Showing papers on "Fault model published in 2003"

A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD

Abstract: In this paper we describe a differential fault attack technique working against Substitution-Permutation Networks, and requiring very few faulty ciphertexts. The fault model used is realistic, as we consider random faults affecting bytes (faults affecting one only bit are much harder to induce). We implemented our attack on a PC for both the AES and KHAZAD. We are able to break the AES-128 with only 2 faulty ciphertexts, assuming the fault occurs between the antepenultimate and the penultimate MixColumn; this is better than the previous fault attacks against AES(6,10,11). Under similar hypothesis, KHAZAD is breakable with 3 faulty ciphertexts.

Fault Based Cryptanalysis of the Advanced Encryption Standard (AES)

Abstract: In this paper we describe several fault attacks on the Ad- vanced Encryption Standard (AES). First, using optical/eddy current fault induction attacks as recently publicly presented by Skorobogatov, Anderson and Quisquater, Samyde (SA,QS), we present an implemen- tation independent fault attack on AES. This attack is able to deter- mine the complete 128-bit secret key of a sealed tamper-proof smart- card by generating 128 faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnera- bility (as pointed out by Koeune and Quisquater (KQ)), any implemen- tation of the AES must ensure a data independent timing behavior for the so called AES's xtime operation. We present fault attacks on AES based on various timing analysis resistant implementations of the xtime- operation. Our strongest attack in this direction uses a very liberal fault model and requires only 256 faulty encryptions to determine a 128-bit key.

Soft-error detection using control flow assertions

Abstract: Over the last few years, an increasing number of safety-critical tasks have been demanded of computer systems. In this paper, a software-based approach for developing safety-critical applications is analyzed. The technique is based on the introduction of additional executable assertions to check the correct execution of the program control flow. By applying the proposed technique, several benchmark applications have been hardened against transient errors. Fault injection campaigns have been performed to evaluate the fault detection capability of the proposed technique in comparison with state-of-the-art alternative assertion-based methods. Experimental results show that the proposed approach is far more effective than the other considered techniques in terms of fault detection capability, at the cost of a limited increase in memory requirements and in performance overhead.

On-line fault detection of sensor measurements

Abstract: On-line fault detection in sensor networks is of paramount importance due to the convergence of a variety of challenging technological, application, conceptual, and safety related factors. We introduce a taxonomy for classification of faults in sensor networks and the first on-line model-based testing technique. The approach is generic in the sense that it can be applied on an arbitrary system of heterogeneous sensors with an arbitrary type of fault model, while it provides a flexible tradeoff between accuracy and latency. The key idea is to formulate on-line testing as a set of instances of a non-linear function minimization and consequently apply nonparametric statistical methods to identify the sensors that have the highest probability to be faulty. The optimization is conducted using the Powell nonlinear function minimization method. The effectiveness of the approach is evaluated in the presence of random noise using a system of light sensors.

Impact of multiple-detect test patterns on product quality

Abstract: This paper presents the impact of multiple-detect test patterns on outgoing product quality. It introduces an ATPG tool that generates multiple-detect test patterns while maximizing the coverage of node-to-node bridging defects. Volumedata obtained by testing a production ASIC with these new multiple-detect patterns shows increased defect screening capability and very good agreement with the bridging coverage estimated by the ATPG tool. 1. Introduction One of the key objectives of manufacturing test is to ensure high quality of shipped parts while managing the cost of test. Scan–based DFT methodology, combined with ATPG tools, automate the generation of test patterns with very high fault coverage. The advantage ofa structure-based ATPG tool is its high efficiency and effectiveness in generating a test set by targeting different fault models, such as stuck-at, transition, path delay, and DDQ . DFT tooI ls assess the quality of test patterns by reporting the fault coverage of the target fault models. However, real defects may not always be detected by test patterns generated for the targeted fault model. The stuck-at fault model has been used in DFT ince sthe very beginning and, while showing some limitations and imperfections, it has demonstrated its robustness and adaptability. Even though the stuck-at fault model may not always model behavior of a faulty circuit it serves very well as a target, i.e. a test set developed to test stuck-at faults will also cover many other defects that do not behave as stuck-at faults. Good understanding of bridging defects is at the center of explanation of the effectiveness of the stuck-at fault model. It also provides the key clues to its enhancements. In an experimental study of bridging faults in a state of the art microprocessor design [1] it has been observed that approximately 80% of all bridges occur between a node and Vcc or Vss, and 20% involve nonsupply nod- es. Global signals were involved in 70% of these defects and leaf-level signals contributed only 30%. In another experimental evaluation of scan tests for bridging defects [2] it was concluded that bridges with power rails contributed between 60% to 90% of all bridging defects. It is clear that a test that detect a stuck-at fault on a node willdetect a low resistive bridging defect with the supply lines. This is exactly the behavior of a node stuckat- -0 or stuckat- -1. However, the detection of node-to-node bridging defects is not guaranteed. If a stuckat fault on a node is detected once, the- probability f detecting a static bridging fault witho another un-correlated node that has signal probability 50% is also 50% [3].If the stuck at fault is detected- twice, the estimated probability of detecting the bridging fault with another node acting as an aggressor is 75%. Signal correlation may reduce the coverage of nodeto-node bridging faults. It was- observed [1] that a test set with greater than 95% stuck-at fault coverage produced only 33% coverage of nodeto-node bridging faults. Most likely the- disappointing coverage was an artifact of signal correlation. Typically a test set created by conventional ATPG aiming at single detection may have up to 6% of faults detected only once and up to 10% of faults detected only once or twice. This may result in inadequate coverage of nodeto-node -bridging defects. In general, there are two directions to overcome the limitation and improve the test quality. One direction is to enhance the fault model by describing the defect behavior and presenting it in a suitable form to the ATPG tool. In this case the fault model is more precise and complex and the fault list s longer. Thei advanced fault models, like bridging faults and cross-talk effects, use physical layout information to compile the fault lists. A complete example of this approach is demonstrated in [2]. Here the possible bridges are identified by analysis of layout using weighted critical area and their behavior is modeled by different types of faults and a special netlist. The experimental results from the project show that

Differential fault analysis on AES key schedule and some countermeasures

Abstract: This paper describes a DFA attack on the AES key schedule. This fault model assumes that the attacker can induce a single byte fault on the round key. It efficiently finds the key of AES-128 with feasible computation and less than thirty pairs of correct and faulty ciphertexts. Several countermeasures are also proposed. This weakness can be resolved without modifying the structure of the AES algorithm and without decreasing the efficiency.

A fault model notation and error-control scheme for switch-to-switch buses in a network-on-chip

Abstract: The reliability of a network-on-chip will be significantly influenced by the reliability of the switch-to-switch connections. Faults on these buses may cause disturbances on multiple adjacent wires, so that errors on these wires can no longer be considered as statistically independent from one another, as it is expected due to deep submicron effects. A new fault model notation for buses is proposed which can represent multiple-wire, multiple-cycle faults. An estimation method based on this notation is presented which can accurately predict error probabilities. This method is used to examine bus encoding schemes. Finally, an encoding scheme for four quality-of-service classes is proposed which can be dynamically selected for each packet.

Two-phase root cause analysis

Abstract: A two-phase method to perform root-cause analysis over an enterprise-specific fault model is described. In the first phase, an up-stream analysis is performed (beginning at a node generating an alarm event) to identify one or more nodes that may be in failure. In the second phase, a down-stream analysis is performed to identify those nodes in the enterprise whose operational condition are impacted by the prior determined failed nodes. Nodes identified as failed as a result of the up-stream analysis may be reported to a user as failed. Nodes identifies as impacted as a result of the down-stream analysis may be reported to a user as impacted and, beneficially, any failure alarms associated with those impacted nodes may be masked. Up-stream (phase 1) analysis is driven by inference policies associated with various nodes in the enterprise's fault model. An inference policy is a rule, or set of rules, for inferring the status or condition of a fault model node based on the status or condition of the node's immediately down-stream neighboring nodes. Similarly, down-stream (phase 2) analysis is driven by impact policies associated with various nodes in the enterprise's fault model. An impact policy is a rule, or set of rules, for assessing the impact on a fault model node based on the status or condition of the node's immediately up-stream neighboring nodes.

A new approach to solve dynamic fault trees

Abstract: The traditional static fault trees with AND, OR and voting gates cannot capture the dynamic behavior of system failure mechanisms such as sequence-dependent events, spares and dynamic redundancy management and priorities of failure events. Therefore, researchers introduced dynamic gates into fault trees to capture these sequence-dependent failure mechanisms. Dynamic fault trees are generally solved using automatic conversion to Markov models; however, this process generates a huge state space even for moderately sized problems. In this paper, the authors propose a new method to analyze dynamic fault trees. In most cases, the proposed method solves the fault trees without converting them to Markov models. They use the best methods that are applicable for static fault tree analysis in solving dynamic fault trees. The method is straightforward for modular fault trees; and for the general case, they use conditional probabilities to solve the problem. In this paper, the authors concentrate only on the exact methods. The proposed methodology solves the dynamic fault tree quickly and accurately.

Detailed Fault Structure of the 2000 Western Tottori, Japan, Earthquake Sequence

Abstract: We investigate the faulting process of the aftershock region of the 2000 western Tottori earthquake ( M w 6.6) by combining aftershock hypocenters and moment tensor solutions. Aftershock locations were precisely determined by the double difference method using P - and S -phase arrival data of the Japan Meteorological Agency unified catalog. By combining the relocated hypocenters and moment tensor solutions of aftershocks by broadband waveform inversion of FREESIA (F-net), we successfully resolved very detailed fault structures activated by the mainshock. The estimated fault model resolves 15 individual fault segments that are consistent with both aftershock distribution and focal mechanism solutions. Rupture in the mainshock was principally confined to the three fault elements in the southern half of the zone, which is also where the earliest aftershocks concentrate. With time, the northern part of the zone becomes activated, which is also reflected in the postseismic deformation field. From the stress tensor analysis of aftershock focal mechanisms, we found a rather uniform stress field in the aftershock region, although fault strikes were scattered. The maximum stress direction is N107°E, which is consistent with the tectonic stress field in this region. In the northern part of the fault, where no slip occurred during the mainshock but postseismic slip was observed, the maximum stress direction of N130°E was possible as an alternative solution of stress tensor inversion.

The 1999 İzmit, Turkey, Earthquake: Nonplanar Fault Structure, Dynamic Rupture Process, and Strong Ground Motion

Abstract: We simulated dynamic rupture propagation along various nonplanar fault models of the 1999 Izmit, Turkey, earthquake using a boundary integral equation method. These models were inferred from geological and geodetic observations. Based on these results, we modeled seismic-wave propagation around the fault system using a finite difference method. We focused on the effect of different fault geometries on the rupture process and seismic-wave propagation. Numerical simulation results imply a rapid and continuous rupture propagation from the Izmit–Sapanca Lake segment to the Sapanca–Akyazi segment. The rupture under Sapanca Lake appears to have propagated not on a disconnected fault segment but along a smooth fault structure with a bend of only a few degrees. The observational complexity of the surface breaks, however, can be best simulated by a highly segmented fault model. This infers that fault geometric characters observed in the field reflect near-surface structure and that seismological and geodetic features are controlled by global fault structure at depth. Then we investigated the effect of frictional parameters and the initial stress field. In order to explain near-field seismograms at station SKR, located a distance of a few kilometers from the fault, we had to force the rupture to propagate at shallow depth close to the station. In order to obtain this, we had to introduce a finite cohesive force in the friction law that allows stress accumulation and release in the shallow crust. The external stress field had to be large enough for the rupture to propagate at very rapid speed. Our simulation results show that it is important to include detailed fault geometry in the numerical simulation, and to constrain frictional parameters and the initial stress field, for understanding of the full dynamic process of an earthquake.

Handling faults associated with operation of guest software in the virtual-machine architecture

Abstract: In one embodiment, fault information relating to a fault associated with the operation of guest software is received. Further, a determination is made as to whether the fault information satisfies one or more fault filtering criteria. If the determination is positive, the guest software is permitted to disregard the fault.

Fault Tolerance within a Grid Environment

Abstract: Fault tolerance is an important property in Grid computing as the dependability of individual Grid resources may not be able to be guaranteed; also as resources are used outside of organizational boundaries, it becomes increasingly difficult to guarantee that a resource being used is not malicious in some way. As part of the e-Demand project at the University of Durham we are seeking to develop both an improved fault model for Grid computing and a method for providing fault tolerance for Grid applications that will provide protection against both malicious and erroneous services. We have firstly begun to investigate whether the traditional distributed systems fault model can be readily applied to Grid computing, or whether improvements and alterations need to be made. From our initial investigation, we have concluded that timing, omission and interaction faults may become more prevalent in Grid applications than is the case in traditional distributed systems. From this initial fault model, we have begun to develop an approach for fault tolerance based on the idea of job replication, as anomalous results (either maliciously altered or simply wrong) should be caught at the voting stage. This approach combines a replication-based fault tolerance approach with both dynamic prioritization and dynamic scheduling.

A model of asynchronous machines for stator fault detection and isolation

Abstract: This paper presents a new model of asynchronous machines. This model allows one to take into account unbalanced stator situations which can be produced by stator faults like short circuits in windings. A mathematical transformation is defined and applied to the classical abc model equations. All parameters which affect this new model can be known online. This makes the model very useful for control algorithms and fault detection and isolation algorithms. The model is checked by comparing simulation data with actual data obtained from laboratory experiments.

A relational database for maintenance information for complex systems

Abstract: A relational database is for relating maintenance information that differs for each of a plurality of complex systems, such as a plurality of differing aircraft, using a common database structure so as to facilitate maintenance procedures for the plurality of complex systems. The database structure comprises: a plurality of primary entities for providing a fault model description of each of the plurality of complex systems, the fault model description including, for each of the plurality of complex systems, failure modes, symptoms and data required to effect a repair; and a categorical entity corresponding to a complex system, such as an aircraft, that enables selection of the fault model description corresponding to the complex system or aircraft. The relational database is particularly suited for use in or by an aircraft maintenance and diagnostic system that assists with fault correction for a fault condition within an aircraft based on a fault model for the aircraft.

Detecting, diagnosing, and tolerating faults in SRAM-based field programmable gate arrays: a survey

Abstract: Topics related to the faults in SRAM-based field programmable gate arrays (FPGAs) have been intensively studied in recent research studies. These topics include FPGA fault detection, FPGA fault diagnosis, FPGA defect tolerance, and FPGA fault tolerance. This paper provides a guided tour to the approaches related to these topics. These include techniques, which are applied to the FPGA and others which have been recently introduced and can be applied to today's FPGAs.

Assessing the Dependability of SOAP RPC-Based Web Services by Fault Injection

Abstract: This paper presents our research on devising a dependability assessment method for SOAP-based Web Services using network level fault injection We compare existing DCE middleware dependability testing research with the requirements of testing SOAP RPC-based applications and derive a new method and fault model for testing web services From this we have implemented an extendable fault injector framework and undertaken some proof of concept experiments with a system based around Apache SOAP and Apache Tomcat We also present results from our initial experiments, which uncovered a discrepancy within our system We finally detail future research, including plans to adapt this fault injector framework from the stateless environment of a standard web service to the stateful environment of an OGSA service

A circuit level fault model for resistive opens and bridges

Abstract: Delay faults are an increasingly important test challenge. Traditional open and bridge fault models are incomplete because only the functional fault or a subset of delay fault are modeled. In this paper, we propose a circuit level model for resistive open and bridge faults. All possible fault behaviors are illustrated and a general resistive bridge delay calculation method is proposed. The new models are practical and easy to use. Fault simulation results show that the new models help the delay test to catch more bridge faults.

A method of monitoring equipment of an agricultural machine

Abstract: A method of monitoring equipment of an agricultural machine includes taking a process computer and connecting the same to at least one sensor measuring an operational characteristic of the agricultural machine. The process computer evaluates the data received from the sensor and checks whether they indicate a fault of the agricultural machine. In this case, the data may be below and/or above a predetermined threshold. When such as fault or error occurs, the process computer submits a fault message to a remote station using a communications interface. The fault message contains a fault information identifying a type of the fault.

Dynamic Faults in Random-Access-Memories: Concept, Fault Models and Tests

Abstract: The ever increasing trend to reduce DPM levels of memories requires tests with very high fault coverage and low cost. This paper describes an important fault class, called dynamic faults, that cannot be ignored anymore. The dynamic fault behavior can take place in the absence of the static fault behavior, for which the conventional memory tests have been constructed. The concept of dynamic fault will be established and validated for both dynamic and static Random-Access-Memories. A systematic way to develop fault models for dynamic faults will be introduced. Further, it will be shown that conventional memory tests do not necessarily detect its dynamic faulty behavior, which has been shown to exist in real designs. The paper therefore also presents new memory tests to target the dynamic fault class.

System and method for supporting a fault cause analysis

Abstract: A system and method for supporting a fault cause analysis in a afault event in a plant includes a data processor with memory storing a fault model of XML files accessed by a fault cause navigator and an operating/display device. Each fault model contains an industry-specific process model divided into process steps, with steps and defined fault events needed therefor assigned to plant components/systems, and fault trees assigned to fault events and having fault hypotheses. A checklist with symptoms for verification of the fault hypothesis is assigned to the fault hypotheses. The system enables navigation to the relevant step in the process model by the display and navigator, and presents a fault event list. Following fault event selection, critical components/systems corresponding thereto are found and displayed. Possible symptoms are generated and displayed in a checklist and hypotheses of possible fault causes, contained in the fault trees, are found and displayed.

A circuit level fault model for resistive bridges

Abstract: Delay faults are an increasingly important test challenge. Modeling bridge faults as delay faults helps delay tests to detect more bridge faults. Traditional bridge fault models are incomplete because these models only model the logic faults or these models are not efficient to use in delay tests for large circuits. In this article, we propose a physically realistic yet economical resistive bridge fault model to model delay faults as well as logic faults. An accurate yet simple delay calculation method is proposed. We also enumerate all possible fault behaviors and present the relationship between input patterns and output behaviors, which is useful in ATPG. Our fault simulation results show the benefit of at-speed tests.

Fault collapsing via functional dominance

Abstract: A fault fj is said to dominate another fault fi if all tests for fi detect fj. When two faults dominate each other, they are called equivalent. Dominance and equivalence relations among faults around a Boolean gate are called \structural" and are used for fault collapsing in large circuits. Some fault equivalences, that cannot be determined by the structural analysis, can be found by \functional" equivalence relations. This paper gives a \functional dominance" relation, which has not been described in the literature. Since the functional analysis is computationally expensive, it can only be applied to small circuits such as standard cells. A graph-theoretic hierarchical fault collapsing method from the recent literature can then collapse faults in any large cell-based circuit. It is found that the size of the dominance collapsed set for an exclusive-OR cell reduces to just four faults when functional dominance is considered. With the traditional method of structural collapsing this set contains 13 faults. When the exclusive-OR cell is used to build an 8-bit adder circuit, the size of the dominance collapsed set reduces to 112 faults from a total of 466 faults. Traditional structural dominance collapsing would have given a set of 226 faults. Smaller fault set can lead to more compact tests. Collapsing for the cell-based design of benchmark circuit, c499, reduces a set of 2,710 faults to just 586 faults.

On the properties of the input pattern fault model

Abstract: A review of traditional IC failure analysis techniques strongly indicates the need for fault models that directly analyze the function of circuit primitives. The input pattern (IP) fault model is a functional fault model that allows for both complete and partial functional verification of every circuit module, independent of the design level. We describe the IP fault model and provide a method for analyzing IP faults using standard single stuck-line- (SSL-) based fault simulators and test generation tools. The method is used to generate test sets that target the IP faults of the ISCAS85 benchmark circuits and a carry-lookahead adder. Improved IP fault coverage for the benchmarks and the adder is obtained by adding a small number of test patterns to tests that target only SSL faults. We also conducted fault simulation experiments that show IP test patterns are effective in detecting nontargeted faults such as bridging and transistor stuck-on faults. Finally, we discuss the notion of IP redundancy and show how large amounts of this redundancy exist in the benchmarks and in SSL-irredundant adder circuits.

A rectilinear-monotone polygonal fault block model for fault-tolerant minimal routing in mesh

Abstract: We propose a new fault block model, minimal-connected-component (MCC), for fault-tolerant adaptive routing in mesh-connected multiprocessor systems. This model refines the widely used rectangular model by including fewer nonfaulty nodes in fault blocks. The positions of source/destination nodes relative to faulty nodes are taken into consideration when constructing fault blocks. The main idea behind it is that a node will be included in a fault block only if using it in a routing will definitely make the route nonminimal. The resulting fault blocks are of the rectilinear-monotone polygonal shapes. A sufficient and necessary condition is proposed for the existence of the minimal "Manhattan" routes in the presence of such fault blocks. Based on the condition, an algorithm is proposed to determine the existence of Manhattan routes. Since MCC is designed to facilitate minimal route finding, if there exists no minimal route under MCC fault model, then there will be absolutely no minimal route whatsoever. We also present two adaptive routing algorithms that construct a Manhattan route avoiding all fault blocks, should such routes exist.

Automatic generation of diagnostic expert systems from fault trees

Abstract: When a fault tolerant computer-based system fails, diagnosis and repair must be performed to bring the system back to an operational state. The use of fault tolerance design implies that several components or subsystems may have failed, and that perhaps many of these faults have been tolerated before the system actually succumbed to failure. Diagnosis procedures are then needed to determine the most likely source of failure and to guide repair actions. Expert systems are often used to guide diagnostics, but the derivation of an expert system requires knowledge (i.e., a conceptual model) of failure symptoms. In this paper, we consider the problem of diagnosing a system for which there may be little experience, given that it might be a one-of-a-kind system or because access to the system may be limited. We conjecture that the same fault tree model used to help aid in the design and analysis of the system can provide the conceptual model of system component interactions needed in order to define a diagnostic process. We explore the use of a fault tree model (along with the probabilities of failure for the basic events) along with partial knowledge of the state of the system (i.e., the system has failed, and perhaps some components are known to be operational or failed) to produce a diagnostic aid.

System for determining fault causes

Abstract: A system for determining fault causes, including automated determination of hypotheses in the context of a fault cause analysis and automated performance of hypotheses verification, has a data processing device connected to a data input and visualization device and to a data memory. The data processing device contains a processing unit for fault cause analysis, a first comparator, a second comparator and a hypothesis selector. The data memory contains a general fault model, a fault event list, an empirical database and a storage area to store a log of the current fault cause analysis. The data processing device, following the selection of a fault event from the displayed fault event list by a user, to display to the latter hypotheses suggested by the system, following the selection of hypotheses to be verified, to carry out hypotheses verification and, as the result, to log and display determined fault causes.