01-21-2020 02:31 PM
I am currently working with a team of fellow students to improve a Trojan called a MOLES(Malicious off-chip leakage enabled by side-channels) Trojan. The paper attached gives a detailed description of it.
This Trojan is meant to be inserted during the foundry stage of ASIC or IC construction. It will leak secret keys of different encryption algorithims through power leakage. Our goal is to improve it, and then assist in finding good defense methods against it. Two semester long exercise in security that has proven difficult since most of the data on these subjects is in purely research papers. Undergrad here.
This Trojan requires internal capacitors for it to work. ASIC devlopment is time consuming I assume from initial research(most of my experience is in microcontrollers and FPGAs), so we have used HSPICE to simulate and help us get data to come up with better data analysis methods. We can make this circuit on a breadboard easy as well, but we want to have it on something similar to an ASIC for testing and data. Is there any way to create capicitance inside an FPGA? I know FPGAs are made to be purely digital creatures, not analog, but I was curious if its possible to create logic in a way that creates internal capacitance?
Also I have researched FPAAs a little, and have seen FPGAs used in cohesion with them. Could this be a better approach?
Also if I just kept driving logic would this create internal capacitance?
Thanks, any advice is welcome.
01-30-2020 10:15 PM
You can't place capacitance per se, but you can do things that will have a similar effect on power consumption:
- Use more routing resources. You can place the source and destination endpoints of a connection further apart, causing the routing between them to be longer (and use more routing resources and power). You can increase the fanout of a signal, which will have the same effect.
- Connect more logic to a signal. This will also take more routing resources, and the extra logic (e.g. LUTs) will use more power. The various optimisation passes in the tools will remove logic that seems useless, so make sure you put a DONT_TOUCH attribute on it.
One caveat: an ideal lumped capacitance will cause a current spike as the voltage across it changes. If we mimic the action of that capacitance with routing and logic, we find that the current spike will be smeared out in time (perhaps over many ns), because the routing incurs a delay. I assume you can use some sort of decorrelation technique in your post-processing to account for that.
02-13-2020 11:38 AM
Thank you for your response. I think I am going with just driving more logic using a for generate loop for a LUT implimenetation that I will just keep increasing the instances intill I see a power signal change effectively. That will take in my Exor gate outputs into the Lut inputs and hopefully see a power draw increase when a '0' goes to a '1'. Which is how the actual Moles Trojan works.
Since this is more for simulation can I just decrease my clock rate to avoid a delay? Or would the amount of instances I probally need to impliment make that slow of a clock rate unrealistic to impliment? At the moment we have not needed to create that specific post processing tool, and it wasn't used in the acedmic paper. Although we would hope to be able to simulate this at 50Mhz, we would be happy with a intial success at any clock rate to begin with, and work from there to improve.
Thank you for you advice so far, but if you have time to answer my further questions I would be grateful.