Hao Huang,Zhi Ye,Yang Liu,Shixiang An

DOI: https://doi.org/10.1109/icct56141.2022.10073272

2022-01-01

Abstract:For high-speed digital circuit design, signal integrity(SI) and power integrity(PI) issues have gradually become two non-ignorable factors. Independent SI analysis and PI analysis have produced abundant research results, but the problems caused by them simultaneously, such as the simulation of synchronous switching noise(SSN), are still an urgent problem to be solved. In order to solve the SSN problem as much as possible in the simulation analysis stage, an accurate and general SI-PI co-simulation analysis method is necessary. In this paper, a novel SI-PI simulation analysis method using the spice model of power distribution network(PDN) is proposed. This method can be applied to almost all Printed Circuit Board(PCB) simulation analysis with certain accuracy. In order to verify the reliability of this method, we conduct a comparative experiment on an LPDDR4 system and fit the actual test results. Furthermore, an optimized example of a PDN is presented to illustrate the effectiveness of this approach.

Aidong Xu,Yixin Jiang,Yang Cao,Guoming Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei247390.2019.9062014

2019-01-01

Abstract:With the rapid development of information technology and the Internet of Things, the common information technologies are being applied to the power grid. It brings about the tremendous improvement in productivity, yet breaks down the safety barrier, which makes the power grid a popular target for attacks. The Distribution Terminal Unit (DTU) is a critical part of the power grid because of the acts as access points in the substation and controls the grid equipment. However, DTUs are vulnerable to different types of attacks, which can cause significant property loss or even casualties To monitor the operation of DTU, we proposed a real-time monitoring system by analyzing the side-channel information of power consumption. To validate this idea, we design 3 types of attacks and collect the power information separately, then we choose representational power features and machine learning algorithm for detecting those attacks. We validate that it is feasible to detect attacks and achieves a detection accuracy above 99%.

Ruochen Zhou,Zhiyun Wang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9347104

2020-01-01

Abstract:Programmable logic controller (PLC) is one of the critical infrastructure in industrial control system, which is therefore vulnerable to a variety of cyber-attacks. To mitigate this issue, we design an anomaly detection system, a novel non-invasive intrusion detection method for PLC. Our system utilizes the magnetic side-channel information around the power supply module of PLC and analyzes the running status rely on the fact that different programs will result in various magnetic characteristic. We design a classification algorithm which can extract representational features from the raw signal, as well as avoid the interference of environmental noise. To validate the idea, we design 3 types of attacks and implement on the prototype of thermal power plant in laboratory. The evaluation shows our system is feasible to detect attacks and achieve an overall detection accuracy above 90%.

Jun Chen,Hajime Kando,Toshiki Kanamoto,Cheng Zhuo,Masanori Hashimoto

DOI: https://doi.org/10.1109/tcpmt.2019.2913202

2019-01-01

IEEE Transactions on Components Packaging and Manufacturing Technology

Abstract:Power consumption and current fluctuation are continuously increasing in modern multicore systems. Such current flow may cause severe supply noise via off-chip and on-chip power delivery networks (PDN). Unexpected noise impacts the chip delay performance or even causes malfunction. In traditional practice, PDN designers assume a simple current source-based chip load, but it is often oversimplified, where the load current is modeled only for one or a few operation modes, and it is constant irrelevant to supply noise. In this paper, we propose a new chip load model that enables even off-chip PDN designers to assess the noise impact on circuit performance and use realistic current profile under supply voltage noise. We also integrate a control signal interface so that the model can switch the processor operation modes for finding unexpected noise behavior in design time and pursuing robust PDN design. Experimental results show that the proposed model mostly described by Verilog-A reproduces the current profile, current peak, and timing data well even while it achieves over 300x run-time reduction compared to a transistor-level model. We also experimentally demonstrate that a land-side capacitor is helpful to improve processor timing performance in our test case.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Juchuan Zhang,Xiaoyu Ji,Yuehan Chi,Yi‐Chao Chen,Bin Wang,Wenyuan Xu

DOI: https://doi.org/10.1145/3448300.3468291

2021-01-01

Abstract:Trade secrets such as intellectual properties are the inherent values for firms. Although companies have exploited strict access management policies and isolated their networks from the public Internet, trade secrets are still vulnerable to side-channel attacks. Side-channels can reveal the computing processes of computers in forms of various physical signals such as light, electromagnetism, and even heat. Such side-channels can bypass the isolation mechanism and therefore bring about severe threats. However, existing side-channels can only perform well within a short-distance (e.g., less than 1 meter) due to the high attenuation of signals. In this paper, we seek to utilize the built-in power lines in a building and construct a power side-channel that enables remote, i.e., cross-outlet attack against trade secrets. To this end, we investigate the power factor correction (PFC) module inside the power supply units of commodity computers and find that the PFC signals observed from an outlet can precisely reveal the power consumption information of all the connected devices, even from the outlets in adjacent rooms. Based upon this insight, we design and implement OutletSpy, a power side-channel attack that can infer application launching from a remote outlet and therefore enjoys the stealthiness property. We validate and evaluate OutletSpy with a dataset under different background APPs, time variations and different locations. The experiment results show OutletSpy can infer the application launching with 98.25% accuracy.

Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Yu-jun Xiao,Wen-yuan Xu,Zhen-hua Jia,Zhuo-ran Ma,Dong-lian Qi

DOI: https://doi.org/10.1631/fitee.1601540

2017-01-01

Abstract:Industrial control systems (ICSs) are widely used in critical infrastructures, making them popular targets for attacks to cause catastrophic physical damage. As one of the most critical components in ICSs, the programmable logic controller (PLC) controls the actuators directly. A PLC executing a malicious program can cause significant property loss or even casualties. The number of attacks targeted at PLCs has increased noticeably over the last few years, exposing the vulnerability of the PLC and the importance of PLC protection. Unfortunately, PLCs cannot be protected by traditional intrusion detection systems or antivirus software. Thus, an effective method for PLC protection is yet to be designed. Motivated by these concerns, we propose a non-invasive powerbased anomaly detection scheme for PLCs. The basic idea is to detect malicious software execution in a PLC through analyzing its power consumption, which is measured by inserting a shunt resistor in series with the CPU in a PLC while it is executing instructions. To analyze the power measurements, we extract a discriminative feature set from the power trace, and then train a long short-term memory (LSTM) neural network with the features of normal samples to predict the next time step of a normal sample. Finally, an abnormal sample is identified through comparing the predicted sample and the actual sample. The advantages of our method are that it requires no software modification on the original system and is able to detect unknown attacks effectively. The method is evaluated on a lab testbed, and for a trojan attack whose difference from the normal program is around 0.63%, the detection accuracy reaches 99.83%.

Yifan Ding,Biyao Zhao,Shuang Liang,Siqi Bai,Samuel Connor,Matteo Cocchini,Brice Achkir,Stephen Scearce,Erping Li,B. Archambeault,Jun Fan,James Drewniak

DOI: https://doi.org/10.1109/isemc.2019.8825244

2019-01-01

Abstract:Power Distribution Network (PDN) design is an important part of high-speed digital designs. In order to meet the need of high operation speed and low power voltage supply, the impedance of PDN should be lower than the target impedance of the design requirement. Decoupling capacitors are added on the PCB to lower the PDN impedance. The PCB PDN design is often guided by design rules and experience. In this paper, commonly-used PCB PDN designs are analyzed and categorized based on inductance contribution from specific portions of the current path. Then, the inductance components are quantified for different parts of the geometry in different designs.

Xin Fang,Siqi Bai,Shuang Liang,Yifan Ding,Yudi Fan,Biyao Zhao,Han Deng,Pranay Kumar Vuppunutala,Xiaolu Zhu,Richard Zai,Xing-Chang Wei,James Drewniak

DOI: https://doi.org/10.1109/ISEMC.2019.8825224

2019-01-01

Abstract:Measuring the input impedance of a power distribution network of a high-speed printed circuit board is challenging because the port is defined on multiple vias, and the impedance can be below a milliohm. A mechanically robust probe, and a specially designed, low-inductance probe landing pad are designed to measure the power distribution network impedance. The measurement is based on a two-port measurement method, and the mutual inductance of the port, which is the main source of error of the method, is characterized. Comparison between measurement and full-wave simulation shows that the presented probes and fixtures are suitable for measuring impedance in the sub-milliohm range.

Junjun Huan,Shubhra Deb Paul,Soumyajit Mandal,Swarup Bhunia

DOI: https://doi.org/10.1109/access.2024.3383834

IF: 3.9

2024-04-12

IEEE Access

Abstract:Printed circuit Boards (PCBs) are becoming increasingly vulnerable to malicious design alteration, also known as Trojan attacks, due to a distributed business model that often involves various untrusted parties. Such attacks can be mounted at various stages in the PCB life cycle. The relative ease of alteration of PCB hardware even after fabrication (due to physical access to surface-mounted critical components and traces) makes them attractive for an adversary to manipulate their functional/physical behavior for malicious intent. There is a growing need to explore viable Trojan attacks in a PCB, analyze their functional and physical characteristics (e.g., impact on power or delay), and study the effectiveness of countermeasures against these attacks. While simulation-based approaches for PCB Trojan insertion are effective at creating a large population of possible Trojans, they fail to provide functional feasibility analysis with a realistic workload for a trigger circuit. Also, they cannot estimate a Trojan's side-channel footprint due to the unavailability of physical models of diverse PCB components. To address these deficiencies, in this paper, we present PRISTINE, a PCB-level emulation system for any integrity or physical tampering issues, specifically, hardware Trojan insertion. The need for building such an emulation platform to resolve PCB trust issues in the supply chain is also surveyed and discussed. Both custom Hardware Hacking (HaHa) boards and multiple commercial PCBs are then used to test the ability of the proposed system to emulate various hardware Trojans specially designed to exploit board-specific hardware characteristics. Experimental results on emulated board-level Trojans show that a wide range of Trojans can be successfully activated, thus enabling the expected payload effects on both types of boards to be studied and quantified. The resulting data are further analyzed to create PCB-level Trojan benchmarks. In particular, a comparative evaluation of the experimental results is used to propose a risk level metric that quantifies the probability of detection and degree of payload impact of each Trojan on a given commercial PCB.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Li,Zhiyi Gao,Panpan Zuo,Wenyuan Cao,Hongxing Zheng,Erping Li

DOI: https://doi.org/10.2528/pierm18032103

2018-01-01

Progress In Electromagnetics Research M

Abstract:The electromagnetic characteristics of a high speed IC power distribution network (PDN) are of vital important with the rapid increasing of operation speed and scale down CMOS manufacturing size, in particular, the fundamental electromagnetic theory including impedance and loop inductance of various designed IC power-plane structures. In addition, the area occupancy ratio of slot (AOROS) of irregular parallel-plane structures with multi-slots plays a key role in PDN impedance and loop inductance, where the influence of AOROS on impedance and loop inductance is investigated for various structures. Moreover, experimental work is carried out to validate the influence of AOROS on impedance and loop inductance of the PDN. The simulation and measurement of impedance are performed up to 10 GHz, and a good agreement is obtained between the simulation and experiment.

Luo Guang-xiao,Zhang Wei-dong,Wei Xing-chang

DOI: https://doi.org/10.1109/apemc.2016.7522771

2016-01-01

Abstract:A method is presented to design and analysis the miniature optical signal transmission system which can be used in the complex electromagnetic environment. By combination the diode spice model with CCCS (Current-Controlled Current Source), the simplified circuit model is created to analysis the whole measurement system. The measurement shows that the system attenuation is (−32±0.5) dB from DC to 1.1GHz, agree with the design results. At last, this optical system is used to obtain the waveforms of electro-static discharge and PDN noise, the results of measurement and simulation validate the suggested design and analysis method.

Ketan Shringarpure,Siming Pan,Jingook Kim,Jun Fan,Brice Achkir,Bruce Archambeault,James L. Drewniak

DOI: https://doi.org/10.1109/temc.2017.2673851

IF: 2.036

2017-12-01

IEEE Transactions on Electromagnetic Compatibility

Abstract:Power distribution network (PDN) design in high speed digital systems is a critical challenge for system performance. Common design methodologies refer to guidelines and engineering best practices while using simulations to evaluate the design. If the relation between the design choices and the performance parameters is known, the engineering is simpler. A lumped circuit model that relates physics and design geometry was proposed in an earlier study for modeling practical printed circuit board (PCB) PDN designs. In this paper, the lumped circuit model proposed earlier is used to develop a well-defined relation between the design geometry, the model elements, and the PDN impedance response features. The PDN impedance is simplified and broken down into common features for all PCB PDNs. These features are mapped to the model elements using sensitivity analysis and consequently to design geometry. The physics behind the relation between the response and geometry is reinforced with the current paths in different frequency ranges and generalized to common PDN designs on multilayer PCBs that use area fills for the power net.

telecommunications,engineering, electrical & electronic

Yiming Zang,Mohamad Ghaffarian Niasar,Yong Qian,Xiaoli Zhou,Gehao Sheng,Xiuchen Jiang,Peter Vaessen

DOI: https://doi.org/10.1109/tte.2022.3191308

IF: 6.519

2022-01-01

IEEE Transactions on Transportation Electrification

Abstract:Realization of an electrical aircraft demands a low-weight electric distribution and propulsion system. The use of high voltage and power electronics operated at high switching frequencies is essential to achieve this objective. However, printed circuit boards (PCBs) in electrified aircraft are in a harsh working environment, which can make PCBs more susceptible to generate partial discharges (PDs). The current PD detection technology has poor immunity to the electromagnetic interference and acoustic interference in the operating environment of aircraft. Therefore, this article proposes an optical-based PD detection method for PCBs, which is effectively immune to electromagnetic and acoustic interference. This method uses fluorescent fiber as a PD optical signal sensor and then collects the optical signal by the avalanche photodiode (APD). Experiments have verified that the detection sensitivity, sensing range, and anti-interference performance of this method are well satisfied with the PD detection. In addition, single PD pulse, optical phase resolved PD (PRPD) patterns, and PD inception voltage (PDIV) under different air pressure and voltage conditions are investigated. Finally, the relationship between the optical signal and PD amplitude is found to be proportional, which proves that the severity of the PD on PCBs can be effectively detected and evaluated by this method.

MI Montrose,HF Jin,EP Li

DOI: https://doi.org/10.1109/isemc.2004.1349995

2004-01-01

Abstract:With increasing demand for higher operating frequencies, designers are faced with numerous obstacles during the design and layout of printed circuit boards (PCBs). One area of concern that a designer may not think about, or recognize during the analysis stage, is the effects of RF wave propagation between the power and return planes caused by digital circuits switching logic states while consuming a large amount of inrush surge current. This is becoming an important design issue that should be considered prior to final PCB layout. The placement of components on a PCB and their physical distance to the edge of the assembly is the area of concern addressed, along with RF emissions that may propagate from the edge of the PCB causing potentially harmful effects under specific operating conditions and configurations.

Tahoura Mosavirik,Patrick Schaumont,Shahin Tajik

DOI: https://doi.org/10.46586/tches.v2023.i1.301-325

2022-11-29

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Physical attacks can compromise the security of cryptographic devices. Depending on the attack’s requirements, adversaries might need to (i) place probes in the proximity of the integrated circuits (ICs) package, (ii) create physical connections between their probes/wires and the system’s PCB, or (iii) physically tamper with the PCB’s components, chip’s package, or substitute the entire PCB to prepare the device for the attack. While tamper-proof enclosures prevent and detect physical access to the system, their high manufacturing cost and incompatibility with legacy systems make them unattractive for many low-cost scenarios. In this paper, inspired by methods known from the field of power integrity analysis, we demonstrate how the impedance characterization of the system’s power distribution network (PDN) using on-chip circuit-based network analyzers can detect various classes of tamper events. We explain how these embedded network analyzers, without any modifications to the system, can be deployed on FPGAs to extract the frequency response of the PDN. The analysis of these frequency responses reveals different classes of tamper events from board to chip level. To validate our claims, we run an embedded network analyzer on FPGAs of a family of commercial development kits and perform extensive measurements for various classes of PCB and IC package tampering required for conducting different side-channel or fault attacks. Using the Wasserstein Distance as a statistical metric, we further show that we can confidently detect tamper events. Our results, interestingly, show that even environment-level tampering activities, such as the proximity of contactless EM probes to the IC package or slightly polished IC package, can be detected using on-chip impedance sensing.

Ling Zhang,Jack Juang,Zurab Kiguradze,Bo Pu,Shuai Jin,Songping Wu,Zhiping Yang,Er-Ping Li,Jun Fan,Chulsoon Hwang

DOI: https://doi.org/10.1109/tsipi.2022.3164037

2022-01-01

Abstract:This article presents an efficient methodology based on boundary integration to calculate the dc and ac impedance of power distribution networks (PDNs) for arbitrary-shape and multilayer printed circuit boards (PCBs). The proposed method adopts a boundary element method to extract inductances for the arbitrary parallel-plane shapes. Subsequently, the equivalent circuit formed by the via inductances and plane capacitances is solved using the node voltage method. By merging the parallel and serial inductances and simplifying the equivalent circuit, the computation time can be significantly reduced for a large number of vias and layers. This matrix manipulation strategy can be applied to various PCB structures without human intervention or commercial circuit solvers. Moreover, a contour integral method is employed to calculate the dc resistances for arbitrary shape and multilayer PDNs. Therefore, the wideband PDN impedance from dc to ac frequencies can be efficiently calculated through 1-D boundary integration, which can be performed more quickly than full-wave simulations. The proposed method can aid in the development of electronic design automation tools for PDN design.

Chensheng Liu,Wangli He,Ruilong Deng,Yu-Chu Tian,Wenli Du

DOI: https://doi.org/10.1109/tii.2022.3172688

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Due to the close relevance to the reliability and efficiency of power systems, network parameters such as branch admittance have been the target of various cyberattacks. However, existing attack models are generally based on the impractical assumption that attackers can directly modify the data of network parameter stored in well-secured control centers. This article proposes a practical attack model and designs an optimal strategy to detect malicious modification of critical network parameters. Specifically, the vulnerability of network parameter error processing is discovered and exploited to indirectly modify the data of network parameter without accessing to the well-secured control center. A model of false-data-injection-enabled network parameter modification is proposed, which significantly reduces the requirements on attackers’ capability and system information. An optimal detection strategy is designed based on the analysis of the minimal protection set at a single branch, which can significantly reduce the number of protected measurements in detecting malicious modification of critical network parameters. Finally, numerical simulations are carried out on the PJM 5-bus and the IEEE 118-bus test systems to validate the theoretical results.

Xiang Gao,Yiqiang Zhao,Haocheng Ma

DOI: https://doi.org/10.3390/s18093034

IF: 3.9

2018-01-01

Sensors

Abstract:Information system security has been in the spotlight of individuals and governments in recent years. Integrated Circuits (ICs) function as the basic element of communication and information spreading, therefore they have become an important target for attackers. From this perspective, system-level protection to keep chips from being attacked is of vital importance. This paper proposes a novel method based on a fringing electric field (FEF) sensor to detect whether chips are dismantled from a printed circuit board (PCB) as system-level protection. The proposed method overcomes the shortcomings of existing techniques that can be only used in specific fields. After detecting a chip being dismantled from PCB, some protective measures like deleting key data can be implemented to be against attacking. Fringing electric field sensors are analyzed through simulation. By optimizing sensor’s patterns, areas and geometrical parameters, the methods that maximize sensitivity of fringing electric field sensors are put forward and illustrated. The simulation is also reproduced by an experiment to ensure that the method is feasible and reliable. The results of experiments are inspiring in that they prove that the sensor can work well for protection of chips and has the advantage of universal applicability, low cost and high reliability.