WO2022240396A1 - Method of generating and monitoring a digital signature - Google Patents
Method of generating and monitoring a digital signature Download PDFInfo
- Publication number
- WO2022240396A1 WO2022240396A1 PCT/US2021/031766 US2021031766W WO2022240396A1 WO 2022240396 A1 WO2022240396 A1 WO 2022240396A1 US 2021031766 W US2021031766 W US 2021031766W WO 2022240396 A1 WO2022240396 A1 WO 2022240396A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signal
- digital signature
- signals
- temporary memory
- memory store
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012544 monitoring process Methods 0.000 title claims abstract description 15
- 230000015654 memory Effects 0.000 claims abstract description 53
- 230000000694 effects Effects 0.000 claims abstract description 34
- 230000000875 corresponding effect Effects 0.000 claims description 46
- 238000004891 communication Methods 0.000 claims description 8
- 238000012804 iterative process Methods 0.000 claims description 4
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 239000000306 component Substances 0.000 description 6
- 238000012360 testing method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 239000005441 aurora Substances 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 210000000941 bile Anatomy 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 229940000425 combination drug Drugs 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 229920000136 polysorbate Polymers 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Definitions
- the present invention relates to a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip, in particular on an integrated chip in a normal mode of operation.
- Embedded systems comprising multiple core devices incorporated on to a printed circuit board (PCB) have been in use for many years.
- the core devices such as a central processing unit (CPU), memory, secondary storage and other computing or electronic system components, communicate via a series of buses connected between each compo nent and the printed circuit board.
- CPU central processing unit
- memory secondary storage
- other computing or electronic system components communicate via a series of buses connected between each compo nent and the printed circuit board.
- SoC System-on-Chip
- an SoC is an integrated chip, or circuit, where most or all of the components of a system are integrated onto a single substrate. Communication between the components takes place by means of an internal bus system, with all traffic in the embedded system conveyed over these buses.
- SoC devices are increasingly implemented within mo bile devices (smartphones, tablets) and in other applications, such as vehicles, the integri ty of the data being communicated within the SoC is a primary concern.
- Data corruption or data error may occur due to variety or reasons, including malicious entities (viruses and malware), hardware or system malfunction or system corruption, and results in the alteration of data from its expected or correct form. This is manifested as a change in one or more bits in a signal.
- Silent data corruption occurs when data errors go undetected, risking that the undetected errors propagate through the SoC and are utilised by the various compo nents. Whilst initially this may be a benign error in more extreme cases the error propa gation may lead to cascading failures within the SoC or in any device or system that the SoC is deployed in. Error detection within an SoC is therefore of great importance in maintaining the operation of the system.
- One manner in which errors may be detected during a normal mode of operation of the SoC is by analysing transaction communications over the existing interconnect circuitry. This may include parity and cyclic redundancy checks to determine whether the data contains an error. However, whilst effective, such a methodology involves both analysing transactions and scanning memory blocks to de termine if an error has been stored. A simpler alternative for use when the SoC is in a normal mode of operation would therefore be desirable.
- PRBS pseudo-random binary sequence
- a signature rep resenting a "good" circuit can be compared with the signature of a Device Under Test (DUT) to determine whether or not the physical circuit is functioning correctly, and there fore that there .
- DUT Device Under Test
- this requires additional logic to be added to the DUT and can only be carried out as part of the design process in a test mode and does not allow any form of monitoring during the normal mode of operation of an SoC. Therefore, whilst the process is relatively simple in determining whether data corruption could occur from faults within the SoC itself, this is only of limited benefit.
- the present invention aims to address these issues by providing, in a first aspect, a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation, comprising: a) receiving n signals at n signal selectors; b) receiving a start signal at the n signal selectors, wherein on receipt of the start signal, the n signal selectors begin to feed the n signals as n selected signals to a temporary memory store to create n values in the temporary memory store; c) receiving a stop signal at the n signal selectors, wherein on receipt of the stop signal, the n signal selectors cease to feed the n signals as the n selected signals to the tempo rary memory store and the values in the temporary memory store become available; d) using the values in the temporary memory store as the basis of N digital signatures rep resenting activity observed on n signals, comparing the N digital signatures with N corre sponding stored digital signatures representing expected activity on the n signals; and
- n N.
- n 1 and N > 1.
- the step of comparing comprises comparing a digital signature with the corresponding stored digital signature created from previous digital signatures an itera tive process.
- the step of comparing may comprise comparing a digital signature with the corresponding stored digital signature exemplifying ideal signal activity.
- the mismatch indicates that a digital signature has a value outside a pre-determined tolerance of the corresponding stored digital signature.
- the pre-determined tolerance is zero.
- Steps d) and e) may be performed by an analyser.
- the digital sig natures and the corresponding stored digital signatures may be compressed, and the compressed digital signature and the compressed corresponding stored digital signature may be uncompressed by the analyser before comparison.
- a time window between the start signal and the stop signal is runtime configurable. If this is the case, preferably steps d) and e) are synchronised with the time window such that the N digital signatures are accessed from the temporary memory store periodically with the time window.
- the method may further comprise the integrated chip resolving a cause of the mismatch between a digital signature and the corresponding stored digital signature on receipt of the alarm signal.
- the temporary memory store is a pre-initialised feedback shift register.
- the signal selector may be one of a filter array, a software filter or a mask comprising a Boolean array.
- the digital signature is a pseudo-random binary sequence generated from the signal.
- the present invention also provides, in a second aspect, an integrated chip digital signature generator and monitor adapted to generate and monitor a digital signature representing activity observed on signals on an integrated chip in a normal mode of oper ation, comprising; n signal selectors adapted to receive at n signals, a start signal and a stop signal; a temporary memory store adapted to receive n signals fed by the n selectors as n selected signals and to output values used as the basis for N digital signatures repre senting activity observed on the n signals; and a comparison circuit comprising a memory adapted to store N corresponding stored digital signatures, a comparator adapted to compare the N signatures with the N corresponding stored digital signatures and an alarm generator adapted to generate an alarm signal if a mismatch between any of the N digital signatures and the corresponding stored digital signature is indicated.
- the comparison circuit is separate to and in communication with the n signal selectors and at temporary memory store.
- the method further comprises a demultiplexer connected to the com parator and to the temporary memory store.
- the temporary memory store is a pre-initialised feedback shift register.
- Figure 1 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a first embodiment of the present inven tion;
- Figure 2 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a second embodiment of the present in vention.
- Figure 3 is a flow chart illustrating a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation in accordance with embodiments of the present invention.
- embodiments of the present invention utilise the concept of digital signature comparison. This enables the use of a method of generating and monitoring a digital signature representing activity observed on signals on an inte grated chip in a normal mode of operation.
- n signals are received at a signal se lector, along with a start signal.
- the signal selector On receipt of the start signal, the signal selector begins to feed the n signals as n selected signals to a temporary memory store to create values in the temporary memory store.
- FIG. 1 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a first embodiment of the present inven tion.
- the integrated chip signal generator and monitor 1 is adapted to generate and mon itor a digital signature 2a, 2b...2 N that represents activity observed on signals 3a, 3b...3/V on an integrated chip (ICC) 4 in a normal mode of operation.
- the integrated chip signal generator and monitor 1 comprises a signal selector, which in this example, are in the form of a digital filter array 5.
- the digital filter array 5 is provided with a first input 6 for receiving the signals 3a, 3b...3n, and a second input 7 for receiving a start/stop signal 8 for triggering the storage of selected signals 9a, 9b...9n in at a temporary memory store.
- the temporary memory store comprises pre-initialised feedback shift regis ters 10a, 10b...10/1 adapted to receive selected signals 9a, 9b...9/i fed by the digital filter 5 and to output a value as the basis of digital signatures 2a, 2b...2 N representing activity observed on the n signals 3a, 3b...3/i.
- Each digital signature is preferably a pseudo random binary sequence (PRBS) generated from the corresponding signal.
- PRBS pseudo random binary sequence
- Each pre initialised shift register 10a, 10b...l0/i is initialised during boot up of the integrated chip, removing the need to carry out any additional run time activities.
- a comparison circuit 11 is provided to compare corresponding stored digital signature 2as, 2bs...2/Vs with the digi tal signatures 2a, 2b...2 N.
- the comparison circuit 11 comprises a comparator 12 that is adapted to compare the digital signatures 2a, 2b...2 N with the corresponding stored digital signature 2as, 2bs...2/Vs.
- a comparator 12 that is adapted to compare the digital signatures 2a, 2b...2 N with the corresponding stored digital signature 2as, 2bs...2/Vs.
- an opera tional amplifier is used as a simple comparator 12, however it may be preferable to use an alternative, such as a clocked comparator (for example, a dynamic latched compara tor), depending on the origin of the signals 3a, 3b...3/i.
- a demultiplexer 13 is provided to feed the digital signatures 2a, 2b...2 N received from the pre-initialised feedback shift reg isters 10a, 10b...10/1 to the comparator 12.
- the comparison circuit 11 also comprises a memory 14 for storing the corresponding stored digital signature 2as, 2bs...2/Vs, which represent the expected signatures for the signals 3a, 3b...3/i if there are no errors or data corruption present in these signals 3a, 3b...3/i.
- the comparison circuit 11 further comprises an alarm generator 15 to generate an alarm signal 15 to alert to a possible compromise of the signal 3a, 3b...3/i.
- the signals 3a, 3b...3/i are data signals, such as those capable of transmission over exemplary communication interfaces, such as traditional debug interfaces such as JTAG, parallel trace input/output, and Aurora based high-speed serial interface; and reuse of system interfaces such as USB, Ethernet, RS232, PCIe and CAN.
- the signals may be address signals, control signals (signifying status, enable or other control action), security information (such as interconnect side band signals) or the like, or a combination of any of these.
- FIG. 2 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a second embodiment of the present in vention.
- the integrated chip signal generator and monitor 20 is adapted to generate and monitor a digital signature 21a, 21b.. 21n that represents activity observed on signals 22a, 22b...22/1 on an integrated chip 23 in a normal mode of operation.
- the integrated chip signal generator and monitor 20 comprises a signal selector, which in this example, is in the form of a digital filter array 24.
- the digital filter array 24 is provided with a first input 25 for receiving the signals 22a, 22b...22/1, and a second input 26 for receiving a start/stop signal 27 for triggering the storage of the selected signals 28a, 28b 28/i in a temporary
- the temporary memory store comprises pre-initialised feedback shift registers 29a, 29b.. 29n adapted to receive the selected signals 28a,
- Each digital signa ture is preferably a pseudo-random binary sequence (PRBS) generated from the corre sponding signal.
- PRBS pseudo-random binary sequence
- Each pre-initialised shift register 28a, 28b...28/1 is initialised during boot up of the integrated chip, removing the need to carry out any additional run time activi ties.
- An analyser 30 is provided to house a comparison circuit 31, which is provided to compare a corresponding stored digital signature 21as, 21bs...21/Vs with the digital signa ture 21a, 21b...21 N.
- the comparison circuit 31 comprises a comparator 32 that is adapted to compare the digital signature 21a, 21b...21 N with the corresponding stored digital signature 21as, 21bs...21/Vs.
- an opera tional amplifier is used as a simple comparator 32, however it may be preferable to use an alternative, such as a clocked comparator (for example, a dynamic latched compara tor), depending on the origin of the first signal 22.
- a demultiplexer 33 is provided to feed the digital signatures 21a, 21b...21 N received from the pre-initialised feedback shift regis ters 29a, 29b...29/1 to the comparator 32.
- the comparison circuit 30 also comprises a memory 34 for storing the corresponding stored digital signatures 21as, 21bs...21/Vs, which represent the expected signatures for the signals 22a, 22b...22/1 if there are no er rors or data corruption present in these signals 22a, 22b...22/1. However, should the comparator 32 determine that there is a mismatch between a digital signature 21a,
- the compari son circuit 31 further comprises an alarm generator 35 to generate an alarm signal 36 to alert to a possible compromise of the signal 22a, 22b...22/1.
- the analyser 30 may be sepa rate to and in communication with the at least first signal selector 24 and at least first temporary memory store 29a. This enables the analyser 30 to be housed remotely from the other components of the integrated chip digital signature generator and monitor 20.
- the signals 22a, 22b...22/1 are data signals, such as those capable of transmis sion over exemplary communication interfaces, such as traditional debug interfaces such as JTAG, parallel trace input/output, and Aurora based high-speed serial interface; and reuse of system interfaces such as USB, Ethernet, RS232, PCIe and CAN.
- the signals may be address signals, control signals (signifying status, enable or other control action), security information (such as interconnect sideband signals) or the like, or a com bination of any of these.
- Figure 3 is a flow chart illustrating a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a nor mal mode of operation in accordance with embodiments of the present invention.
- the method 100 described below is equally applicable to both embodiments of the integrated chip digital signature generator and monitor 1, 20 described above.
- the moni toring and generation of a digital signature 2a for a single signal 3a, 22a is detailed below, the method applies equally to all n possible signals 3a, 22a that may be handled by the signal selector 5, 24.
- a signal 3a, 22a is detected at a signal selector.
- the signal selector is an array of digital filters 5, 24.
- a start signal 8, 27 is received at the signal selector, and on receipt of the start signal 7, 26, the signal selec tor begins to feed the signal 3a, 22a as a selected signal 9a, 28a to a temporary memory store to create a value in the temporary memory store.
- the temporary memory store is a pre-initialised feedback shift register 10a, 29a, which has been initial ised during the boot up of the integrated chip 1, 20 rather than during runtime.
- a stop signal 8, 27 is received at the signal selector.
- the signal selector On receipt of the stop signal 8, 27, the signal selector ceases to feed the signal 3a, 22a as the selected signal 9a, 28a, to the temporary memory store 10a, 29a and the value in the temporary memory store 10a, 29a becomes available.
- the digital signature 2a, 21s is compared with a corresponding stored digi tal signature 2as, 21as representing expected activity on the first signal 3a, 22a.
- Each digi tal signature is preferably a pseudo-random binary sequence (PRBS) generated from the corresponding signal.
- PRBS pseudo-random binary sequence
- This step preferably comprises comparing the digital signature 2a, 21a with a corresponding stored digital signature 2as, 21as created from previous digital signatures 2a, 21a using an iterative process.
- Such an iterative process may be a machine learning process, for example.
- this step may comprise comparing the digital signature 2a, 21a with a corresponding stored digital signature 2as, 21as exemplifying ideal activity observed on the signal 3a, 22a. Such a signal may be loaded into the memory 13, 34 of the comparison circuit 11, 31 at boot up.
- an alarm signal 14, 36 is generated.
- steps 108 and 110 may be performed by an analyser 30. If this is the
- the digital signature 21a and the corresponding stored digital signature 21as may be compressed.
- the compressed digital signature 21a and the com pressed corresponding stored digital signature 21s are then uncompressed by the analys er BO before comparison.
- n > 1 and N 1, where many signals are combined into a single signature. This may be a group of signals where once abnormal behaviour of the group is observed, an alarm is raised.
- the signature represents the behaviour of the group of signals with in the time window between the start and stop signals.
- n 1 and N > 1, where a single signal is represented by N signatures. This requires that several PRBS are generat ed for the signal.
- a signal selector able to select n signals is required, along with N temporary memory devices, but some of these may be redundant during the generating and monitoring process.
- a further benefit of the approach of the embodiments described above is that a time window between the start signal 8, 26 and the stop signal 8, 26 that is runtime con figurable may be provided.
- steps 108 and 110 to be synchronised with the time window such that a digital signature 2a, 21a representing activity observed on a sig nal 3, 22 is accessed from the temporary memory store periodically with the time win dow.
- Step 110 results in the generation of an alarm signal 14, 36, on receipt of which it may be desirable for the integrated chip 4, 23 to resolve the cause of the mismatch be tween a digital signature 2a, 21a and the corresponding stored digital signature 2as, 21as.
- a filter array 5, 24 is used to filter the signals to an appropriate temporary memory store.
- it may be desirable to use an al ternative approach to filter the signals for example, implementing a software filter func tion or using a mask comprising a Boolean array.
- the temporary memory store is preferably a pre-initialised feedback shift register, other types of temporary memory may be implemented as required.
- signature generation techniques such as hashing, may be used.
- the integrated chip signature generator and monitor 1, 20 and method 100 in ac cordance with the embodiments of the present invention have a wide variety of possible applications within a System-on-Chip device. Since the integrated chip signature genera tor and monitor 1, 20 is simple and does not require any specific test logic or special mode of operation it may be used throughout an SoC environment. For example, it may
- bus communications such as transactions between blocks on the integrated chip, determine access to a region of the integrated chip (address monitor ing), determining whether or not a malicious agent has corrupted data (viruses or mal ware) or that data has been otherwise compromised, both within the SoC itself and any system in which it operates.
- address monitor ing determining whether or not a malicious agent has corrupted data (viruses or mal ware) or that data has been otherwise compromised, both within the SoC itself and any system in which it operates.
- the non-intrusive nature of the integrated chip signature generator and monitor 1, 20 and boot up configuration are also advantageous, enabling the monitoring and signature generation to take place during the normal mode of opera tion of an SoC device.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Tests Of Electronic Circuits (AREA)
Abstract
A method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation is disclosed. A signal se- lector feeds a signal as a selected signal to a temporary memory store to create a value in the temporary memory store. This value is used as the basis of a digital signature repre- senting activity observed on the signal and is compared to a corresponding stored digital signature representing expected activity on the signal. If the comparing indicates a mis- match between the digital signature and the corresponding stored digital signature, an alarm signal is generated. An integrated chip digital signal generator and monitor is also disclosed.
Description
METHOD OF GENERATING AND MONITORING A DIGITAL SIGNATURE
The present invention relates to a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip, in particular on an integrated chip in a normal mode of operation.
Embedded systems comprising multiple core devices incorporated on to a printed circuit board (PCB) have been in use for many years. The core devices, such as a central processing unit (CPU), memory, secondary storage and other computing or electronic system components, communicate via a series of buses connected between each compo nent and the printed circuit board. Increasing demand for smaller electronic products and the growth in mobile computing and telecommunications led to the development of so-called System-on-Chip (SoC) devices. Rather than multiple core devices on a PCB, an SoC is an integrated chip, or circuit, where most or all of the components of a system are integrated onto a single substrate. Communication between the components takes place by means of an internal bus system, with all traffic in the embedded system conveyed over these buses. Given that such SoC devices are increasingly implemented within mo bile devices (smartphones, tablets) and in other applications, such as vehicles, the integri ty of the data being communicated within the SoC is a primary concern. Data corruption or data error may occur due to variety or reasons, including malicious entities (viruses and malware), hardware or system malfunction or system corruption, and results in the alteration of data from its expected or correct form. This is manifested as a change in one or more bits in a signal.
Silent data corruption occurs when data errors go undetected, risking that the undetected errors propagate through the SoC and are utilised by the various compo nents. Whilst initially this may be a benign error in more extreme cases the error propa gation may lead to cascading failures within the SoC or in any device or system that the SoC is deployed in. Error detection within an SoC is therefore of great importance in maintaining the operation of the system. One manner in which errors may be detected during a normal mode of operation of the SoC is by analysing transaction communications over the existing interconnect circuitry. This may include parity and cyclic redundancy checks to determine whether the data contains an error. However, whilst effective, such a methodology involves both analysing transactions and scanning memory blocks to de termine if an error has been stored. A simpler alternative for use when the SoC is in a normal mode of operation would therefore be desirable.
Another option to determine whether or not there are faults inherent in the SoC itself is to utilise a PRBS (pseudo-random binary sequence) monitor. A PRBS is a binary sequence that, although generated using a deterministic algorithm, is difficult to predict. When generated by a linear feedback shift register acting as a pattern generator the PRBS
1
may be used for exhaustive testing of an integrated circuit. For example, a signature rep resenting a "good" circuit can be compared with the signature of a Device Under Test (DUT) to determine whether or not the physical circuit is functioning correctly, and there fore that there . However, this requires additional logic to be added to the DUT and can only be carried out as part of the design process in a test mode and does not allow any form of monitoring during the normal mode of operation of an SoC. Therefore, whilst the process is relatively simple in determining whether data corruption could occur from faults within the SoC itself, this is only of limited benefit.
It is therefore of interest to be able to provide a method of monitoring activity on an integrated chip, such as an SoC, during its normal mode of operation to determine whether or not data corruption or incorrect operation has occurred.
The present invention aims to address these issues by providing, in a first aspect, a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation, comprising: a) receiving n signals at n signal selectors; b) receiving a start signal at the n signal selectors, wherein on receipt of the start signal, the n signal selectors begin to feed the n signals as n selected signals to a temporary memory store to create n values in the temporary memory store; c) receiving a stop signal at the n signal selectors, wherein on receipt of the stop signal, the n signal selectors cease to feed the n signals as the n selected signals to the tempo rary memory store and the values in the temporary memory store become available; d) using the values in the temporary memory store as the basis of N digital signatures rep resenting activity observed on n signals, comparing the N digital signatures with N corre sponding stored digital signatures representing expected activity on the n signals; and e)if the comparing indicates a mismatch between any of the N digital signatures and a corre sponding stored digital signature, generating an alarm signal.
Utilising a simple signature generated from a selected digital signal and a compari son technique enables the method to be used during a normal mode of operation of the integrated chip. No additional test logic is required, and the method does not need to be performed using any form of special mode and takes advantage of being able to configure the temporary memory device during boot up and the start/stop signal during runtime. Coupled with an ability to learn ideal activities expected on a signal, the embodiments of the present invention offer an efficient, low computing cost and highly accurate error and security compromise detection system.
Preferably, n = N. Alternatively, n > 1, N > 1 and n = N. Yet further alternatively, n > 1 and N = 1. Yet still further alternatively, n =1 and N > 1.
Preferably, the step of comparing comprises comparing a digital signature with the corresponding stored digital signature created from previous digital signatures an itera tive process.
2
Alternatively, the step of comparing may comprise comparing a digital signature with the corresponding stored digital signature exemplifying ideal signal activity.
Preferably, the mismatch indicates that a digital signature has a value outside a pre-determined tolerance of the corresponding stored digital signature.
Preferably the pre-determined tolerance is zero.
Steps d) and e) may be performed by an analyser. In this situation, the digital sig natures and the corresponding stored digital signatures may be compressed, and the compressed digital signature and the compressed corresponding stored digital signature may be uncompressed by the analyser before comparison.
Preferably, a time window between the start signal and the stop signal is runtime configurable. If this is the case, preferably steps d) and e) are synchronised with the time window such that the N digital signatures are accessed from the temporary memory store periodically with the time window.
The method may further comprise the integrated chip resolving a cause of the mismatch between a digital signature and the corresponding stored digital signature on receipt of the alarm signal.
Preferably, the temporary memory store is a pre-initialised feedback shift register. The signal selector may be one of a filter array, a software filter or a mask comprising a Boolean array.
Preferably, the digital signature is a pseudo-random binary sequence generated from the signal.
The present invention also provides, in a second aspect, an integrated chip digital signature generator and monitor adapted to generate and monitor a digital signature representing activity observed on signals on an integrated chip in a normal mode of oper ation, comprising; n signal selectors adapted to receive at n signals, a start signal and a stop signal; a temporary memory store adapted to receive n signals fed by the n selectors as n selected signals and to output values used as the basis for N digital signatures repre senting activity observed on the n signals; and a comparison circuit comprising a memory adapted to store N corresponding stored digital signatures, a comparator adapted to compare the N signatures with the N corresponding stored digital signatures and an alarm generator adapted to generate an alarm signal if a mismatch between any of the N digital signatures and the corresponding stored digital signature is indicated.
Preferably, the comparison circuit is separate to and in communication with the n signal selectors and at temporary memory store.
Preferably, the method further comprises a demultiplexer connected to the com parator and to the temporary memory store. Preferably, the temporary memory store is a pre-initialised feedback shift register.
3
The present invention will now be described by way of example only and with ref erence to the accompanying drawings, in which:
Figure 1 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a first embodiment of the present inven tion;
Figure 2 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a second embodiment of the present in vention; and
Figure 3 is a flow chart illustrating a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation in accordance with embodiments of the present invention.
As a way of removing the need to add additional logic or to require specific analy sis of transactions or memory content, embodiments of the present invention utilise the concept of digital signature comparison. This enables the use of a method of generating and monitoring a digital signature representing activity observed on signals on an inte grated chip in a normal mode of operation. Initially, n signals are received at a signal se lector, along with a start signal. On receipt of the start signal, the signal selector begins to feed the n signals as n selected signals to a temporary memory store to create values in the temporary memory store. This continues until a stop signal is received at the signal selector, wherein on receipt of the stop signal, the signal selector ceases to feed the n signals as n selected signals to the temporary memory store and the value in the tempo rary memory store becomes available. Using the value in the temporary memory store as the basis of N digital signatures representing activity observed on the n signals, this is compared with N corresponding stored digital signatures representing expected activity on the n signals. If the comparing indicates a mismatch between any of the N digital sig natures and the N corresponding stored digital signatures, an alarm signal is generated. The digital signature therefore represents activity being observed on the signals of the integrated chip, and by using only a comparison, rather than an analysis, during the nor mal mode of operation of the integrated chip, errors are detected simply and easily.
Figure 1 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a first embodiment of the present inven tion. The integrated chip signal generator and monitor 1 is adapted to generate and mon itor a digital signature 2a, 2b...2 N that represents activity observed on signals 3a, 3b...3/V on an integrated chip (ICC) 4 in a normal mode of operation. The integrated chip signal generator and monitor 1 comprises a signal selector, which in this example, are in the form of a digital filter array 5. The digital filter array 5 is provided with a first input 6 for receiving the signals 3a, 3b...3n, and a second input 7 for receiving a start/stop signal 8 for triggering the storage of selected signals 9a, 9b...9n in at a temporary memory store. In
4
this example, the temporary memory store comprises pre-initialised feedback shift regis ters 10a, 10b...10/1 adapted to receive selected signals 9a, 9b...9/i fed by the digital filter 5 and to output a value as the basis of digital signatures 2a, 2b...2 N representing activity observed on the n signals 3a, 3b...3/i. Each digital signature is preferably a pseudo random binary sequence (PRBS) generated from the corresponding signal. Each pre initialised shift register 10a, 10b...l0/i is initialised during boot up of the integrated chip, removing the need to carry out any additional run time activities. A comparison circuit 11 is provided to compare corresponding stored digital signature 2as, 2bs...2/Vs with the digi tal signatures 2a, 2b...2 N. To do this, the comparison circuit 11 comprises a comparator 12 that is adapted to compare the digital signatures 2a, 2b...2 N with the corresponding stored digital signature 2as, 2bs...2/Vs. In the embodiment illustrated in Figure 1 an opera tional amplifier is used as a simple comparator 12, however it may be preferable to use an alternative, such as a clocked comparator (for example, a dynamic latched compara tor), depending on the origin of the signals 3a, 3b...3/i. A demultiplexer 13 is provided to feed the digital signatures 2a, 2b...2 N received from the pre-initialised feedback shift reg isters 10a, 10b...10/1 to the comparator 12. The comparison circuit 11 also comprises a memory 14 for storing the corresponding stored digital signature 2as, 2bs...2/Vs, which represent the expected signatures for the signals 3a, 3b...3/i if there are no errors or data corruption present in these signals 3a, 3b...3/i. However, should the comparator 12 de termine that there is a mismatch between the digital signatures 2a, 2b...2 N and the at corresponding stored digital signature 2as, 2bs...2/Vs, the comparison circuit 11 further comprises an alarm generator 15 to generate an alarm signal 15 to alert to a possible compromise of the signal 3a, 3b...3/i. Preferably the signals 3a, 3b...3/i are data signals, such as those capable of transmission over exemplary communication interfaces, such as traditional debug interfaces such as JTAG, parallel trace input/output, and Aurora based high-speed serial interface; and reuse of system interfaces such as USB, Ethernet, RS232, PCIe and CAN. Alternatively, the signals may be address signals, control signals (signifying status, enable or other control action), security information (such as interconnect side band signals) or the like, or a combination of any of these.
Figure 2 is a schematic circuit diagram illustrating an integrated chip digital signa ture generator and monitor in accordance with a second embodiment of the present in vention. The integrated chip signal generator and monitor 20 is adapted to generate and monitor a digital signature 21a, 21b.. 21n that represents activity observed on signals 22a, 22b...22/1 on an integrated chip 23 in a normal mode of operation. The integrated chip signal generator and monitor 20 comprises a signal selector, which in this example, is in the form of a digital filter array 24. The digital filter array 24 is provided with a first input 25 for receiving the signals 22a, 22b...22/1, and a second input 26 for receiving a start/stop signal 27 for triggering the storage of the selected signals 28a, 28b 28/i in a temporary
5
memory store. In this example, the temporary memory store comprises pre-initialised feedback shift registers 29a, 29b.. 29n adapted to receive the selected signals 28a,
28b...28/1 fed by a digital filter 24 and to output a value as a digital signature 21a,
21b...21 N representing activity observed on the signals 22a, 22b...22/1. Each digital signa ture is preferably a pseudo-random binary sequence (PRBS) generated from the corre sponding signal. Each pre-initialised shift register 28a, 28b...28/1 is initialised during boot up of the integrated chip, removing the need to carry out any additional run time activi ties.
An analyser 30 is provided to house a comparison circuit 31, which is provided to compare a corresponding stored digital signature 21as, 21bs...21/Vs with the digital signa ture 21a, 21b...21 N. To do this, the comparison circuit 31 comprises a comparator 32 that is adapted to compare the digital signature 21a, 21b...21 N with the corresponding stored digital signature 21as, 21bs...21/Vs. In the embodiment illustrated in Figure 2 an opera tional amplifier is used as a simple comparator 32, however it may be preferable to use an alternative, such as a clocked comparator (for example, a dynamic latched compara tor), depending on the origin of the first signal 22. A demultiplexer 33 is provided to feed the digital signatures 21a, 21b...21 N received from the pre-initialised feedback shift regis ters 29a, 29b...29/1 to the comparator 32. The comparison circuit 30 also comprises a memory 34 for storing the corresponding stored digital signatures 21as, 21bs...21/Vs, which represent the expected signatures for the signals 22a, 22b...22/1 if there are no er rors or data corruption present in these signals 22a, 22b...22/1. However, should the comparator 32 determine that there is a mismatch between a digital signature 21a,
21b...21 N and the corresponding stored digital signature 21as, 21bs...21/Vs, the compari son circuit 31 further comprises an alarm generator 35 to generate an alarm signal 36 to alert to a possible compromise of the signal 22a, 22b...22/1. The analyser 30 may be sepa rate to and in communication with the at least first signal selector 24 and at least first temporary memory store 29a. This enables the analyser 30 to be housed remotely from the other components of the integrated chip digital signature generator and monitor 20. Preferably the signals 22a, 22b...22/1 are data signals, such as those capable of transmis sion over exemplary communication interfaces, such as traditional debug interfaces such as JTAG, parallel trace input/output, and Aurora based high-speed serial interface; and reuse of system interfaces such as USB, Ethernet, RS232, PCIe and CAN. Alternatively, the signals may be address signals, control signals (signifying status, enable or other control action), security information (such as interconnect sideband signals) or the like, or a com bination of any of these.
The operation of the integrated chip digital signature generator and monitor 1, 20 to generate and monitor a digital signature 2a, 2b...2 N, 21a. 21b...21 N representing activi ty observed on signals 3a, 3b...3/i, 22a, 22b...22/1 on the integrated chip 4, 23 will now be
6
described. Figure 3 is a flow chart illustrating a method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a nor mal mode of operation in accordance with embodiments of the present invention. The method 100 described below is equally applicable to both embodiments of the integrated chip digital signature generator and monitor 1, 20 described above. Although the moni toring and generation of a digital signature 2a for a single signal 3a, 22a is detailed below, the method applies equally to all n possible signals 3a, 22a that may be handled by the signal selector 5, 24.
Initially, at step 102, a signal 3a, 22a, is detected at a signal selector. Preferably, the signal selector is an array of digital filters 5, 24. Next, at step 104, a start signal 8, 27 is received at the signal selector, and on receipt of the start signal 7, 26, the signal selec tor begins to feed the signal 3a, 22a as a selected signal 9a, 28a to a temporary memory store to create a value in the temporary memory store. Preferably the temporary memory store is a pre-initialised feedback shift register 10a, 29a, which has been initial ised during the boot up of the integrated chip 1, 20 rather than during runtime. At step 106, a stop signal 8, 27 is received at the signal selector. On receipt of the stop signal 8, 27, the signal selector ceases to feed the signal 3a, 22a as the selected signal 9a, 28a, to the temporary memory store 10a, 29a and the value in the temporary memory store 10a, 29a becomes available. At step 108, using the value in the first temporary memory store 10a, 29a as the basis of a digital signature 2a, 21a representing activity observed on the signal 3a, 22a, the digital signature 2a, 21s is compared with a corresponding stored digi tal signature 2as, 21as representing expected activity on the first signal 3a, 22a. Each digi tal signature is preferably a pseudo-random binary sequence (PRBS) generated from the corresponding signal. This step preferably comprises comparing the digital signature 2a, 21a with a corresponding stored digital signature 2as, 21as created from previous digital signatures 2a, 21a using an iterative process. Such an iterative process may be a machine learning process, for example. Alternatively, this step may comprise comparing the digital signature 2a, 21a with a corresponding stored digital signature 2as, 21as exemplifying ideal activity observed on the signal 3a, 22a. Such a signal may be loaded into the memory 13, 34 of the comparison circuit 11, 31 at boot up. Finally, at step 110, if the comparing indicates a mismatch between the digital signature 2a, 21a and the corre sponding stored digital signature 2as, 21as, an alarm signal 14, 36 is generated.
One criterion for assessing the comparison is where the mismatch indicates that the digital signature 2a, 21a has a value outside a pre-determined tolerance of the corre sponding stored digital signature 2as, 21as. Ideally, the pre-determined tolerance is zero, but it may be desirable to have a range of tolerance depending upon the application of the integrated chip signature generator and monitor 1, 20. As outlined above with re spect to Figure 2, steps 108 and 110 may be performed by an analyser 30. If this is the
7
case, it may be desirable for the digital signature 21a and the corresponding stored digital signature 21as to be compressed. The compressed digital signature 21a and the com pressed corresponding stored digital signature 21s are then uncompressed by the analys er BO before comparison.
In the examples above the behaviour of n signals is monitored using N generated signatures. There are four scenarios where this occurs. Firstly, n = N = 1, such that there is a one-to-one correspondence of a single signal to a single corresponding signature. Secondly, n > 1, N > 1 and n = N, such that there is a many-to-many correspondence of signals and corresponding signatures. Each of these situations requires that the signal selector is able to select n signals, and that there are n temporary memory devices. Third ly, n > 1 and N = 1, where many signals are combined into a single signature. This may be a group of signals where once abnormal behaviour of the group is observed, an alarm is raised. For example, the signature represents the behaviour of the group of signals with in the time window between the start and stop signals. Fourthly, n =1 and N > 1, where a single signal is represented by N signatures. This requires that several PRBS are generat ed for the signal. For the third and fourth cases, again a signal selector able to select n signals is required, along with N temporary memory devices, but some of these may be redundant during the generating and monitoring process.
A further benefit of the approach of the embodiments described above is that a time window between the start signal 8, 26 and the stop signal 8, 26 that is runtime con figurable may be provided. This enables steps 108 and 110 to be synchronised with the time window such that a digital signature 2a, 21a representing activity observed on a sig nal 3, 22 is accessed from the temporary memory store periodically with the time win dow. Step 110 results in the generation of an alarm signal 14, 36, on receipt of which it may be desirable for the integrated chip 4, 23 to resolve the cause of the mismatch be tween a digital signature 2a, 21a and the corresponding stored digital signature 2as, 21as.
In the embodiments described above a filter array 5, 24 is used to filter the signals to an appropriate temporary memory store. However, it may be desirable to use an al ternative approach to filter the signals, for example, implementing a software filter func tion or using a mask comprising a Boolean array. Whilst the temporary memory store is preferably a pre-initialised feedback shift register, other types of temporary memory may be implemented as required. For temporary memories that are not used to generate PRBS signatures, other signature generation techniques, such as hashing, may be used.
The integrated chip signature generator and monitor 1, 20 and method 100 in ac cordance with the embodiments of the present invention have a wide variety of possible applications within a System-on-Chip device. Since the integrated chip signature genera tor and monitor 1, 20 is simple and does not require any specific test logic or special mode of operation it may be used throughout an SoC environment. For example, it may
8
be employed to monitor bus communications, such as transactions between blocks on the integrated chip, determine access to a region of the integrated chip (address monitor ing), determining whether or not a malicious agent has corrupted data (viruses or mal ware) or that data has been otherwise compromised, both within the SoC itself and any system in which it operates. The non-intrusive nature of the integrated chip signature generator and monitor 1, 20 and boot up configuration are also advantageous, enabling the monitoring and signature generation to take place during the normal mode of opera tion of an SoC device.
9
Claims
1. A method of generating and monitoring a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation, comprising: a) Receiving n signals at a signal selector; b) Receiving a start signal at the signal selector, wherein on receipt of the start signal, the signal selector begins to feed the n signals as n selected signals to a temporary memory store to create n values in the temporary memory store; c) Receiving a stop signal at the signal selector, wherein on receipt of the stop signal, the signal selector ceases to feed the n signals as the n selected signals to the temporary memory store and the values in the temporary memory store become available; d) Using the values in the temporary memory store as the basis of N digital signa tures representing activity observed on n signals, comparing the N digital signatures with N corresponding stored digital signatures representing expected activity on the n signals; and e) If the comparing indicates a mismatch between any of the N digital signatures and a corresponding stored digital signature, generating an alarm signal.
2. Method as claimed in claim 1, wherein n = N.
3. Method as claimed in claim 1, wherein n > 1, N > 1 and n = N.
4. Method as claimed in claim 1, wherein n > 1 and N = 1.
5. Method as claimed in claim 1, wherein n =1 and N > 1.
6. Method as claimed in claim 1, wherein the step of comparing comprises compar ing a digital signature with the corresponding stored digital signature created from previ ous digital signatures an iterative process.
7. Method as claimed in claim 1, wherein the step of comparing comprises compar ing a digital signature with the corresponding stored digital signature exemplifying ideal signal activity.
8. Method as claimed in claim 1, wherein the mismatch indicates that a digital signa ture has a value outside a pre-determined tolerance of the corresponding stored digital signature.
10
9. Method as claimed in claim 8, wherein the pre-determined tolerance is zero.
10. Method as claimed in claim 1, wherein steps d) and e) are performed by an ana lyser.
11. Method as claimed in claim 10, wherein the digital signatures and the correspond ing stored digital signatures are compressed, and wherein the compressed digital signa ture and the compressed corresponding stored digital signature are uncompressed by the analyser before comparison.
12. Method as claimed in claim 1, wherein a time window between the start signal and the stop signal is runtime configurable.
13. Method as claimed in claim 12, wherein steps d) and e) are synchronised with the time window such that the N digital signatures are accessed from the temporary memory store periodically with the time window.
14. Method as claimed in claim 1, further comprising the integrated chip resolving a cause of the mismatch between a digital signature and the corresponding stored digital signature on receipt of the alarm signal.
15. Method as claimed in claim 1, wherein the temporary memory store is a pre initialised feedback shift register.
16. Method as claimed in claim 1, wherein the signal selector is one of a filter array, a software filter or a mask comprising a Boolean array.
17. Method as in claim 1, wherein the signature is a pseudo-random binary sequence (PRBS) generated from the corresponding signal.
18. Integrated chip digital signature generator and monitor adapted to generate and monitor a digital signature representing activity observed on signals on an integrated chip in a normal mode of operation, comprising; n signal selectors adapted to receive at n signals, a start signal and a stop signal; a temporary memory store adapted to receive n signals fed by the n selectors as n selected signals and to output values used as the basis for N digital signatures represent ing activity observed on the n signals; and
11
a comparison circuit comprising a memory adapted to store N corresponding stored digital signatures, a comparator adapted to compare the N signatures with the N corresponding stored digital signatures and an alarm generator adapted to generate an alarm signal if a mismatch between any of the N digital signatures and the corresponding stored digital signature is indicated.
19. Integrated chip digital signature generator and monitor as claimed in claim 18, wherein the comparison circuit is separate to and in communication with the n signal se lectors and at temporary memory store.
20. Integrated chip digital signature generator and monitor as claimed in claim 18, further comprising a demultiplexer connected to the comparator and to the temporary memory store.
21. Integrated chip digital signature generator and monitor as claimed in claim 18, wherein the temporary memory store is a pre-initialised feedback shift register.
12
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2021/031766 WO2022240396A1 (en) | 2021-05-11 | 2021-05-11 | Method of generating and monitoring a digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2021/031766 WO2022240396A1 (en) | 2021-05-11 | 2021-05-11 | Method of generating and monitoring a digital signature |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2022240396A1 true WO2022240396A1 (en) | 2022-11-17 |
Family
ID=76181306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US2021/031766 WO2022240396A1 (en) | 2021-05-11 | 2021-05-11 | Method of generating and monitoring a digital signature |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2022240396A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160047859A1 (en) * | 2014-08-18 | 2016-02-18 | Duke University | Signal tracing using on-chip memory for in-system post-fabrication debug |
| US20160062331A1 (en) * | 2014-08-27 | 2016-03-03 | Freescale Semiconductor, Inc. | Apparatus and method for validating the integrity of control signals in timing domain |
| US20200202063A1 (en) * | 2018-11-20 | 2020-06-25 | Synopsys, Inc. | Generation of module and system-level waveform signatures to verify, regression test and debug soc functionality |
-
2021
- 2021-05-11 WO PCT/US2021/031766 patent/WO2022240396A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160047859A1 (en) * | 2014-08-18 | 2016-02-18 | Duke University | Signal tracing using on-chip memory for in-system post-fabrication debug |
| US20160062331A1 (en) * | 2014-08-27 | 2016-03-03 | Freescale Semiconductor, Inc. | Apparatus and method for validating the integrity of control signals in timing domain |
| US20200202063A1 (en) * | 2018-11-20 | 2020-06-25 | Synopsys, Inc. | Generation of module and system-level waveform signatures to verify, regression test and debug soc functionality |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5799022A (en) | Faulty module location in a fault tolerant computer system | |
| Deb et al. | Multi-signal flow graphs: a novel approach for system testability analysis and fault diagnosis | |
| US5392302A (en) | Address error detection technique for increasing the reliability of a storage subsystem | |
| US10495691B2 (en) | System architecture method and apparatus for adaptive hardware fault detection with hardware metrics subsystem | |
| GB2219865A (en) | Self checking of functional redundancy check logic | |
| US5930270A (en) | Logic built in self-test diagnostic method | |
| US7539903B2 (en) | Method for monitoring the execution of a program by comparing a request with a response and introducing a falsification in a response | |
| US6615379B1 (en) | Method and apparatus for testing a logic device | |
| Dhadyalla et al. | Combinatorial testing for an automotive hybrid electric vehicle control system: a case study | |
| EP3623826A1 (en) | Error detection within an integrated circuit chip | |
| CN113656230B (en) | Fault diagnosis circuit, method, apparatus and computer readable storage medium | |
| KR100962858B1 (en) | A digital system and a method for error detection thereof | |
| WO2022240396A1 (en) | Method of generating and monitoring a digital signature | |
| US20140201252A1 (en) | Method and apparatus for testing a random number generator tester | |
| EP0319183B1 (en) | Parity regeneration self-checking | |
| US11030065B2 (en) | Apparatus and method of generating random numbers | |
| JP2806856B2 (en) | Diagnostic device for error detection and correction circuit | |
| CN110794282B (en) | dSPACE-HIL system based method and apparatus for communicating with electronic devices | |
| US20220326298A1 (en) | Signal test | |
| US5418794A (en) | Error determination scan tree apparatus and method | |
| Miroshnik et al. | Methods for designing self-checking digital machines | |
| SU470810A1 (en) | Device for detecting errors in the control equipment | |
| JP2857479B2 (en) | Electronic equipment for bus interface inspection | |
| Belli et al. | A graph-model-based testing method compared with the classification tree method for test case generation | |
| Baby et al. | Implementation of BIST Structure using VERILOG for VLSI Circuits |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21728783 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 21728783 Country of ref document: EP Kind code of ref document: A1 |