to calculate the probability and rate of an event leading to the hazard state - situation, where safety of a modeled system is violated, so the system may cause material loss ot mortality. The reduction method allows us to prove that the rate of the event is sufficiently small hence the hazard state may be neglectede. The real safety model of railway station signaling and interlocking equipments is used as a case study.

Stať ve sborníku

Katedra číslicového návrhu

Dependability parameters of FPGA chips, specially the SRAM-based ones, are still not so high, especially when using them in mission-critical applications. To prove or disprove this statement, we decide to make some experiments with real FPGA chips under extreme conditions and find out what really happens with the circuit when a single event upset occurs. This paper describes these experiments and their obtained and expected results.

Stať ve sborníku

10.1109/DSD.2011.42

Katedra číslicového návrhu

FPGAs are susceptible to many environment effects that can cause soft errors (errors which can be corrected by the reconfiguration ability of the FPGA). Two different fault models are discussed and compared in this paper. The first one - Stuck-at model - is widely used in many applications and it is not limited to the FPGAs. The second one - Bit-flip model - can affect SRAM cells that are used to configure the internal routing of the FPGA and to set up the behavior of the Look-Up Tables (LUTs). The change of the LUT behavior is the only Bit-flip effect considered in this paper. A fault model analysis has been performed on small example designs in order to find the differences between the fault models. This paper discusses the relevance of using two types of models Stuck-at and Bit-flip with respect to the dependability characteristics Fault Security (FS) and Self-Testing (ST). The fault simulation using both fault models has been performed to verify the analysis

Kapitola v knize

10.4018/978-1-60960-212-3

Katedra číslicového návrhu

The main aim of this chapter is to present the way, how to design fault-tolerant or fail-safe systems in programmable hardware (FPGAs) and therefore to use FPGAs in mission-critical applications, too. RAM based FPGAs are usually taken for unreliable due to high probability of transient faults (SEU) and therefore inapplicable in this area. But FPGAs can be easily reconfigured. Our aim is to utilize appropriate type of FPGA reconfiguration and to combine it with well-known methods for fail-safe and fault-tolerant design (duplex, TMR) including on-line testing methods for fault detection and then startup of the reconfiguration process. Dependability parameters' calculations based on reliability models is integral part of proposed methodology. The trade-off between the requested level of dependability characteristics of a designed system and area overhead with respect to FPGA possible faults is main property and advantage of proposed methodology.

Stať ve sborníku

Katedra číslicového návrhu

This paper discusses a technology and a structure of FPGAs. Our aim is to design dependable systems. Most of them are based on FPGAs, because of shorter time to market, easy designing of complex circuits and lower price in comparison to ASIC. Consequently our research is aimed to using FPGAs, in which the security is given by hardware organization and due to this is higher than on PC based devices.

Stať ve sborníku

Katedra číslicového návrhu

The article discusses the reliability of hierarchical models, based on reliability block models. It describes the design methodology of hierarchical block models. At the same time introduced a program SHAMAP, which evolves according to the methodology. Hierarchical models can simplify the design, because they can be mutually nested. The blocks can be nested and different reliability models.

Stať ve sborníku

Katedra číslicového návrhu

This paper deals with a description of the method, how to increase dependability parameters (safety and reliability) of a system based on programmable hardware (FPGAs). This paper combines Concurrent Error Detection (CED) techniques, FPGA dynamic reconfigurations and our Modified Duplex System (MDS) architecture. The methodology is developed with respect to minimal area overhead and possible future low-power SoC (System on a chip) design. Our proposed methodology is great intended for practical applications, therefore our methodology is evaluated by safety railway station system. It is aimed especially for modular systems. The method is based on static and partial dynamic reconfiguration of totally self-checking blocks. The type and size of blocks to reconfigure depends on the used architecture and on the particular construction of a safety device for the particular railway station.

Stať ve sborníku

Katedra číslicového návrhu

Dependability parameters of FPGA chips, specially the SRAM-based ones, are still not so high, especially when using them in mission-critical applications. To prove or disprove this statement, we decide to make some experiments with real FPGA chips under extreme conditions and find out what really happens with the circuit when a single event upset occurs. This paper describes these experiments and their obtained and expected results.

Stať ve sborníku

Katedra číslicového návrhu

This submission summarizes partial results of my work on the railway station safety device. The proposed electronic circuit simulates the coverage of single event upsets and is based on partial results from the diploma thesis. It describes properties of possible system decomposition with respect to dependability and reliability issues. The paper shows reliability parameters of counters and advantage of dividing wide counters into a few less wide counters.

Stať ve sborníku

Katedra číslicového návrhu

This paper presents future work, which the main goal is to find a solution for interconection between reconfigurable blocks and keep fault secure parameters. Described method will use a partial reconfiguration to obtain self-repair ability. Our concept will be proved on a practical problem, which is implementing the railway station system in the FPGA.

Stať ve sborníku

10.1109/DSD.2010.112

Katedra číslicového návrhu

A method how to improve the coverage of single faults in combinational circuits is proposed. The method is based on Concurrent Error Detection, but uses a fault simulation to find Critical points - the places, where faults are difficult to detect. The partial duplication of the design with regard to these critical points is able to increase the faults coverage with a low area overhead cost. Due to higher fault coverage we can increase the dependability parameters. The proposed modification is tested on the railway station safety devices designs implemented in the FPGA.

Stať ve sborníku

Katedra číslicového návrhu

Our aim is to create a methodology for FPGA industrial applications with respect to area, speed, power consumption and reliability optimizations (both fail safe and fault-tolerant). We take into account different types of faults, the way they affect the circuit (Single Event Upset, Single Event Latchup, Delay faults etc.) and their injection into design (insertion into bitstream, edif, behavioral description or saboteur method). We need to create formal dependability models that are able to model mentioned faults and reconfifiguration ability of FPGAs. We use well-known Markov Chains and Stochastic Petri nets. The usage of both types of models is similar and they are mutually convertible. This paper describes the main problems how to obtain relevant and comparable results.

Stať ve sborníku

Katedra číslicového návrhu

A method how to calculate the steady-state availability of designs composed of two cooperating secured modules is proposed. Our main goal is to create a dependability model that is able to be used to describe designs containing cooperating secured reconfigurable modules.

Stať ve sborníku

Katedra číslicového návrhu

This paper shows the impact of the trade-off between reconfigurable and non-reconfigurable parts of the FPGA to the dependability characteristics of the whole design. Stochastic Petri nets have been used to compute reliability and dependability characteristics in a simple FPGA design with dynamically reconfigurable modules. Some parts of the design are not possible or proper to reconfigure dynamically (e.g. module interconnections, module-pin connections...). A non-reconfigurable overhead may have a significant effect to the availability of the design. The granularity of reconfigurable parts and their number can also affect dependability parameters. The method how to enumerate these effects via a formal dependability model is shown in this paper.

Stať ve sborníku

10.1109/DSD.2009.210

Katedra číslicového návrhu

The method how to design a safety device of railway station efficiently and scalable is proposed. The safety device for any configuration of railway station can be built from five basic blocks. These basic blocks are connected together with universal interface. Each block is based on a finite state machine. The finite state machines are "Moore" type. Each state machine is divided into three basic parts, where each part is designed as a self-checking circuit ensuring fault detection. Our methodology is intended for final implementation in FPGA and hence SEU faults occurring in the system is assumed.

Stať ve sborníku

Katedra číslicového návrhu

This paper summarizes previous work, which observed a design resistance against a single-bit error in bitstream. Created software tools allow to analyze the bitstream and to calculate its SEU sensitiveness. As a second step, the analysis can be verified by the hardware emulator, which gives reasonable data for reliability computation.

Kapitola v knize

Katedra číslicového návrhu

Chapter 8, Teaching Principles of Petri Nets in Hardware Courses and Student's Projects, presents the principles of using Petri Net formalism in hardware design courses, especially in the course "Architecture of peripheral devices". Several models and results obtained by student individual or group projects are mentioned. First the using of formalism as a modeling tool is presented consecutively from Place/Transition nets to Coloured Petri nets. Then the possible Petri Nets using as a hardware specification for direct hardware implementation (synthesized VHDL for FPGA) is described. Implementation and simulation results of three directly implemented models are presented.