Fault tolerance is an important feature for the system LSIs used in reliability-critical systems. Although redundancy techniques are generally used to provide fault tolerance, these techniques have significantly hardware costs. However, FPGAs can easily provide high reliability due to their reconfiguration ability. Even if faults occur, the implemented circuit can perform correctly by reconfiguring to a fault-free region of the FPGA. In this paper, we examine an FPGA-IP core loaded in SoC and introduce a fault-tolerant technology based on fault detection and recovery as a CAD-level approach. To detect fault position, we add a route to the manufacturing test method proposed in earlier research and identify fault areas. Furthermore, we perform fault recovery at the logic tile and multiplexer levels using reconfiguration. The evaluation results for the FPGA-IP core loaded in the system LSI demonstrate that it was able to completely identify and avoid fault areas relative to the faults in the routing area.

RC4 is a well-known stream cipher designed by Rivest. Due to considerable cryptanalysis efforts over past 20 years, several kinds of statistic biases in a key stream of RC4 have been observed so far. Finally, practical full plaintext recovery attacks on RC4 in SSL/TLS were independently proposed by AlFardan et al. and Isobe et al. in 2013. Responded to these attacks, usage of RC4 has drastically decreased in SSL/TLS. However, according to the research by Trustworthy Internet Movement, RC4 is still used by some websites for the encryption on SSL/TLS. In this paper, we shows a new plaintext recovery attack for RC4 under the assumption of HTTPS. We develop a method for exploiting single-byte and double-byte biases together to efficiently guess the target bytes, while previous attacks use either single-byte biases or double-byte biases. As a result, target plaintext bytes can be extracted with higher probability than previous best attacks given 229 ciphertexts encrypted by randomly-chosen keys. In the most efficient case, the success probability of our attack are more than twice compared to previous best attacks.

An all-digital fully-synthesizable PVT-tolerant clock data recovery (CDR) architecture for wireline chip-to-chip interconnects is presented. The proposed architecture enables the co-synthesis of the CDR with the digital core. By eliminating the resource hungry manual layout and interfacing steps, which are necessary for conventional CDR topologies, the design process and the time-to-market can be drastically improved. Besides, the proposed CDR architecture enables the re-usability of majority of the sub-systems which enables easy migration to different process nodes. The proposed CDR is also equipped with a self-calibration scheme for ensuring tolerence over PVT. The proposed fully-syntehsizable CDR was implemented in 28nm FDSOI. The system achieves a maximum data rate of 10.06Gbps while consuming a power of 16.1mW from a 1V power supply.

Timing fault detection techniques address the problems caused by increased variations on a chip, especially with dynamic voltage and frequency scaling (DVFS). The Razor flip-flop (FF) is a timing fault detection technique that employs double sampling by the main and shadow FFs. In order for the Razor FF to correctly detect a timing fault, not the main FF but the shadow FF must sample the correct value. The application of Razor FFs to static logic relaxes the timing constraints; however, the naive application of Razor FFs to dynamic precharged logic such as SRAM read circuits is not effective. This is because the SRAM precharge cannot start before the shadow FF samples the value; otherwise, the transition of the bitline of the SRAM stops and the value sampled by the shadow FF will be incorrect. Therefore, the detect period cannot overlap the precharge period. This paper proposes a novel application of Razor FFs to SRAM read circuits. Our proposal employs a conditional precharge according to the value of a bitline sampled by the main FF. This enables the detect period to overlap the precharge period, thereby relaxing the timing constraints. The additional circuit required by this method is simple and only needed around the sense amplifier, and there is no need for a clock delayed from the system clock. Consequently, the area overhead of the proposed circuit is negligible. This paper presents SPICE simulations of the proposed circuit. Our proposal reduces the minimum cycle time by 51.5% at a supply voltage of 1.1 V and the minimum voltage by 31.8% at cycle time of 412.5 ps.

All the existing sender-based message logging (SBML) protocols share a well-known limitation that they cannot tolerate concurrent failures. In this paper, we analyze the cause for this limitation in a unicast network environment, and present an enhanced SBML protocol to overcome this shortcoming while preserving the strengths of SBML. When the processes on different nodes execute a distributed application together in a broadcast network, this new protocol replicates the log information of each message to volatile storages of other processes within the same broadcast network. It may reduce the communication overhead for the log replication by taking advantage of the broadcast nature of the network. Simulation results show our protocol performs better than the traditional one modified to tolerate concurrent failures in terms of failure-free execution time regardless of distributed application communication pattern.

This paper presents a modulation scheme for impulse radio that uses the first sidelobe for transmitting a non-return-to-zero baseband signal and the implementation of a dual frequency conversion demodulator. The proposed modulation technique realizes two times higher frequency efficiency than that realized by binary phase-shift keying modulation and does not require an up-converter in the transmitter. The dual frequency conversion demodulator compensates for the spectrum distortion caused by the frequency response of the circuits and channel. The effect of frequency compensation is analytically studied. The fabricated demodulator test chip of 65 nm CMOS achieves clock and data recovery at 5.7 Gbps with a power consumption of 24 mW.

When a massive network disruption occurs, repair of the damaged network takes time, and the recovery process involves multiple stages. We propose a fast and flow-controlled multi-stage network recovery method for determining the pareto-optimal recovery order of failed physical components reflecting the balance requirement between maximizing the total amount of traffic on all logical paths, called total network flow, and providing adequate logical path flows. The pareto-optimal problem is formulated by mixed integer linear programming (MILP). A heuristic algorithm, called the grouped-stage recovery (GSR), is also introduced to solve the problem when the problem formulated by MILP is computationally intractable in a large-scale failure. The effectiveness of the proposed method was numerically evaluated. The results show that the pareto-optimal recovery order can be determined from the balance between total network flow and adequate logical path flows, the allocated minimum bandwidth of the logical path can be drastically improved while maximizing total network flow, and the proposed method with GSR is applicable to large-scale failures because a nearly optimal recovery order with less than 10% difference rate can be determined within practical computation time.

Energy-efficient tracking of continuous objects such as fluids, gases, and wild fires is one of the important challenging issues in wireless sensor networks. Many studies have focused on electing fewer nodes to report the boundary information of continuous objects for energy saving. However, this approach of using few reporting packets is very sensitive to packet loss. Many applications based on continuous objects tracking require timely and precise boundary information due to the danger posed by the objects. When transmission of reporting packets fails, applications are unable to track the boundary reliably and a delay is imposed to recover. The transmission failure can fatally degrade application performance. Thus, it is necessary to consider just-in-time recovery for reliable continuous object tracking. Nevertheless, most schemes did not consider the reliable tracking to handle the situation that packet loss happen. Recently, a scheme called I-COD with retransmission was proposed to recover lost packets but it leads to increasing both the energy consumption and the tracking latency owing to the retransmission. Thus, we propose a reliable tracking scheme that uses fast recovery with the redundant boundary information to track continuous objects in real-time and energy-efficiently. In the proposed scheme, neighbor nodes of boundary nodes gather the boundary information in duplicate and report the redundant boundary information. Then the sink node can recover the lost packets fast by using the redundant boundary information. The proposed scheme provides the reliable tracking with low latency and no retransmissions. In addition, the proposed scheme saves the energy by electing fewer nodes to report the boundary information and performing the recovery without retransmissions. Our simulation results show that the proposed scheme provides the energy-efficient and reliable tracking in real-time for the continuous objects.

Distributed compressive video sensing (DCVS) is an emerging low-complexity video coding framework which integrates the merits of distributed video coding (DVC) and compressive sensing (CS). In this paper, we propose a novel rate-distortion optimized DCVS codec, which takes advantage of a rate-distortion optimization (RDO) model based on the estimated correlation noise (CN) between a non-key frame and its side information (SI) to determine the optimal measurements allocation for the non-key frame. Because the actual CN can be more accurately recovered by our DCVS codec, it leads to more faithful reconstruction of the non-key frames by adding the recovered CN to the SI. The experimental results reveal that our DCVS codec significantly outperforms the legacy DCVS codecs in terms of both objective and subjective performance.

Although SDN provides desirable characteristics such as the manageability, flexibility and extensibility of the networks, it has a considerable disadvantage in its reliability due to its centralized architecture. To protect SDN-enabled networks under large-scale, unexpected link failures, we propose ResilientFlow that deploys distributed modules called Control Channel Maintenance Module (CCMM) for every switch and controllers. The CCMMs makes switches able to maintain their own control channels, which are core and fundamental part of SDN. In this paper, we design, implement, and evaluate the ResilientFlow.

Due to the periodic recovery of virtual machines regardless of whether malicious intrusions exist, proactive recovery-based Intrusion Tolerant Systems (ITSs) are being considered for mission-critical applications. However, the virtual replicas can easily be exposed to attacks during their working period, and additionally, proactive recovery-based ITSs are ineffective in eliminating the vulnerability of exposure time, which is closely related to service availability. To address these problems, we propose a novel hybrid recovery-based ITS in this paper. The proposed method utilizes availability-driven recovery and dynamic cluster resizing. The availability-driven recovery method operates the recovery process by both proactive and reactive ways for the system to gain shorter exposure times and higher success rates. The dynamic cluster resizing method reduces the overhead of the system that occurs from dynamic workload fluctuations. The performance of the proposed ITS with various synthetic and real workloads using CloudSim showed that it guarantees higher availability and reliability of the system, even under malicious intrusions such as DDoS attacks.

Software architecture recovery techniques are often adopted to derive a module view of software from its source code in case software architecture documents are unavailable or outdated. The module view is one of the most important perspectives of software architecture. In this paper, we propose a novel approach to derive a module view by adaptively integrating structural dependency and textual similarity. Our approach utilizes Newman modularity and Shannon information entropy to determine the appropriate weights of the dependencies during the integration. We apply our approach to various open-source projects and show the experimental results validating the effectiveness of the approach.

Detecting small infrared targets is a difficult but important task in highly cluttered coastal surveillance. The paper proposed a method called low-rank and sparse decomposition based frame difference to improve the detection performance of a surveillance system. First, the frame difference is used in adjacent frames to detect the candidate object regions which we are most interested in. Then we further exclude clutters by low-rank and sparse matrix recovery. Finally, the targets are extracted from the recovered target component by a local self-adaptive threshold. The experiment results show that, the method could effectively enhance the system's signal-to-clutter ratio gain and background suppression factor, and precisely extract target in highly cluttered coastal scene.

Past disasters, e.g., mega-quakes, tsunamis, have taught us that it is difficult to fully repair heavily damaged network systems in a short time. The only method for quickly restoring core communications is to start by fully utilizing the surviving network resources from different networks. However, as these networks might be built using different vendors' products (which are often incompatible with each other), the interconnection and utilization of these surviving resources are not straightforward. In this paper, we consider an all-optical multi-vendor interconnection method as an efficient reactive approach during disaster recovery. First, we introduce a disaster recovery scenario in which we use the multi-vendor interconnection approach. Second, we present two sub-problems and propose solutions: (1) network planning problem for multi-vendor interconnection-based emergency optical network construction and (2) interconnection problem for multi-vendor optical networks including both the data-plane and the control-and-management-plane. To enable the operation of multi-vendor systems, command translation middleware is developed for individual vendor-specific network control-and-management systems. Simulations are conducted to evaluate our proposal for sub-problem (1). The results reveal that multi-vendor interconnection can lead to minimum-cost network recovery. Additionally, an emergency optical network prototype is implemented on a two-vendor optical network test-bed to address sub-problem (2). Demonstrations of both the data-plane and the control-and-management-plane validate the feasibility of the multi-vendor interconnection approach in disaster recovery.

Cold boot attack is a side channel attack that recovers data from memory, which persists for a short period after power is lost. In the course of this attack, the memory gradually degrades over time and only a corrupted version of the data may be available to the attacker. Recently, great efforts have been made to reconstruct the original data from a corrupted version of AES key schedules, based on the assumption that all bits in the charged states tend to decay to the ground states while no bit in the ground state ever inverts. However, in practice, there is a small number of bits flipping in the opposite direction, called reverse flipping errors. In this paper, motivated by the latest work that formulates the relations of AES key bits as a Boolean Satisfiability problem, we move one step further by taking the reverse flipping errors into consideration and employing off-the-shelf SAT and MaxSAT solvers to accomplish the recovery of AES-128 key schedules from decayed memory images. Experimental results show that, in the presence of reverse flipping errors, the MaxSAT approach enables reliable recovery of key schedules with significantly less time, compared with the SAT approach that relies on brute force search to find out the target errors. Moreover, in order to further enhance the efficiency of key recovery, we simplify the original problem by removing variables and formulas that have relatively weak relations to the whole key schedule. Experimental results demonstrate that the improved MaxSAT approach reduces the scale of the problem and recover AES key schedules more efficiently when the decay factor is relatively large.

HMAC is the most widely used hash based MAC scheme. Recently, several generic attacks have been presented against HMAC with a complexity between 2n/2 and 2n, where n is the output size of an underlying hash function. In this paper, we investigate the security of strengthened HMAC instantiated with a Merkle-Damgård hash function in which the key is used to process underlying compression functions. With such a modification, the attacker is unable to precompute the property of the compression function offline, and thus previous generic attacks are prevented. In this paper, we show that keying the compression function in all blocks is necessary to prevent a generic internal state recovery attack with a complexity less than 2n. In other words, only with a single keyless compression function, the internal state is recovered faster than 2n. To validate the claim, we present a generic attack against the strengthened HMAC instantiated with a Merkle-Damgård hash function in which only one block is keyless, thus pre-computable offline. Our attack uses the previous generic attack by Naito et al. as a base. We improve it so that the attack can be applied only with a single keyless compression function while the attack complexity remains unchanged from the previous work.

We present a new cryptanalysis approach to analyze the security of a class of authenticated encryption schemes, which shares similarity with the previous length extension attack against hash-function-based MACs. Hence we name our approach by message extension attack. For an authenticated encryption from the target class, it consists of three phases; initialization with nonce and key as input, state update function with associated data and message as input and tag generation with updated state as input. We will show how to mount a forgery attack in the nonce-repeating model under the chosen-plaintext scenario, when both state update function and tag generation is built based on the same function. To demonstrate the effectiveness of our message extension attack approach, we apply it to a dedicated authenticated encryption called PANDA, which is a candidate of the ongoing CAESAR cryptographic competition. We successfully found an existential forgery attack on PANDA with 25 chosen plaintexts, 264 computations, and a negligible memory, and it breaks the claimed 128-bit security for the nonce-repeating model. We note that this is the first result that breaks the security claim of PANDA, which makes it withdrawn from the CAESAR competition by its designer.

Peer-to-peer (P2P)-Grid systems are being investigated as a platform for converging the Grid and P2P network in the construction of large-scale distributed applications. The highly dynamic nature of P2P-Grid systems greatly affects the execution of the distributed program. Uncertainty caused by arbitrary node failure and departure significantly affects the availability of computing resources and system performance. Checkpoint-and-restart is the most common scheme for fault tolerance because it periodically saves the execution progress onto stable storage. In this paper, we suggest a checkpoint-and-restart mechanism as a fault-tolerant method for applications on P2P-Grid systems. Failure detection mechanism is a necessary prerequisite to fault tolerance and fault recovery in general. Given the highly dynamic nature of nodes within P2P-Grid systems, any failure should be detected to ensure effective task execution. Therefore, failure detection mechanism as an integral part of P2P-Grid systems was studied. We discussed how the design of various failure detection algorithms affects their performance in average failure detection time of nodes. Numerical analysis results and implementation evaluation are also provided to show different average failure detection times in real systems for various failure detection algorithms. The comparison shows the shortest average failure detection time by 8.8s on basis of the WP failure detector. Our lowest mean time to recovery (MTTR) is also proven to have a distinct advantage with a time consumption reduction of about 5.5s over its counterparts.

Risk-aware Data Replication (RDR), which replicates data at primary sites to nearby safe backup sites, has been proposed to mitigate service disruption in a disaster area even after a widespread disaster that damages a network and a primary site. RDR assigns a safe backup site to a primary site while considering damage risk for both the primary site and the backup candidate site. To minimize the damage risk of all site-pairs the Integer Programing Problem (IPP), which is a mathematical optimization problem, is applied. A challenge for RDR is to choose safe backup sites within a short computation time even for a huge number of sites. As described in this paper, we propose a Discreet method for RDR to surmount this hurdle. The Discreet method first judges the backup sites of a potentially unsafe primary site and avoids assigning a very safe primary site with a very safe backup site. We evaluated the computation time for site-paring and the data availability in the cases of Earthquake and Tsunami using basic disaster simulations. We confirmed that the computation rate of the proposed method is more than 1000 times faster than the existing method when the number of sites is greater than 1000. We also confirmed the data availability of the proposed method; it provides almost equal rates to existing methods of strict optimization. These results mean that the proposed method makes RDR more practical for massively multiple sites.

This paper presents wireless systems for use in disaster recovery operations. The Great East Japan Earthquake of March 11, 2011 reinforced the importance of communications in, to, and between disaster areas as lifelines. It also revealed that conventional wireless systems used for disaster recovery need to be renovated to cope with technological changes and to provide their services with easier operations. To address this need we have developed new systems, which include a relay wireless system, subscriber wireless systems, business radio systems, and satellite communication systems. They will be chosen and used depending on the situations in disaster areas as well as on the required services.