Patent Grant
11966503
Modern automobiles include a number of sensors, controllers, and processors. These devices often communicate signals and/or messages via a common bus. For example, an in-vehicle network (IVN) can be used to send messages between devices in a vehicle. Attacks against such IVNs can have severe safety consequences and often must be mitigated in real time.
To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the figure number in which that element is first introduced.
Various embodiments of the present disclosure are directed to providing mitigation against “glitch” style attacks on a communication network, such as, an IVN. As used herein, a glitch style attack is any attempt to mislead a node on the network based on exploiting different sampling times of the network nodes. For example, a malicious actor (e.g., malicious electronic control unit (ECU), or the like) can transmit a message where voltage levels are “glitched” such that different nodes sample different voltage levels for the same bit. Messages received at the receiving nodes are all valid but can differ from each other due to the different sampled voltage levels. Compounding this problem is the fact the receivers cannot distinguish fake information from authentic information. As a result, the receiving nodes may make different decisions and/or take different action based on the received message.
The present disclosure provides systems and methods that can be implemented to mitigate attempts to mislead receiving nodes based on exploiting sampling time of receiving nodes. In particular, the present disclosure provides systems and methods arranged to monitor the communication bus and force bit levels to remain constant through the entire bit width to prevent or mitigate against glitch style attacks. A centralized approach as well a distributed approach are described. It is noted that although the present disclosure often references vehicles, vehicle ECUs, and IVNs in describing illustrative examples, the claims can be applied to a variety of broadcast communication networks where sampling mechanisms would be susceptible to glitch style attacks. For example, broadcast communication networks are found in industrial, commercial, retail, transportation, aircraft, military, etc., systems and the present disclosure is applicable to all such systems.
In the following description, numerous specific details such as processor and system configurations are set forth in order to provide a more thorough understanding of the described embodiments. However, the described embodiments may be practiced without such specific details. Additionally, some well-known structures, circuits, and the like have not been shown in detail, to avoid unnecessarily obscuring the described embodiments.
In general, each of ECU 102a, ECU 102b, and ECU 102c include circuitry arranged to generate messages and transmit the messages onto communication bus 106 and/or consume messages from communication bus 106. The depicted ECUs (e.g., ECU 102a, ECU 102b, and ECU 102c) can be any of a variety of devices, such as, for example, sensor devices, actuator devices, microprocessor control devices, memory, IP cores, or the like. For example, the ECUs include circuitry arranged to manipulate voltage levels on communication bus 106 (e.g., see
ECUs are arranged to generate and/or consume messages, where the messages can include data or commands. Specifically, ECUs can convey messages via communication bus 106. In particular, this figure depicts a number of messages (MSGs), such as, message 108a, message 108b, message 108c, and message 108d. The number of messages is depicted for purposes of clarity and ease of explanation. Additionally, each of ECUs 102a, 102b, and 102c are coupled to communication bus 106 at different connection points. For example, ECU 102a couples to communication bus 106 at connection point 110a, ECU 102b couples to communication bus 106 at connection point 110b, and ECU 102c couples to communication bus 106 at connection point 110a. During operation, one of ECUs 102a, 102b, or 102c may be malicious. For example, ECU 102c may transmit a malicious message with a glitch such that the other ECUs (e.g., ECU 102a and ECU 102b) receive different bits due to their sampling the voltage levels of the communication bus 106 at different points in time.
Attack prevention device 104 is arranged to mitigate such attacks. To this end, attack prevention device 104 couples to bus at connection point 110d and includes processing circuitry 112, sampling circuitry 114, and memory 116. Memory 116 includes instructions 118 (e.g., firmware, or the like) that can be executed by processing circuitry 112 and/or sampling circuitry 114. During operation, sampling circuitry 114 can sample voltage levels on communication bus 106 at connection point 110d at multiple points in time, resulting in sampled voltages 120. Further, processing circuitry 112 can execute instructions 118 to identify a glitch style attack based on sampled voltages 120 and processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to apply mitigation actions (e.g., adjust the voltage levels on communication bus 106, or the like) to either correct the received messages or to corrupt the received messages. This is described in greater detail below.
Processing circuitry 112 can include any of a variety of processors, such as, for example, commercial central processing units, application specific integrated circuits, or the like. Processing circuitry 112 can be a microprocessor or a commercial processor and can include one or multiple processing core(s) and can also include cache. Sampling circuitry 114 can include circuitry such as, analog to digital converters, voltage measurement circuitry, voltage waveform observation circuitry (e.g., oscilloscope circuitry, or the like) arranged to sample voltage levels on communication bus 106 and to control or drive voltage levels on communication bus 106.
Memory 116 can be based on any of a wide variety of information storage technologies. For example, memory 116 can be based on volatile technologies requiring the uninterrupted provision of electric power or non-volatile technologies that do not require and possibly including technologies entailing the use of machine-readable storage media that may or may not be removable. Thus, each of these storages may include any of a wide variety of types (or combination of types) of storage devices, including without limitation, read-only memory (ROM), random-access memory (RAM), dynamic RAM (DRAM), Double-Data-Rate DRAM (DDR-DRAM), synchronous DRAM (SDRAM), static RAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, polymer memory (e.g., ferroelectric polymer memory), ovonic memory, phase change or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (SONOS) memory, magnetic or optical cards, one or more individual ferromagnetic disk drives, or a plurality of storage devices organized into one or more arrays (e.g., multiple ferromagnetic disk drives organized into a Redundant Array of Independent Disks array, or RAID array). Additionally, memory 116 can include storage devices.
As a specific example, communication bus 106 can be an IVN comprising a CANH conductor (e.g., conductor 202) and a CANL conductor (e.g., conductor 204). Accordingly,
When an ECU (e.g., ECU 102a, ECU 102b, ECU 102c, or the like) sends a 0 bit, it does so by increasing a first voltage (VCANH coupled to CANH) to at least VCANH0 and decreasing a second voltage (VCANL coupled to CANL) to at least VCANL0. For example, VCANH0 may be about 3.5 volts (V), while the VCANL0 may be about 1.5V. It is noted that the term “about” may mean within a threshold value (e.g., as specified by the CAN standard, such as, CAN Specification version 2.0 promulgated by Bosch GmbH) and can be dependent upon the bus standard, which may dictate the tolerance. In the recessive state, either the CAN bus (e.g., communication bus 110) is idle or an ECU is transmitting a logic 1. In the dominant state, at least one ECU is transmitting a logic 0. Thus, each waveform on the CAN bus can go through a number of voltage transitions.
These voltage transitions are measured as a voltage over time and correspond to a portion of the overall voltage waveform. In particular, waveforms 402 can have a rising edge transition 404 or a falling edge transition 406. Additionally, waveforms 402 can have a steady state transition 408 and a steady state transition 410. That is, waveforms 402 can have a steady state transition 410 for both the recessive state as well as a steady state transition 408 for the dominant state. To send a message (e.g., message 130, message 132, message 134, message 136, or the like) on the CAN bus, an ECU must cause a number of voltage transitions (e.g., rising edge transition 404, falling edge transition 406, steady state transition 408, and/or steady state transition 410) on the CAN bus to communicate bits indicating the contents of the message. Accordingly, during operation, analog voltage waveforms corresponding to messages (e.g., messages 108a 108b, 108c, etc.) can be observed on conductor(s) of communication bus 106.
Although the present disclosure (e.g.,
ECUs 102a and 102b sampling voltage waveform at connection points 110a and 110b would receive a series of bits that each appear correct from the perspective of the receiving ECUs 102a and 102b, but which are in fact different from each other. For example, ECU 102a would receive bit series [0, 1, 1, 0, 0, 1] while ECU 102b would receive bit series [0, 1, 0, 1, 0, 1]. As such, receiving ECUs 102a and 102b would receive different messages based on voltage waveform 500.
Method 600 can begin at block 602. At block 602 “sample, by circuitry of an attack prevention device, a voltage waveform at a point on a communication bus, the communication bus coupled to a number of electronic control units (ECUs)” a voltage waveform can be sampled at point on a communication bus where the communication bus is coupled to a number of ECUs. For example, attack prevention device 104 can sample voltage levels on communication bus 106 at connection point 110d. In particular, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to sample voltage levels on communication bus 106 at connection point 110d. With some implementations, attack prevention device 104 repeatedly (e.g., on a fixed period, or the like) samples voltage levels on communication bus 106 at connection point 110d to generate sampled voltages 120.
Continuing to block 604 “identify a glitch in the voltage waveform” a glitch in the voltage waveform can be identified. For example, attack prevention device 104 can detect a glitch in the voltage waveform transmitted on communication bus 106 based on sampled voltages 120. For example, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to identify a glitch (e.g., glitch 504a, glitch 504b, etc.) based on sampled voltages 120.
Continuing to method 606 “modify the voltage level on the communication bus to mitigate effects of the glitch on received messages” the voltage level on the bus can be modified to mitigate effects of the glitch identified at block 604. For example, attack prevention device 104 can modify the voltage level on communication bus 106 to mitigate effects from the identified glitch (see
At block 704 “overdrive the voltage level on the bus to force the voltage level to stay dominant” the voltage level on the bus can be overdriven to stay at the dominant level. For example, attack prevention device 104 can overdrive the malicious ECU to force the voltage level on communication bus 106 to stay dominant for the entire duration of time periods. In particular, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to drive voltage levels on communication bus 106 to the dominant level to overdrive the glitch 504a by the malicious ECU. For example,
At block 706 “identify the next recessive bit(s)” the next number of recessive bits can be identified. For example, attack prevention device 104 can identify the next recessive bit transmitted on communication bus 106, the next two (2) recessive bits transmitted on communication bus 106, the next three (3) recessive bits transmitted on communication bus 106, or the like. In particular, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to cause processing circuitry 112 and/or sampling circuitry 114 to sample voltage levels on communication bus 106 to identify the next number of recessive bits on communication bus 106.
Continuing to block 708 “overdrive the recessive bit(s) to corrupt the received messages” the number of identified recessive bits can be overdriven to corrupt any received messages. For example, attack prevention device 104 can overdrive the identified recessive bits to force the voltage level to be dominant during the time in which the recessive bit(s) are transmitted on communication bus 106, which will corrupt any received messages. In particular, processing circuitry 112 and/or sampling circuitry 114 can overdrive the voltage levels on communication bus 106 during the time in which the recessive bits are identified to corrupt messages received based on the recessive bits and the identified glitch 504b. For example,
Block 704 of method 900 can be like block 704 of method 700, where the voltage level on the bus can be overdriven to stay at the dominant level. For example, attack prevention device 104 can overdrive the malicious ECU to force the voltage level on communication bus 106 to stay dominant for the entire duration of time periods. In particular, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to drive voltage levels on communication bus 106 to the dominant level to overdrive the glitch 504a by the malicious ECU.
At block 902 “overwrite the voltage level to the protected node to correct the recessive glitch” the voltage level to the protected node can be overwritten to correct the recessive glitch. For example, attack prevention device 104 can overwrite the voltage level on communication bus 106 such the voltage level received by the protected node (e.g., ECU 102a) is recessive. This is depicted in
It is important to note that voltage level overdrive 802 may be applied after an initial stabilization period of each time period (e.g., time period 502a, etc.). For example, attack prevention device 104 can repeatedly sample voltage levels on communication bus 106 during each time period and after the voltage level has stabilized identify glitches and adjust voltage levels as outlined herein.
Method 1000 can begin at block 1002. At block 1002 “sample, by circuitry of an attack prevention device, a voltage waveform at a point on a communication bus, the communication bus coupled to a number of electronic control units (ECUs)” a voltage waveform can be sampled at point on a communication bus where the communication bus is coupled to a number of ECUs. For example, attack prevention device 104 can sample voltage levels on communication bus 106 at connection point 110d. In particular, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to sample voltage levels on communication bus 106 at connection point 110d. With some implementations, attack prevention device 104 repeatedly (e.g., on a fixed period, or the like) samples voltage levels on communication bus 106 at connection point 110d to generate sampled voltages 120.
Continuing to block 1004 “identify multiple glitches in the voltage waveform” a number of glitches in the voltage waveform can be identified. For example, attack prevention device 104 can detect multiple glitches in the voltage waveform transmitted on communication bus 106 based on sampled voltages 120. Said differently, attack prevention device 104 can detect instability in the stable region of the voltage waveform, indicative of multiple repeated glitches. For example, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to identify multiple glitches (e.g., like glitch 504a, like glitch 504b, etc.) in a single time period, within a threshold distance from each other, or the like.
Continuing to block 1006 “identify the next recessive bit(s)” the next number of recessive bits can be identified. For example, attack prevention device 104 can identify the next recessive bit transmitted on communication bus 106, the next two (2) recessive bits transmitted on communication bus 106, the next three (3) recessive bits transmitted on communication bus 106, or the like. In particular, processing circuitry 112 and/or sampling circuitry 114 can execute instructions 118 to cause processing circuitry 112 and/or sampling circuitry 114 to sample voltage levels on communication bus 106 to identify the next number of recessive bits on communication bus 106.
Continuing to block 1008 “overwrite the recessive bit(s) to corrupt the received messages” the number of identified recessive bits can be overwritten to corrupt any received messages. For example, attack prevention device 104 can overwrite the identified recessive bits to force the voltage level to be dominant during the time in which the recessive bit(s) are transmitted on communication bus 106, which will corrupt any received messages. In particular, processing circuitry 112 and/or sampling circuitry 114 can overwrite the voltage levels on communication bus 106 during the time in which the recessive bits are identified to corrupt messages received based on the recessive bits and the identified glitches.
The in-vehicle communication architecture 1200 includes various common communications elements, such as a transmitter, receiver, transceiver, and so forth. The embodiments, however, are not limited to implementation by the in-vehicle communication architecture 1200. As shown in this figure, the vehicular circuitry 1202 and circuitry 1204 may each be operatively connected to one or more respective data devices, such as, data device 1208 and/or data device 1210 that can be employed to store information local to the respective circuitry 1202 and/or circuitry 1204, such as fingerprints, distributions, densities, voltage signals, or the like. It may be understood that the circuitry 1202 and circuitry 1204 may be any suitable vehicular component, such as sensor, an ECU, microcontroller, microprocessor, processor, ASIC, field programmable gate array (FPGA), any electronic device, computing device, or the like. Moreover, it may be understood that one or more computing devices (containing at least a processor, memory, interfaces, etc.) may be connected to the communication framework 1206 in a vehicle.
Further, the communication framework 1206 may implement any well-known communications techniques and protocols. As described above, the communication framework 1206 may be implemented as a CAN bus protocol or any other suitable in-vehicle communication protocol. The communication framework 1206 may also implement various network interfaces arranged to accept, communicate, and connect to one or more external communications networks (e.g., Internet). A network interface may be regarded as a specialized form of an input/output (I/O) interface. Network interfaces may employ connection protocols including without limitation direct connect, Ethernet (e.g., thick, thin, twisted pair 10/100/1000 Base T, and the like), token ring, wireless network interfaces, cellular network interfaces, IEEE 802.7a-x network interfaces, IEEE 802.16 network interfaces, IEEE 802.20 network interfaces, and the like. Further, multiple network interfaces may be used to engage with various communications network types. The communication framework 1206 may employ both wired and wireless connections.
As used in this application, the terms “system” and “component” and “module” are intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution, examples of which are provided by the exemplary system 1300. For example, a component can be, but is not limited to being, a process running on a processor, a processor, a hard disk drive, multiple storage drives (of optical and/or magnetic storage medium), an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a server and the server can be a component. One or more components can reside within a process and/or thread of execution, and a component can be localized on one computer and/or distributed between two or more computers. Further, components may be communicatively coupled to each other by various types of communications media to coordinate operations. The coordination may involve the uni-directional or bi-directional exchange of information. For instance, the components may communicate information in the form of signals communicated over the communications media. The information can be implemented as signals allocated to various signal lines. In such allocations, each message is a signal. Further embodiments, however, may alternatively employ data messages. Such data messages may be sent across various connections. Exemplary connections include parallel interfaces, serial interfaces, and bus interfaces.
As shown in this figure, system 1300 comprises a motherboard or system-on-chip (SoC) 1302 for mounting platform components. Motherboard or system-on-chip (SoC) 1302 is a point-to-point (P2P) interconnect platform that includes a first processor 1304 and a second processor 1306 coupled via a point-to-point interconnect 1370 such as an Ultra Path Interconnect (UPI). In other embodiments, the system 1300 may be of another bus architecture, such as a multi-drop bus. Furthermore, each of processor 1304 and processor 1306 may be processor packages with multiple processor cores including core(s) 1308 and core(s) 1310, respectively. While the system 1300 is an example of a two-socket (2S) platform, other embodiments may include more than two sockets or one socket. For example, some embodiments may include a four-socket (4S) platform or an eight-socket (8S) platform. Each socket is a mount for a processor and may have a socket identifier. Note that the term platform refers to the motherboard with certain components mounted such as the processor 1304 and chipset 1332. Some platforms may include additional components and some platforms may only include sockets to mount the processors and/or the chipset. Furthermore, some platforms may not have sockets (e.g., SoC, or the like).
The processor 1304 and processor 1306 can be any of various commercially available processors, including without limitation an Intel® Celeron®, Core®, Core (2) Duo®, Itanium®, Pentium®, Xeon®, and XScale® processors; AMD® Athlon®, Duron® and Opteron® processors; ARM® application, embedded and secure processors; IBM® and Motorola® DragonBall® and PowerPC® processors; IBM and Sony® Cell processors; and similar processors. Dual microprocessors, multi-core processors, and other multi-processor architectures may also be employed as the processor 1304 and/or processor 1306. Additionally, the processor 1304 need not be identical to processor 1306.
Processor 1304 includes an integrated memory controller (IMC) 1320 and point-to-point (P2P) interface 1324 and P2P interface 1328. Similarly, the processor 1306 includes an IMC 1322 as well as P2P interface 1326 and P2P interface 1330. IMC 1320 and IMC 1322 couple the processors processor 1304 and processor 1306, respectively, to respective memories (e.g., memory 1316 and memory 1318). Memory 1316 and memory 1318 may be portions of the main memory (e.g., a dynamic random-access memory (DRAM)) for the platform such as double data rate type 3 (DDR3) or type 4 (DDR4) synchronous DRAM (SDRAM). In the present embodiment, the memories memory 1316 and memory 1318 locally attach to the respective processors (i.e., processor 1304 and processor 1306). In other embodiments, the main memory may couple with the processors via a bus and shared memory hub.
System 1300 includes chipset 1332 coupled to processor 1304 and processor 1306. Furthermore, chipset 1332 can be coupled to storage device 1350, for example, via an interface (I/F) 1338. The I/F 1338 may be, for example, a Peripheral Component Interconnect-enhanced (PCI-e). Storage device 1350 can store instructions executable by circuitry of system 1300 (e.g., processor 1304, processor 1306, GPU 1348, ML accelerator 1354, vision processing unit 1356, or the like). For example, storage device 1350 can store instructions for method 600 and/or method 700, or the like.
Processor 1304 couples to a chipset 1332 via P2P interface 1328 and P2P 1334 while processor 1306 couples to a chipset 1332 via P2P interface 1330 and P2P 1336. Direct media interface (DMI) 1376 and DMI 1378 may couple the P2P interface 1328 and the P2P 1334 and the P2P interface 1330 and P2P 1336, respectively. DMI 1376 and DMI 1378 may be a high-speed interconnect that facilitates, e.g., eight Giga Transfers per second (GT/s) such as DMI 3.0. In other embodiments, the processor 1304 and processor 1306 may interconnect via a bus.
The chipset 1332 may comprise a controller hub such as a platform controller hub (PCH). The chipset 1332 may include a system clock to perform clocking functions and include interfaces for an I/O bus such as a universal serial bus (USB), peripheral component interconnects (PCIs), serial peripheral interconnects (SPIs), integrated interconnects (I2Cs), and the like, to facilitate connection of peripheral devices on the platform. In other embodiments, the chipset 1332 may comprise more than one controller hub such as a chipset with a memory controller hub, a graphics controller hub, and an input/output (I/O) controller hub.
In the depicted example, chipset 1332 couples with a trusted platform module (TPM) 1344 and UEFI, BIOS, FLASH circuitry 1346 via I/F 1342. The TPM 1344 is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. The UEFI, BIOS, FLASH circuitry 1346 may provide pre-boot code.
Furthermore, chipset 1332 includes the I/F 1338 to couple chipset 1332 with a high-performance graphics engine, such as, graphics processing circuitry or a graphics processing unit (GPU) 1348. In other embodiments, the system 1300 may include a flexible display interface (FDI) (not shown) between the processor 1304 and/or the processor 1306 and the chipset 1332. The FDI interconnects a graphics processor core in one or more of processor 1304 and/or processor 1306 with the chipset 1332. Additionally, ML accelerator 1354 and/or vision processing unit 1356 can be coupled to chipset 1332 via I/F 1338. ML accelerator 1354 can be circuitry arranged to execute ML related operations (e.g., training, inference, etc.) for ML models. Likewise, vision processing unit 1356 can be circuitry arranged to execute vision processing specific or related operations. In particular, ML accelerator 1354 and/or vision processing unit 1356 can be arranged to execute mathematical operations and/or operands useful for machine learning, neural network processing, artificial intelligence, vision processing, etc.
Various I/O devices 1360 and display 1352 couple to the bus 1372, along with a bus bridge 1358 which couples the bus 1372 to a second bus 1374 and an I/F 1340 that connects the bus 1372 with the chipset 1332. In one embodiment, the second bus 1374 may be a low pin count (LPC) bus. Various devices may couple to the second bus 1374 including, for example, a keyboard 1362, a mouse 1364 and communication devices 1366.
Furthermore, an audio I/O 1368 may couple to second bus 1374. Many of the I/O devices 1360 and communication devices 1366 may reside on the motherboard or system-on-chip (SoC) 1302 while the keyboard 1362 and the mouse 1364 may be add-on peripherals. In other embodiments, some or all the I/O devices 1360 and communication devices 1366 are add-on peripherals and do not reside on the motherboard or system-on-chip (SoC) 1302.
The components and features of the devices described above may be implemented using any combination of processing circuitry, discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures, etc. Further, the features of the devices may be implemented using microcontrollers, programmable logic arrays and/or microprocessors or any combination of the foregoing where suitably appropriate. It is noted that hardware, firmware and/or software elements may be collectively or individually referred to herein as “logic” or “circuit.”
Some embodiments may be described using the expression “one embodiment” or “an embodiment” along with their derivatives. These terms mean that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment. Further, some embodiments may be described using the expression “coupled” and “connected” along with their derivatives. These terms are not necessarily intended as synonyms for each other. For example, some embodiments may be described using the terms “connected” and/or “coupled” to indicate that two or more elements are in direct physical or electrical contact with each other. The term “coupled,” however, may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
It is emphasized that the Abstract of the Disclosure is provided to allow a reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate embodiment. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively. Moreover, the terms “first,” “second,” “third,” and so forth, are used merely as labels, and are not intended to impose numerical requirements on their objects.
What has been described above includes examples of the disclosed architecture. It is, of course, not possible to describe every conceivable combination of components and/or methodology, but one of ordinary skill in the art may recognize that many further combinations and permutations are possible. Accordingly, the novel architecture is intended to embrace all such alterations, modifications and variations that fall within the spirit and scope of the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5774736 | Wright | Jun 1998 | A |
| 10474846 | Rezayee | Nov 2019 | B1 |
| 20180268174 | Bathurst | Sep 2018 | A1 |
| 20180270195 | Bathurst | Sep 2018 | A1 |
| 20180270196 | Bathurst | Sep 2018 | A1 |
| 20190332823 | Kwon | Oct 2019 | A1 |
| 20200204395 | Takahashi | Jun 2020 | A1 |
| 20200351168 | Hirano | Nov 2020 | A1 |
| 20210004461 | Guilley | Jan 2021 | A1 |
| 20210044415 | Vowe et al. | Feb 2021 | A1 |
| 20220100853 | Gehrer | Mar 2022 | A1 |
| 20220407880 | Rosadini | Dec 2022 | A1 |
| 20230049371 | Sharma | Feb 2023 | A1 |
| 20230090242 | Duplys | Mar 2023 | A1 |
| Number | Date | Country |
|---|---|---|
| WO-2018013171 | Jan 2018 | WO |
| Entry |
|---|
| R. Velegalati, K. Shah and J.-P. Kaps, “Glitch Detection in Hardware Implementations on FPGAs Using Delay Based Sampling Techniques,” 2013 Euromicro Conference on Digital System Design, Los Alamitos, CA, USA, 2013, pp. 947-954 (Year: 2013). |
| Loic Zussa, Jean-Max Dutertre, Jessy Clediere, Bruno Robisson. Analysis of the fault injection mechanism related to negative and positive power supply glitches using an on-chip voltmeter. IEEE Int. Symposium on Hardware-Oriented Security and Trust (HOST), May 2014, Arlington, France (Year: 2014). |
| Colin O'Flynn, “A Framework for Embedded Hardware Security Analysis”, 2017, PhD thesis, obtained online from <https://dalspace.library.dal.ca/bitstream/handle/10222/73002/OFlynn-Colin-PhD-ECED-June-2017.pdf?sequence=1&isAllowed=y>, retrieved on Jul. 28, 2023 (Year: 2017). |
| A. Milburn et al. “There Will Be Glitches: Extracting and Analyzing Automotive Firmware Efficiently” Black Hat USA, obtained online from <https://i.blackhat.com/us-18/Wed-August-8/us-18-Milburn-There-Will-Be-Glitches-Extracting-And-Analyzing-Automotive-Firmware-Efficiently.pdf>, retrieved on Jul. 29, 2023 (Year: 2018). |
| Scott Best, “Understanding Anti-Tamper Technology: Part 1”, Jul. 22, 2020, obtained online from <https://www.rambus.com/blogs/understanding-anti-tamper-technology-part-1/>, retrieved on Jul. 28, 2023 (Year: 2020). |
| Jeremy Boone, “There's a Hole in Your SoC: Glitching the MediaTek BootROM”, Oct. 15, 2020, obtained online from <https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom/>, retrieved on Jul. 28, 2023 (Year: 2020 ). |
| European Search Report dated Dec. 7, 2022, for Application No. 22181509.5 (seven (7) pages). |
| Bittner et al., “The Forgotten Threat of Voltage Glitching: A Case Study on Nvidia Tegra X2 SoCs”, 2021 Workshop on Fault Detection and Tolerance in Cryptography (FDTC), IEEE, Sep. 17, 2021, pp. 86-97. |
| Number | Date | Country | |
|---|---|---|---|
| 20220012371 A1 | Jan 2022 | US |
