Filters

More filters

2020 - 202415
Reset filters

Settings

DDC: 004 × Type: Text × WGL Institute: IHP ×

Search Results

Now showing 1 - 10 of 15
  • Thumbnail Image
    Item
    Through the Window: Exploitation and Countermeasures of the ESP32 Register Window Overflow †
    (Basel : MDPI, 2023) Lehniger, Kai; Langendörfer, Peter
    With the increasing popularity of IoT (Internet-of-Things) devices, their security becomes an increasingly important issue. Buffer overflow vulnerabilities have been known for decades, but are still relevant, especially for embedded devices where certain security measures cannot be implemented due to hardware restrictions or simply due to their impact on performance. Therefore, many buffer overflow detection mechanisms check for overflows only before critical data are used. All data that an attacker could use for his own purposes can be considered critical. It is, therefore, essential that all critical data are checked between writing a buffer and its usage. This paper presents a vulnerability of the ESP32 microcontroller, used in millions of IoT devices, that is based on a pointer that is not protected by classic buffer overflow detection mechanisms such as Stack Canaries or Shadow Stacks. This paper discusses the implications of vulnerability and presents mitigation techniques, including a patch, that fixes the vulnerability. The overhead of the patch is evaluated using simulation as well as an ESP32-WROVER-E development board. We showed that, in the simulation with 32 general-purpose registers, the overhead for the CoreMark benchmark ranges between 0.1% and 0.4%. On the ESP32, which uses an Xtensa LX6 core with 64 general-purpose registers, the overhead went down to below 0.01%. A worst-case scenario, modeled by a synthetic benchmark, showed overheads up to 9.68%.
  • Thumbnail Image
    Item
    168-195 GHz Power Amplifier with Output Power Larger Than 18 dBm in BiCMOS Technology
    (New York, NY : IEEE, 2020) Ali, Abdul; Yun, Jongwon; Giannini, Franco; Ng, Herman Jalli; Kissinger, Dietmar; Colantonio, Paolo
    This paper presents a 4-way combined G-band power amplifier (PA) fabricated with a 130-nm SiGe BiCMOS process. First, a single-ended PA based on the cascode topology (CT) is designed at 185 GHz, which consists of three stages to get an overall gain and an output power higher than 27 dB and 13 dBm, respectively. Then, a 4-way combiner/splitter was designed using low-loss transmission lines at 130-210 GHz. Finally, the combiner was loaded with four single-ended PAs to complete the design of a 4-way combined PA. The chip of the fabricated PA occupies an area of 1.35mm2. The realized PA shows a saturated output power of 18.1 dBm with a peak gain of 25.9 dB and power-added efficiency (PAE) of 3.5% at 185 GHz. A maximum output power of 18.7 dBm with PAE of 4.4% is achieved at 170 GHz. The 3-dB and 6-dB bandwidth of the PA are 27 and 42 GHz, respectively. In addition, the PA delivers a saturated output power higher than 18 dBm in the frequency range 140-186 GHz. To the best of our knowledge, the power reported in this paper is the highest for G-band SiGe BiCMOS PAs. © 2013 IEEE.
  • Thumbnail Image
    Item
    Ridge Gap Waveguide Based Liquid Crystal Phase Shifter
    (New York, NY : IEEE, 2020) Nickel, Matthias; Jiménez-Sáez, Alejandro; Agrawal, Prannoy; Gadallah, Ahmed; Malignaggi, Andrea; Schuster, Christian; Reese, Roland; Tesmer, Henning; Polat, Ersin; Schumacher, Peter; Jakoby, Rolf; Kissinger, Dietmar; Maune, Holger
    In this paper, the gap waveguide technology is examined for packaging liquid crystal (LC) in tunable microwave devices. For this purpose, a line based passive phase shifter is designed and implemented in a ridge gap waveguide (RGW) topology and filled with LC serving as functional material. The inherent direct current (DC) decoupling property of gap waveguides is used to utilize the waveguide surroundings as biasing electrodes for tuning the LC. The bed of nails structure of the RGW exhibits an E-field suppression of 76 dB in simulation, forming a completely shielded device. The phase shifter shows a maximum figure of merit (FoM) of 70 °/dB from 20 GHz to 30 GHz with a differential phase shift of 387° at 25 GHz. The insertion loss ranges from 3.5 dB to 5.5 dB depending on the applied biasing voltage of 0 V to 60 V. © 2013 IEEE.
  • Thumbnail Image
    Item
    Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice
    (Dordrecht [u.a.] : Springer Science + Business Media B.V, 2021) Kabin, Ievgen; Dyka, Zoya; Klann, Dan; Aftowicz, Marcin; Langendoerfer, Peter
    The Montgomery kP algorithm i.e. the Montgomery ladder is reported in literature as resistant against simple SCA due to the fact that the processing of each key bit value of the scalar k is done using the same sequence of operations. We implemented the Montgomery kP algorithm using Lopez-Dahab projective coordinates for the NIST elliptic curve B-233. We instantiated the same VHDL code for a wide range of clock frequencies for the same target FPGA and using the same compiler options. We measured electromagnetic traces of the kP executions using the same input data, i.e. scalar k and elliptic curve point P, and measurement setup. Additionally, we synthesized the same VHDL code for two IHP CMOS technologies, for a broad spectrum of frequencies. We simulated the power consumption of each synthesized design during an execution of the kP operation, always using the same scalar k and elliptic curve point P as inputs. Our experiments clearly show that the success of simple electromagnetic analysis attacks against FPGA implementations as well as the one of simple power analysis attacks against synthesized ASIC designs depends on the target frequency for which the design was implemented and at which it is executed significantly. In our experiments the scalar k was successfully revealed via simple visual inspection of the electromagnetic traces of the FPGA for frequencies from 40 to 100 MHz when standard compile options were used as well as from 50 MHz up to 240 MHz when performance optimizing compile options were used. We obtained similar results attacking the power traces simulated for the ASIC. Despite the significant differences of the here investigated technologies the designs’ resistance against the attacks performed is similar: only a few points in the traces represent strong leakage sources allowing to reveal the key at very low and very high frequencies. For the “middle” frequencies the number of points which allow to successfully reveal the key increases when increasing the frequency.
  • Thumbnail Image
    Item
    A TOPSIS-Assisted Feature Selection Scheme and SOM-Based Anomaly Detection for Milling Tools Under Different Operating Conditions
    (New York, NY : IEEE, 2021) Assafo, Maryam; Langendorfer, Peter
    Anomaly detection modeled as a one-class classification is an essential task for tool condition monitoring (TCM) when only the normal data are available. To confront with the real-world settings, it is crucial to take the different operating conditions, e.g., rotation speed, into account when approaching TCM solutions. This work mainly addresses issues related to multi-operating-condition TCM models, namely the varying discriminability of sensory features with different operating conditions; the overlap between normal and anomalous data; and the complex structure of input data. A feature selection scheme is proposed in which the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) is presented as a tool to aid the multi-objective selection of sensory features. In addition, four anomaly detection approaches based on Self-Organizing Map (SOM) are studied. To examine the stability of the four approaches, they are applied on different single-operating-condition models. Further, to examine their robustness when dealing with complex data structures, they are applied on multi-operating-condition models. The experimental results using the NASA Milling Data Set showed that all the studied anomaly detection approaches achieved a higher assessment accuracy with our feature selection scheme as compared to the Principal Component Analysis (PCA), Laplacian Score (LS), and extended LS in which we added a final step to the original LS method in order to eliminate redundant features.
  • Thumbnail Image
    Item
    Kafka-ML: Connecting the data stream with ML/AI frameworks
    (Amsterdam [u.a.] : Elsevier Science, 2022) Martín, Cristian; Langendoerfer, Peter; Zarrin, Pouya Soltani; Díaz, Manuel; Rubio, Bartolomé
    Machine Learning (ML) and Artificial Intelligence (AI) depend on data sources to train, improve, and make predictions through their algorithms. With the digital revolution and current paradigms like the Internet of Things, this information is turning from static data to continuous data streams. However, most of the ML/AI frameworks used nowadays are not fully prepared for this revolution. In this paper, we propose Kafka-ML, a novel and open-source framework that enables the management of ML/AI pipelines through data streams. Kafka-ML provides an accessible and user-friendly Web user interface where users can easily define ML models, to then train, evaluate, and deploy them for inferences. Kafka-ML itself and the components it deploys are fully managed through containerization technologies, which ensure their portability, easy distribution, and other features such as fault-tolerance and high availability. Finally, a novel approach has been introduced to manage and reuse data streams, which may eliminate the need for data storage or file systems.
  • Thumbnail Image
    Item
    Analysis of Single Event Transient Effects in Standard Delay Cells Based on Decoupling Capacitors
    (Singapore [u.a.] : World Scientific, 2022) Andjelkovic, Marko; Marjanovic, Milos; Drasko, Bojan; Calligaro, Cristiano; Schrape, Oliver; Gatti, Umberto; Kuentzer, Felipe A.; Ilic, Stefan; Ristic, Goran; Krstic, Milos
    Single Event Transients (SETs), i.e., voltage glitches induced in combinational logic as a result of the passage of energetic particles, represent an increasingly critical reliability threat for modern complementary metal oxide semiconductor (CMOS) integrated circuits (ICs) employed in space missions. In rad-hard ICs implemented with standard digital cells, special design techniques should be applied to reduce the Soft Error Rate (SER) due to SETs. To this end, it is essential to consider the SET robustness of individual standard cells. Among the wide range of logic cells available in standard cell libraries, the standard delay cells (SDCs) implemented with the skew-sized inverters are exceptionally vulnerable to SETs. Namely, the SET pulses induced in these cells may be hundreds of picoseconds longer than those in other standard cells. In this work, an alternative design of a SDC based on two inverters and two decoupling capacitors is introduced. Electrical simulations have shown that the propagation delay and SET robustness of the proposed delay cell are strongly influenced by the transistor sizes and supply voltage, while the impact of temperature is moderate. The proposed design is more tolerant to SETs than the SDCs with skew-sized inverters, and occupies less area compared to the hardening configurations based on partial and complete duplication. Due to the low transistor count (only six transistors), the proposed delay cell could also be used as a SET filter.
  • Thumbnail Image
    Item
    Dual-Band Transmitter and Receiver With Bowtie-Antenna in 0.13 μm SiGe BiCMOS for Gas Spectroscopy at 222 - 270 GHz
    (New York, NY : IEEE, 2021) Schmalz, Klaus; Rothbart, Nick; Gluck, Alexandra; Eissa, Mohamed Hussein; Mausolf, Thomas; Turkmen, Esref; Yilmaz, Selahattin Berk; Hubers, Heinz-Wilhelm
    This paper presents a transmitter (TX) and a receiver (RX) with bowtie-antenna and silicon lens for gas spectroscopy at 222-270 GHz, which are fabricated in IHP's 0.13 μm SiGe BiCMOS technology. The TX and RX use two integrated local oscillators for 222 - 256 GHz and 250 - 270 GHz, which are switched for dual-band operation. Due to its directivity of about 27 dBi, the single integrated bowtie-antenna with silicon lens enables an EIRP of about 25 dBm for the TX, and therefore a considerably higher EIRP for the 2-band TX compared to previously reported systems. The double sideband noise temperature of the RX is 20,000 K (18.5 dB noise figure) as measured by the Y-factor method. Absorption spectroscopy of gaseous methanol is used as a measure for the performance of the gas spectroscopy system with TX- and RX-modules.
  • Thumbnail Image
    Item
    Resilience in the Cyberworld: Definitions, Features and Models
    (Basel : MDPI, 2021) Vogel, Elisabeth; Dyka, Zoya; Klann, Dan; Langendörfer, Peter
    Resilience is a feature that is gaining more and more attention in computer science and computer engineering. However, the definition of resilience for the cyber landscape, especially embedded systems, is not yet clear. This paper discusses definitions provided by different authors, on different years and with different application areas the field of computer science/computer engineering. We identify the core statements that are more or less common to the majority of the definitions, and based on this we give a holistic definition using attributes for (cyber-) resilience. In order to pave a way towards resilience engineering, we discuss a theoretical model of the life cycle of a (cyber-) resilient system that consists of key actions presented in the literature. We adapt this model for embedded (cyber-) resilient systems.
  • Thumbnail Image
    Item
    In-Vitro Classification of Saliva Samples of COPD Patients and Healthy Controls Using Machine Learning Tools
    (New York, NY : IEEE, 2020) Zarrin, Pouya Soltani; Roeckendorf, Niels; Wenger, Christian
    Chronic Obstructive Pulmonary Disease (COPD) is a life-threatening lung disease and a major cause of morbidity and mortality worldwide. Although a curative therapy has yet to be found, permanent monitoring of biomarkers that refiect the disease progression plays a pivotal role for the effective management of COPD. The accurate examination of respiratory tract fiuids like saliva is a promising approach for staging disease and predicting its upcoming exacerbations in a Point-of-Care (PoC) environment. However, the concurrent consideration of patients' demographic and medical parameters is necessary for achieving accurate outcomes. Therefore, Machine Learning (ML) tools can play an important role for analyzing patient data and providing comprehensive results for the recognition of COPD in a PoC setting. As a result, the objective of this research work was to implement ML tools on data acquired from characterizing saliva samples of COPD patients and healthy controls as well as their demographic information for PoC recognition of the disease. For this purpose, a permittivity biosensor was used to characterize dielectric properties of saliva samples and, subsequently, ML tools were applied on the acquired data for classification. The XGBoost gradient boosting algorithm provided a high classification accuracy and sensitivity of 91.25% and 100%, respectively, making it a promising model for COPD evaluation. Integration of this model on a neuromorphic chip, in the future, will enable the real-time assessment of COPD in PoC, with low cost, low energy consumption, and high patient privacy. In addition, constant monitoring of COPD in a near-patient setup will enable the better management of the disease exacerbations.