Publications

Proceedings paper

10.1109/CCWC.2019.8666521

Department of Digital Design

This paper presents an attempt to combine recent research in fields of hardware- and software-based high throughput universal lossless compression algorithms and their implementations, resulting into a case study focusing on one of the most critical parts of compression algorithms – a Match Search Unit (MSU) and its parallelization. The presented FPGA design combines ideas of the LZ4 algorithm (which is derived from the most common LZ77) with the state of the art hardware architectures for lossless compression also based on LZ77. This approach might lead to a smaller, better organized or more efficient ”building block” for modern implementations of hardware driven lossless compression algorithms. The presented design focuses on optimization of the main problem of the LZ77 family, namely the construction of and searching in a compression dictionary. Particularly, we combine a Live Value Table (LVT) with multi-ported memory in order to improve the bandwidth of the dictionary and the Fibonacci hashing principle originating from LZ4 algorithm to decrease latency of the MSU and to achieve overall higher throughput rate. For the design synthesis an FPGA of the Xilinx Virtex-7 family was used.

Proceedings paper

10.1109/DDECS.2019.8724663

Department of Digital Design

The security of many digital devices strongly depends on a secret value stored in them. To mitigate security threats, high protection of such a value must be provided. Many attacks against (cryptographic) hardware as well as attack countermeasures were presented recently. As new attacks are invented continuously, it is important to analyze even potential threats to mitigate device vulnerability during its lifetime. In this paper, we report a novel voter-related vulnerability, which can be potentially misused to compromise the secret value stored in an embedded device.

Proceedings paper

10.1109/DSD.2019.00062

Department of Digital Design

As digital devices penetrate to many areas important for the present society, it is important to analyze even potential threats to mitigate vulnerabilities during their lifetime. In this paper, we analyze the data dependency of the photocurrent induced by a laser beam in the illuminated CMOS circuit. The data dependency may introduce potential threat(s) originating in the nature of the CMOS technology. The data dependency can be potentially misused to compromise the data processed by an embedded device. We show that also the devices employing dual-rail encoding to hide data-dependency are not safe.

Proceedings paper

10.1109/ReConFig48160.2019.8994794

Department of Digital Design

This paper presents an FPGA design implementing a single LZ4 lossless compression IP block, providing a throughput of 6 Gbps combined with extremely low latency, while still retaining full binary compatibility with the original LZ4 format. The best-known competitor is capable of processing up to 2 Gbps per block/engine with unknown latency. The presented design uses two key features: a low-latency 8-way match search unit and consequently a match buffer which allows encoding LZ4 sequences independently to reduce stalls in the data processing pipeline. The design was evaluated on several compression corpora with an average compression ratio of 1.7.

Proceedings paper

Department of Digital Design

Current flow exporters are the essential source of information for monitoring systems. They usually cre-ate aggregated information as flow data and, additionally, it is possible to extract headers from higherlayer protocols (L7). Due to requirements on high throughput, the flow exporters use hardware accel-eration to handle high packet rate at link speed (aiming at least 100 Gb/s). However, manually createddesign of such high-performance devices is very complex and complicated. Therefore, we propose touse a high-level P4 language for description of network traffic processing device that will be capable ofhandling L7 information. As our recent works show, it is possible to generate high-performance firmwaredesign automatically based on P4 description. Since P4 is not primarily intended for processing L7 data,this paper proposes a feasible way to overcome limits of P4.

Proceedings paper

10.1109/CCWC.2019.8666446

Department of Digital Design

This document presents a new approach to network jitter measurement and analysis in asynchronous data networks such as Ethernet. The developed monitoring device is capable to analyze an incoming stream speed of 1 Gb/s with the resolution up to 8 ns. The system architecture supports speeds up to 100 Gb/s networks. The presented architecture can provide several statistical functions such as measuring a network jitter by Interarrival Histograms method providing the mean value and peak-to-peak value as well. The architecture was implemented and tested on Xilinx Kintex UltraScale FPGA chip using Avnet AES-KU040-DB-G development board.

Proceedings paper

Department of Digital Design

Network monitoring features has been always a challenge in high-speed networks. Some of themlike detailed traffic analysis and packet inspection are not suited or simply not feasible even on modernhardware. The challenges are becoming even greater with an uprise of encrypted traffic. This leaves largeopportunity for threat actors to take advantage of. Therefore, it is necessary to develop a new generationof monitoring tools that can deal with the current issues for security purposes. This research aims toimprove traffic analysis techniques to handle encrypted traffic, and also to adapt hardware acceleratedmonitoring components for processing.

Article

Department of Digital Design

In the paper, energy recuperation and management in automotive suspension systems with linear electric motors controlled using a proposed H∞ controller to obtain a variable mechanical force for a car damper is presented. Vehicle suspensions in which forces are generated in response to feedback signals by active elements obviously offer increased design flexibility compared to the conventional suspensions using passive elements such as springs and dampers. The main advantage of the proposed solution using a linear AC motor is the possibility to generate desired forces acting between the unsprung and sprung masses of the car, providing good insulation of the car sprung mass from the road surface disturbances. In addition, under certain circumstances using linear motors as actuators enables to transform mechanical energy of the vertical car vibrations to electrical energy, accumulate it, and use it when needed. Energy flow control (management) enables to reduce or even eliminate the demands concerning the external power source.

Proceedings paper

Department of Digital Design

: It is often assumed that if practical difficulties are neglected, active systems could produce in principle arbitrary ideal behavior. This paper presents the factorization approach that is taken to derive limitations of achievable frequency responses for active vehicle suspension systems in terms of invariant frequency points and restricted rate of decay at high frequencies. The factorization approach enables us to determine complete sets of such constraints on various transfer functions from the load and road disturbance inputs for typical choices of measured outputs and then choose the “most advantageous” vector of the measurements from the point of view of the widest class of the achievable frequency responses. Using a simple linear two degree-of-freedom car suspension system model it will be shown that even using complete state feedback and in the case of in which the system is controllable in the control theory sense, there still are limitations to suspension performance in the fully active state.

Article

Department of Digital Design

It is often assumed that if practical difficulties are neglected, active systems could produce in principle arbitrary ideal behavior. This paper presents the factorization approach that is taken to derive limitations of achievable frequency responses for active vehicle suspension systems in terms of invariant frequency points and restricted rate of decay at high frequencies. The factorization approach enables us to determine complete sets of such constraints on various transfer functions from the load and road disturbance inputs for typical choices of measured outputs and then choose the “most advantageous” vector of the measurements from the point of view of the widest class of the achievable frequency responses. Using a simple linear two degree-of-freedom car suspension system model it will be shown that even using complete state feedback and in the case of in which the system is controllable in the control theory sense, there still are limitations to suspension performance in the fully active state.

Article

Department of Digital Design

In the paper, energy recuperation and energy flow distribution in automotive suspension systems with linear electric motors controlled using a designed H∞ controller to obtain a variable mechanical force for a car active damper is presented. Vehicle suspensions in which forces are generated in response to feedback signals by active elements obviously offer increased design flexibility compared to the conventional suspensions using passive elements such as springs and dampers. The main advantage of the specified new solution using a linear AC motor is the possibility to generate desired forces acting between the unsprung and sprung masses of the car, providing good insulation of the car sprung mass from the road surface and load disturbances. In addition, under certain circumstances, the application of linear motors as actuators enables to transform mechanical energy of the vertical car vibrations to electrical energy, accumulate it, and use it when needed. Energy flow control enables to reduce or even eliminate the demands concerning the external power source.

Proceedings paper

Department of Digital Design

The Dummy Rounds protection scheme, intended to offer resistance to Feistel and SP ciphers against Side-Channel Attacks, has been introduced in earlier work. Its experimental evaluation revealed weaknesses, most notably in the first and last round. This paper shows that the situation can be greatly improved by controlling the transition probabilities in the state space of the algorithm. We have specified sufficient conditions for the round execution probabilities to be uniform and hence the minimum possible. The optimum trajectories over the state space are regular and easy to implement.

Proceedings paper

10.1109/DDECS.2019.8724632

Department of Digital Design

The dummy rounds protection scheme, intendedto offer resistance against Side Channel Attacks to Feisteland SP ciphers, has been introduced in earlier work. Itsexperimental evaluation revealed weaknesses, most notablyin the first and last round. In this contribution, we showthat the situation can be greatly improved by controllingthe transition probabilities in the state space of the algo-rithm. We derived necessary and sufficient conditions forthe round execution probabilities to be uniform and hencethe minimum possible. The optimum trajectories over thestate space are regular and easy to implement.

Proceedings paper

10.1109/MECO.2019.8760291

Department of Digital Design

Simulation of neural networks is a significant task for contemporary artificial intelligence research. Despite the availability of modern processing hardware, the task is still too demanding to be done in a sequential way. Therefore, a parallel computation approach is almost always necessary. Modern graphical accelerators (GPUs) represent highly parallel machines with a significant computational performance that can be unleashed only under certain conditions including threads scheduling, proper sources occupation, aligned data access, communication management, etc. We have proposed a novel acceleration approach for large neural networks. It is using a GPU and incorporating biologically highly precise spiking neurons that can imitate real biological neurons. The simulator can be, for example, used for research of communication dynamics of large neural networks with tens of thousands of spiking neurons.

Proceedings paper

10.1007/978-3-030-50995-8_5

Department of Digital Design

Differential equations are of immense importance for modeling physical phenomena, often in combination with discrete modeling formalisms. In current industrial practice, properties of the resulting models are checked by testing, using simulation tools. Research on SAT solvers that are able to handle differential equations has aimed at replacing tests by correctness proofs. However, there are fundamental limitations to such approaches in the form of undecidability, and moreover, the resulting solvers do not scale to problems of the size commonly handled by simulation tools. Also, in many applications, classical mathematical semantics of differential equations often does not correspond well to the actual intended semantics, and hence a correctness proof wrt. mathematical semantics does not ensure correctness of the intended system. In this paper, we head at overcoming those limitations by an alternative approach to handling differential equations within SAT solvers. This approach is usually based on the semantics used by tests in simulation tools, but still may result in mathematically precise correctness proofs wrt. that semantics. Experiments with a prototype implementation confirm the promise of such an approach.

Invited/Awarded proceedings paper

Department of Digital Design

Development of new technologies and especially the basic principles of Industry 4.0 (interconnection, IoT, information transparency, technical assistance, cyber physical systems and decentralization) means not only standard improvements, e.g. increasing of performance, but also some negative issues. Everybody must be on-line 24 hours, there are more and more small things with their own intelligence. The proper trade-off between the price and reliability must be solved always with respect to the application. The application-specific systems are used due to possible programmability both hardware and software blocks. It can lead to totally different principles in digital design. Here global overview of problems that must be taken into account in today interconnected world, especially with emphasizing the dependability issues will be presented. There are several basic questions: what does it mean dependability, how to predict proper parameters and how to guarantee them before the final (mostly expensive) production, what model to use and how to validate it and how to verify the final realization, what are and how to overcome the most probable faults, how to combine and express safety and security limits, and finally how to ensure these requirements concurrently both in development and production processes.

Proceedings paper

Department of Digital Design

This work summarizes the author's research in the area of side-channel analysis. It focuses on two main topics: efficient implementations of attacks and fault-tolerant countermeasures. Published results of the author are briefly presented and recent unpublished results dedicated to fault-tolerant architectures exploiting randomness of masking schemes to decrease the overhead are described. The structure of this paper corresponds to the structure of author's forthcoming dissertation thesis.

Proceedings paper

10.1109/MECO.2019.8760086

Department of Digital Design

Common contemporary ECG units are computer-based devices that can be connected to the computer network to enable simultaneous monitoring of several patients in, e.g., intensive care units. Typically, these devices are relatively large, heavy, and powered from the wall socket. As a result, the movement of a patient is limited, even in cases when the patient’s physical condition does not bind him/her to the bed. This paper describes proof-of-concept portable device for electrocardiography which can measure three elemental ECG leads, is battery powered and transmits measured data into a central data collection unit via WiFi. Therefore, the patient can leave the bed for a reasonable distance, while the physician can continue monitoring the patient’s health condition. It is easy to quickstart usage and mass production of the presented prototype. We have tested the hardware and developed the necessary software. The system is based on ADAS1000 from Analog Devices as an ECG analogue front-end. Measured data are processed by STM32L0 MCU and sent to the data collection unit using the ESP8266 WiFi module.

Proceedings paper

10.1109/DTIS.2019.8735006

Department of Digital Design

This paper shows a method of calculating the hazard rate of the non-homogeneous Markov chains using different homogeneous probability matrices for several hundreds small time intervals. The proposed method is applied on hierarchical dependability models allowing independent calculations of the hazard rates of multiple cooperating blocks of the system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks and the proposed method is very accurate compared to methods based on homogeneous Markov chains.

Proceedings paper

10.1109/DSD.2019.00074

Department of Digital Design

Dependability models allow calculating the rate of events leading to a hazard state - a situation, where safety of the modeled dependable system is violated, thus the system may cause material loss, serious injuries or casualties. Hierarchical dependability models allow expressing multiple redundancies made at multiple levels of a system consisting of multiple cooperating blocks. The hazard rates of the blocks are calculated independently and, when combined, they are used to calculate the hazard rate of the whole system. The independent calculations are significantly faster than the calculation of a single model composed of all models of the blocks. The paper shows a method of calculating the hazard rate of the non-homogeneous Markov chains using different homogeneous probability matrices for several hundreds small time intervals. This method will allow us to calculate the hazard rate of the non-homogeneous Markov chain very accurately compared to methods based on homogeneous Markov chains.

Invited/Awarded proceedings paper

10.1109/MECO.2019.8760285

Department of Digital Design

Current cryptographic algorithms work with operands that are several times wider than the machine word, e.g., the still popular RSA algorithm shall use at least 2 048-bit keys. Such algorithms therefore require libraries that implement multiprecision arithmetic. Existing libraries are either not tailored for microcontrollers, or they implement an incomplete set of multiprecision operations, which limits the implementation of some unusual cryptographic algorithms on microcontrollers. In this work, we present a novel ANSI C library that implements also some less common operations like, e.g., multiprecision integer division. The library was designed with respect to the use on microcontrollers and has been tested on ARM M4-based microcontroller Microchip CEC1302.

Proceedings paper

10.1109/DSD.2019.00048

Department of Digital Design

Dynamic logic reconfiguration is a concept which allows for efficient on-the-fly modifications of combinational circuit behaviour in both ASIC and FPGA devices. The reconfiguration of Boolean functions is achieved by modification of their generators (e.g. shift register-based look-up tables) and it can be controlled from within the chip, without the necessity of any external intervention. This hardware polymorphism can be utilized for the implementation of side-channel attack countermeasures, as demonstrated by Sasdrich et al. for the lightweight cipher PRESENT. In this work we adopt these countermeasures to two of the AES finalists, namely Rijndael and Serpent. Just like PRESENT, both Rijndael and Serpent are block ciphers based on a substitution-permutation network. We describe the countermeasures and adjustments necessary to protect these ciphers using the resources available in modern Xilinx FPGAs. We describe our VHDL implementations and evaluate the side-channel leakage and effectiveness of different countermeasure combinations using a methodology based on Welch’s t-test. We did not detect any significant leakage from the fully protected versions of our implementations. We show that the countermeasures proposed by Sasdrich et al. are, with some modifications compared to the protected PRESENT implementation, successfully applicable to AES and Serpent.

Article

10.1016/j.micpro.2019.102858

Department of Digital Design

Correlation power analysis (CPA) is one of the most common side-channel attacks today, posing a threat to many modern ciphers, including AES. In the final step of this attack, the cipher key is usually extracted by the attacker by visually examining the correlation traces for each key guess. The naïve way to extract the correct key algorithmically is selecting the key guess with the maximum Pearson correlation coefficient. We propose another key distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard maximization, especially in the noisy environment, and it allows to significantly reduce the number of acquired power traces necessary to successfully mount an attack in noisy environment, and in some cases make the attack even feasible.

Proceedings paper

10.1109/MECO.2019.8760033

Department of Digital Design

Side-channel analysis pose a serious threat to many modern cryptosystems. Using Correlation power analysis, attacker may be able to recover the cipher key and therefore jeopardize the whole cryptosystem, which is why many countermeasures are being developed. These countermeasures are typically effective against first-order attacks. However, protected implementations may still be vulnerable to higher-order analysis. In this paper, we compare different approaches to the higher-order analysis regarding their mathematical and performance properties. We focus on Correlation power analysis attack and the test vector leakage assesment using Welch’s t-test, we optimize and accelerate discussed algorithms using CPU and GPU, and we present our experimental results and remarks

Proceedings paper

Department of Digital Design

Side-channel cryptanalysis pose a serious threat to many modern cryptographic systems. Typical scenario of a side-channel attack consists of an active phase, where data are acquired, and of an analytical phase, where the data get examined and evaluated. This work presents a software toolkit which includes support for both phases of the side-channel attack. The toolkit consists of non-interactive text-based utilities with modular plug-in architecture. The measurement utility supports different oscilloscopes, target interfaces and measurement scenarios. The evaluation utilities include support for the test vector leakage assessment and the CPA attack. Different approaches to the algorithmical evaluation of the attack are implemented in order to extract the cipher key. The visualisation utility allows for the visual examination of the attack results by the user. The toolkit aims to be multiplatform and it is written using C/C++ with performance in mind. Time-demanding operations (such as the statistical analysis) are accelerated using OpenMP and OpenCL for an efficient computation on both CPU and GPU devices.