Day16 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day16 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 3 minutes

author: aman

Blog V - Part I - Day 16

Hey People, I have been a little busy for last few days. Plus it took me some time to find the correct stuff that should fir right in the series.

So now, after so many micro-blogs, it is possible that you must be wondering on How an attacker can even do this? For that I'll be giving you people an idea about what things are openly available to people, potentially an attacker, to be able to exploit the weaknesses of the blockchain governing codes.

We'll take up Smart Contracts in world's larget Decentralised Application(dAPP) platform. Ethereum works with the currency called ETHER(ETH).

I will give you a quick look into what all information is publicly available, and an idea about what all can be extracted from the information available.

Lets dive deep in...

In this micro-blog

  • Ethereum Virtual Machine (EVM)
  • The two Properties of EVM
  • How the Smart Contracts are actually stored?
Ethereum Virtual Machine (EVM)

Ethereum, is actually a large collection of machines spread across the world in decentralised fashion. And a Ledger containing the details of all the transactions is distributed across all the machines(called nodes).

Ethereum Virtual Machine or EVM, is a system used to refer to this computer.

The two properties of this EVM

1) EVM is Quasi-Turing

A turing complete machine is the one, which is able to solve any problem provided to it, despite the fact how long does it take.

EVM is quasi-Turing because, it is limited by a factor, COST. Any computation you make to it, it is limited by the gas price required to solve this problem.

2) EVM is Stack Based Machine

EVMs Data Structure is Stack Based.

for e.g. 2 + 2 can be given as 2 2 +

How the Smart Contracts are actually stored?

If still you think the contract(i.e. the governing document on the Ethereum Blockchain), is stored in the textual format, as the following one, then you are absolutely wrong.

To work on EVM, the Smart Contracts are to be converted into a specific format called, the bytecodes.

After compiling the Smart Contract into the bytecode using Solidity compiler(solc), it is exported to the EVM.

  • Contract Bytecode: is the bytecode of the complete smart contract. That is actually, what ends up staying on the EVM.

It is comprised of functions(), already initialised variables, and all that is predefined. Plus, Something that can be changed during running.

  • Runtime Bytecode: it is the same bytecode that can be changes during running.

It can be said that Contract Bytecode = (some bytecode) + (Runtime Bytecode)*

-> Now, when compiled the above smart contract will look like,

if we compile it using solc --bin simpleContract.sol, we get the Contract Bytecode

======= simpleContract.sol:SimpleStorage =======

Binary:

608060405234801561001057600080fd5b5060016000819055506 0c6806100276000396000f3fe6080604052348015600f57600080 fd5b506004361060325760003560e01c806360fe47b1146037578 0636d4ce63c146062575b600080fd5b6060600480360360208110 15604b57600080fd5b81019080803590602001909291905050506 07e565b005b60686088565b604051808281526020019150506040 5180910390f35b8060008190555050565b6000805490509056fea 265627a7a723158200e135b4c7bcf7bde9dca1f257d97637d8137 b315e29248b5654ac7830dab9e8264736f6c63430005100032

and, if we compile it using solc --bin-runtime simpleContract.sol, we get the Runtime Bytecode

======= simpleContract.sol:SimpleStorage =======

Binary of the runtime part:

6080604052348015600f57600080fd5b506004361060325760 003560e01c806360fe47b11460375780636d4ce63c146062575b6 00080fd5b606060048036036020811015604b57600080fd5b8101 908080359060200190929190505050607e565b005b60686088565 b6040518082815260200191505060405180910390f35b80600081 90555050565b6000805490509056fea265627a7a723158200e135 b4c7bcf7bde9dca1f257d97637d8137b315e29248b5654ac7830d ab9e8264736f6c63430005100032

If you look very closely, you get to find that, the "Contract Bytecode" contains the "Runtime Bytecode"

608060405234801561001057600080fd5b5060016000819055506 0c6806100276000396000f3fe6080604052348015600f57600 080fd5b506004361060325760003560e01c806360fe47b1146037 5780636d4ce63c146062575b600080fd5b6060600480360360208 11015604b57600080fd5b81019080803590602001909291905050 50607e565b005b60686088565b604051808281526020019150506 0405180910390f35b8060008190555050565b6000805490509056 fea265627a7a723158200e135b4c7bcf7bde9dca1f257d97637d8 137b315e29248b5654ac7830dab9e8264736f6c63430005100032

Metaphorically, the smart contract remain in a way of Fill in the Blanks! The arguments inside the function(), are the blanks, which gets filled, and the state of the Blockchain is changes, or the query result is returned.

Please Note! This thing is publicly available.



-> Will directly, continue in next microblog....

FIRE: The Perception

by Hardik Khandelwal in UncategorizedLeave a Comment on FIRE: The Perception

Reading Time: 7 minutes“Fire breaks out in a building,” “Australia’s biggest forest fire ever rages.” We often hear about such devastative fire incidents in the media. We know that fire is dangerous and can cause severe damage and destruction and, at times, death. Since our earliest days, humans have sought to find out what fire is, how it starts, and what keeps it going.

Sometimes we might think that fire is a living thing! It moves, ‘eats’ things, and seems to breathe. The ancient Greeks thought it was one of four major elements, along with water, earth, and air. They could feel, see, and smell fire just like they could the earth, water, and air, but fire is something completely different.

Let us go on a journey to unveil the world of fire!

What is Fire? Which state is it? A solid or a liquid or a gas or plasma?

No, it is neither of them. Fire is just a perception of matter that is experienced by the eyes. Typically, fire results from a chemical reaction between oxygen in the atmosphere and a variety of fuels. When the volatile gases are hot enough, the compound molecules break apart, and the atoms recombine with the oxygen to form water, carbon dioxide, and other products. In other words, they burn, which results in a fire. The rising carbon atom is the reason for the production of light during the fire. Ignition temperature needs to be achieved for the combustion reaction to occur. During this reaction, the weak double bond of molecular oxygen gets converted into the stronger bonds of carbon dioxide and water, therefore, releasing energy, and this is the reason why fire is hot. The chemical reactions in a fire are self-perpetuating. The heat required by fuel is given by the heat of the flame itself, so as long as there is fuel and oxygen around it, the fire will continue.

FIRE TRIANGLE

FIRE: The Perception

The fire triangle is a triangle consisting of three components that help in the production of fire that are heat, oxygen, and fuel. Removal of any one of them will extinguish the fire. The alternative of the fire triangle is fire tetrahedron, which includes chemical reactions too, with all the other three components.

TYPES OF FIRE

  1. CLASS A- Fires involving ordinary combustibles such as wood, rubber, paper, cloth, and many plastics.
  2. CLASS B- Fires involving flammable gases such as gasoline, petroleum greases, tars, oils, oil-based paints, alcohols, solvents. It also includes combustible gases such as propane and butane.
  3. CLASS C- Fires involving energized electrical equipment such as computers, motors, transformers, and other appliances.
  4. CLASS D- Fires in combustible metals such as magnesium, titanium, zirconium, sodium, lithium, and potassium.
  5. CLASS K-Fires in cooking oils and greases such as animal and vegetable fats.

HOW FIRE SPREAD?

Once a fire has started, it grows through the transfer of heat energy from the flames. Heat energy transfers in three different ways-

  1. CONDUCTION- The heat from the fire spreads from molecule to molecule along the length of conducting materials. Materials that are good conductors absorb the heat from the fire and transfer it throughout the molecules of the substance.
  2. CONVECTION- It occurs in gases and liquids. It is the flow of fluid or gas from hot areas to colder areas. The heat of the fire raises the temperature of the air around it, which rises and spreads, which may burn the combustible materials.
  3. RADIATION- Heat of the Fire travels in the form of electromagnetic rays in air. Combustible materials can absorb the heat from the rays.

FIRE: The Perception

FIRE IN ZERO-GRAVITY

FIRE: The Perception

On earth, gravity determines how the flame burns. The product of combustion has more energy than the combustible substance and so moves around faster and takes up more space than the cooler air around them. Therefore, there is a buoyant force on them, which is higher than their weight. The hot gases in the flame are much warmer and less dense than the surrounding air, so they move upwards towards low pressure. This is why fire typically spreads upwards. However, in a zero-gravity region, there is no such thing as lighter or heavier air; thus, the fire heats the air, which just sits around the flame, causing it to burn slowly. This means the flame burns equally in all directions forming a globe instead of the flickering flame. Flames in the air can burn more slowly more coolly and with less oxygen because of which fire in space given the right conditions can expand in any direction as quickly as it can provide us to the nearby oxygen. The heat does not cause any rushing air or shockwaves. The cool thing found is that in space, combustion can happen with no visible flames. This phenomenon is demonstrated by the experiments conducted by NASA in the International Space Station, the Flame Extinguishment Experiment(FLEX). A more efficient combustion system that will not produce as much exhaust on earth can be made if these flames can be used as they burn cleaner.

FIRE: The Perception

FIRE SPREAD IN DIFFERENT SCENARIOS

  1. Fire in radioactive materials– Chernobyl incident was a nuclear accident in which radioactive material was present in the fire situation. Fire involving radioactive materials can result in widespread contamination. Radioactive particles can be carried easily by smoke plumes. Radiation includes alpha particles, which are extremely hazardous to people coming in contact with the fire because they can be inhaled and deposited in body tissues, where they can cause severe long term health effects.

FIRE: The Perception

  1. Fire in wood– Wood is a combustible material. Under the influence of heat, wood produces substances that react eagerly with oxygen, leading to the high propensity of timber to ignite and burn. Ignition and combustion of wood are mainly based on pyrolysis of cellulose and reactions of pyrolysis products with each other and with gases in the air, oxygen. When the temperature increases, cellulose starts to pyrolyze. The decomposition products either remain inside the material or are released as gases. Gaseous substances react with each other and oxygen, releasing a large amount of heat that further induces pyrolysis and combustion reactions.

Wood(C10H15O7)+heat —> Charred wood(C50H10O) + 10 CH2O(gas)

Forest fires include fire in a wood. Amazon forest fires and Bushfires in Australia are the major incidents, including the burning of wood. Fires in forests spread quickly due to the presence of combustible materials, which results in the realization of the fire triangle.

FIRE: The Perception 

  1. Fire in oil- Oils are flammable materials which are less denser than water, so floats on it. Disaster due to fire in oils includes oil well fires. Oil well fires are oil or gas wells that have caught on fire and burn. Oil well fires can be a result of human actions, resulting in accidents, which can be a result of arson or due to natural events, such as lightning. These fires are more difficult to extinguish than regular fires due to enormous fuel supply to the fire. The significant incidents include Kuwait Oil Fires and Deepwater Horizon Explosion.

FIRE: The Perception

Conclusion

Fire is a perception of our eyes to the exothermic combustion reaction. This is part of the Mini Analysis Project “Study and analysis of the phenomenon of Fire and it’s practical Implications through Case Studies”

This was an introductory blog describing the true nature of fire!

So ending this with a sneak peek of case studies we are going to elucidate in further blogs:

  1. Chernobyl Nuclear Disaster
  2. Australian BushFires
  3. Amazon Rain Forests

Intriguing blogs about the same coming soon…

Stay tuned until then.

REFERENCES

  1. “Glossary of Wildland Fire Terminology” (PDF). National Wildfire Coordinating Group. November 2009. Retrieved 2008-12-18.
  2. ^ Schmidt-Rohr, K (2015). “Why Combustions Are Always Exothermic, Yielding About 418 kJ per Mole of O2“. Chem. Educ. 92
  3. “Iraq Fires erupt in large Iraqi oil field in south Compiled from Times wires © St. Petersburg Times published March 21, 2003”. Archived from the original on July 15, 2014.
  4. ^ “Hellfighters”. Archived from the original on 2014-07-14.
  5. https://science.howstuffworks.com/environmental/earth/geophysics/fire.htm
  6. https://science.howstuffworks.com/environmental/earth/geophysics/fire1.htm
  7. https://www.space.com/13766-international-space-station-flex-fire-research.html

Author: Hardik Khandelwal

TEAM CEV!!

Day15 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day15 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 2 minutes

author: aman

Blog IV - Part II - Day 15

Let us get some dirty hands on with some more Solidity code and exploit a few more Ethereum - Solidity bugs.

Here we'll discuss about the famous DAO attack, caused by the reentrancy bug.

Let us do it...

In this micro-blog

  • delegatecall (the proxy calls) (SWC-112) (Inclusion of Functionality from Untrusted Control Sphere)
  • DoS With Block Gas Limit (SWC - 128)
  • Integer Overflow (SWC - 101)
  • Reentrancy Bug(DAO attack) (Improper Enforcement of Behavioral Workflow) (SWC-107)
  • uncheckedSend() (SWC - 113)
  • tx.origin bug
  • Variable Shadowing (SWC-119)
3. Reentrancy Bug(DAO attack) (Improper Enforcement of Behavioral Workflow) (SWC-107)

You can find the related files in this gist.

There are two files. One is simpleDAO.sol which is a simple DAO(Decentralised Autonomous Organisation) contract, which is generally available publicily. Other one is reentrancy.sol which is particularly written by the attacker to exploit this bug.

It is termed as Improper Enforcement of Behavioral Workflow, as the attacker is able to make improper use of the conctract function, and play with the workflow of the contract.

Now, look at the 2 very crucial parts of both the contracts, one from each.

-> Attacking contract

function() public payable{
    DAO.withdraw(DAO.retbalance());
}

The variable DAO is the instantiation of the already deployed contract.

-> DAO Contract

function withdraw(uint amount) public{
    if (credit[msg.sender]>= amount) {
        (msg.sender.call.value(amount)());
        credit[msg.sender]-=amount;
    }
}

Now, just go with the flow.

You being the owner of the "attacking contract", will trigger some function to withdraw your money from the DAO Contract, the flow goes as follows:

call is sent to function withdraw() [DAO]

|

the function checks whether you have that amount, which comes to be true

|

amount is transferred to your contract using sender function

|

to accept the payment, "payable" function of your contract automatically gets called

|

The flow moves again to the "withdraw()" Notice!!! the amount is deducted after sending the amount your contract

"Notice the credit[msg.sender]-=amount; line."

|

The flow repeats.

VULNERABILITY SPOTTED<<<<<

This thing, drained off all the money from the DAO contract to the attacker contract.

"One of the major dangers of calling external contracts is that they can take over the control flow. In the reentrancy attack (a.k.a. recursive call attack), a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways."

*Can you Imagine what the Solution was?

Well, I'll tell that in the next blog. laughing

You are surely gonna kill me for this.

Be honest!!! dont search it up

*will be dropping an "answer" box in the cev insta page @cevsvnit

Thank you.

Adding gist frames here

Reentrancy Bug(DAO attack) (Improper Enforcement of Behavioral Workflow) (SWC-107)

Day14 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day14 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 3 minutes

author: aman

Blog IV - Part I - Day 14

Let us get some dirty hands on Solidity, to exploit some very dangerous Ethereum - Solidity bugs.

2 Bugs/vulenrabilities in this very micro-blog. Covering bugs like, Denial of Service with Block Gas Limit, where the attacker exploits the bug by taking benefit from limited GAS available for each transaction, and unchecked_send() bug, which when made by mistake, could be a disaster to the host contract holder, and users.

Let us do it...

In this micro-blog

  • delegatecall (the proxy calls) (SWC-112) (Inclusion of Functionality from Untrusted Control Sphere)
  • DoS With Block Gas Limit (SWC - 128)
  • Integer Overflow (SWC - 101)
  • Reentrancy Bug(DAO attack) (Improper Enforcement of Behavioral Workflow) (SWC-107)
  • uncheckedSend() (SWC - 113)
  • tx.origin bug
  • Variable Shadowing (SWC-119)
1. dos_gas.sol() [check out the exploitation of the bug at this gist])(https://gist.github.com/johnsoncarl/480aee528f35b8579c7dcf87c61c59d2)

DOS with Block Gas limit is A denial of service attack, where a host contract denies to perform its duties due to limited amount of gas provided for each transaction (about 3 million).

    for(uint i=0;i<500;i++) {
        listAddresses.push(msg.sender);
    }

Here to make the contract to always true change the upper bound of i to some lesser value, say i<100. Increase the value to fail it at a certain point.

uncheckedSend() [check out the exploitation of the bug at this gist])()

Whenever a contract, say sender, transfers the ether to another contract,say receiver, the payable function of the receiver is triggered, and this can be misused. For eg. payable function of the receiver contains some computationally heavy instructions, it can cause transfer() to fail and send() function to return false. Thus if the send() is not checked, it may cause a bug called uncheckedSend.

Also, since send() doesn't propogate the exception, its harmful of the users to use it.

contract attacker{
    bool public flag=false;
    
    function change() public{
		if(!flag) 	flag=true;	
		else    	flag=false;
	}

	function() external payable {if(flag)	revert();}
}

contract Test{
	attacker a = new attacker();
	bool private flag0 = true;
	bool private status;
    
	function set0(int val) public returns (bool){
    		if (val % 10 == 0) {a.change();}
    		else flag0=false;
  	}

    function echidna_send() public payable returns(bool){
			address(this).transfer(msg.value);
            return address(a).send(0);
		}

	function() external payable{}
}

Here, echidna_send() will be the main function whose bool value will be checked by the tool.

  • payable functions : payable functions are necessary for the contract to accept the ether. Whenever a contract, say sender, transfers the ether to another contract,say receiver, the payable function of the receiver is triggered.

  • echidna_send() : contains address(this).transfer(msg.value); which is responsible for transferring ether to the Test contract. Which will then be transferred to the the instance of the contract attacker, a. Note: we are transferring 0 ethers to the contract address and then to the instance a. As address.send() doesn't revert state whenever the payment fails. So we try to return its bool value, which is then catched by echidna_send(), and thus by the tool. This is the value that the tool mainly checks for, and thus will be able to tell whether the contract payment through send was completed or not.

  • set0(int val) : random value is provided to set0(int val) as argument. Which then waits for the no. satisfy the condition if (val % 10 == 0). As soon as this value is catched, it triggeres change() function of the contract.

  • change() : This is responsible for flipping the flag value. So as soon as this function is triggered, flag=false changes to true, and now revert state in the payable will be activated. Now, the contract attacker, will be reverting each transaction made to it.

So this is how it works: [a is the instance if contract attacker] We first start running the contract with a.flag == false, and wait for a value in set(int val), to flip the flag of contract a to true, and thus activating the revert in payable. This will fail everytime the payment is made. And since, the send() doesn't revery any exception, it shall revert true of false. Which is catched by echidna_send(), and will be returned to the tool, to state that the payment could not be completed.

View this thread for more about address.send and address.transfer

I took it exactly from the exploitation repo I made earlier. Please email directly, in case of any doubts:

aman0902pandey(@)gmail.com

Adding gist frames here

DoS With Block Gas Limit (SWC - 128)

uncheckedSend() (SWC - 113)

Thanks!!!

FPGA – An Overview (1/n)

by SAT PATELin UncategorizedLeave a Comment on FPGA – An Overview (1/n)
Reading Time: 7 minutes

Introduction

Field Programmable Gate Arrays, popularly known as FPGAs, are taking over the market by storm. They are widely used nowadays, due to their simplicity in reusability and reconfiguration. Simply put, FPGAs allow you flexibility in your designs and is a way to change how parts of a system work without introducing a large amount of cost and risk of delays into the design schedule. FPGAs were first conceptualized and fabricated by Xilinx in the late 80s, and since then, other big companies such as Altera(now Intel), Qualcomm, Broadcom have followed suit. From industrial control systems to advance military warheads, from self-driving cars to wireless transceivers, FPGAs are everywhere around us. With knowledge of Digital Designing and Hardware Descriptive Languages (HDL), such as Verilog HDL or VHDL, we can configure our own FPGAs. Though first thought of as the domain of only Electronics Engineers, FPGAs can now be programmed by almost anyone, thanks to the substantial leaps in OpenCL (Open Computer Language).

I have tried to lay down the concept in terms of 5 questions, to cover the majority of the spectrum.

What is an FPGAs exactly?

An FPGA is a semiconductor device on which any function can be defined after manufacturing. An FPGA enables you to program new product features and functions, adapt to new standards and reconfigure hardware for specific applications ever after the product has been installed in the field – hence the term field programmable. Gate arrays are 2-dimensional logic gates that can be used in any way we wish. An FPGA consists of 2 parts, one customizable (containing programmable logic) and another non-customizable. Simply put, it is an array of logic gates and wires which can be modified in any way, according to the designer.

Customizable Part

As rightfully said by Andrew Moore, you can build almost anything digital with three basic components – wires (for data transfer), logic gates (for data manipulation) and registers (for storage reasons). The customizable part consists of Logic Elements (LEs) and a hierarchy of reconfigurable interconnects that allow the LEs to be physically connected. LEs are nothing but a collection of simple logic gates. From simply ANDing/ORing 2 pulses to sending the latest SpaceX project into space, logic gates, if programmed correctly and smartly, can do anything. 

Non-customizable Part

The non-customizable part contains hard IPs (intellectual property) which provides rich functionality while reducing power and lowering cost. Hard IP generally consists of memory blocks (like DRAMs), calculating circuits, transceivers, protocol controllers, and even whole multicore microprocessors. These hard IPs free the designer from reinventing these essential functions every time he wants to make something, as these things are commodities in most electronic systems.

As a designer, you can simply choose whichever essential functionality you want in your design, and can implement any new functionality from the programmable logic area.

Why are FPGAs gaining popularity?

FPGA - An Overview (1/n)

Electronics are entering every field. Consider the example of a car. Nowadays, every function of a car is controlled by electronics. Drivetrain technologies like engine, transmission, brakes, steering, and tires use electronics to control and monitor essential conditions like amount of fuel required, optimal air pressure according to usage and surroundings, lucid transmission and even better brakes are achieved due to this. Infotainment in cars is also gaining popularity, such as real-time traffic displays, digital controls, and comfort and cruise control settings according to driver’s conditions. Even modern-day driving assistance like lights, back-ups, lane-exits guiding and collision avoidance techniques. We are also using sensors like cameras, LASERs, and RADARs for an optimal driving and parking conditions.

A lot to digest, isn’t it?

All these technologies are implemented on an SoC (System on Chip). But suppose there comes out a better way for gear transmission, or a better algorithm for predictive parking or the government changes its guidelines about the speed limit for cruise control situations or fuel usage. We can’t change the entire SoC just for some versions. Moreover, these “updates” come often, and we can’t always build new, custom made SoC every time, as the time required to build a new one would increase, whilst also increasing the design and cost load, and on the top of it all, replacing the entire system. 

Our humble FPGA comes to the rescue here. SoC FPGAs which can implement changes in specific parts without affecting the other parts, reducing design and time load, and most important of all, reusability of the same hardware by reconfiguring the requisite changes.

FPGAs are gaining popularity because

1. They are reconfigurable in real-time

2. Costs less in long runs as compared to ASICs (Application Specific Integrated Circuits). Though ASICs are faster than FPGAs and consume less power, they are not reconfigurable, meaning once made, we can’t add/remove or update any functionalities.

3. They reduce the design work and design time considerably due to inbuilt hard IPs

4. You can build exactly whatever you need using an FPGA.

When was the 1st FPGA fabricated?

FPGA was a product of advances in PROMs (Programmable Read-Only Memory) and PLDs (Programmable Logic Devices). Both had the option of being programmed in batches or in the field (thereby, field-programmable). However programmable logic was hardwired between logic gates.

Altera (now Intel) delivered the industry’s first reprogrammable device – the EP300, which allowed the user to shine an ultra-violet lamp on the die to erase the EPROM cells that held the device configuration.

Ross Freeman and Bernard Vonderschmidt (Xilinx co-founders) invented the 1st commercially viable FPGA in 1985 – the legendary XC2064. The XC2064 had programmable gates and programmable interconnects between gates, which marked the beginning of new technology and market. 

FPGA - An Overview (1/n)

The 90s showed the rapid growth for FPGAs, both in terms of circuit sophistication and volume of production. They were mainly used in Telecommunications and Networking industry, due to their reconfigurability, as these industries demanded changes often and sometimes, in real-time.

By the dawn of the new millennium, FPGAs found their way into consumer, automobile and industrial applications.

In 2012, the first complete SoC (System on Chip) chip was built from combining the logic blocks and interconnects of traditional FPGA with an embedded microprocessor and related peripherals. A great example of this would be Xilinx Zynq 7000 which contained 1.0 GHz Dual Core ARM Cortex A9 microprocessor embedded with FPGA’s logic fabric.

FPGA - An Overview (1/n)

Since then, the industry has never looked back, seeing unforeseen growth and applications in recent years.

Where are FPGAs used?

FPGAs are used everywhere where there is a need for frequent reconfiguration or where there is a need for the addition of new functions, without affecting other functionalities. The car functionalities discussed earlier is a great example in terms of consumer usage.

They are widely used in industries too. Let’s take an example of SoC FPGA for a motor control system, which is used in every industry. It includes a built-in processor that manages the feedback and control signals. The processor reads the data from the feedback system and runs an algorithm to synchronize the movement of the motors as well as control their rotation speeds. By using an SoC FPGA, you can build your own IP that can be easily customized to work on other motor controls. There are several advantages to using an SoC FPGA for motor control instead of a traditional microcontroller viz.  Better system integrations (remember the customizable areas in FPGAs?), scalable performances (rapid and real-time reconfigurability) and comparatively better functional safety (computing real-time data and taking industrial regulations in mind).

Any computable problem can be solved using an FPGA. Their advantage lies in that they are significantly faster for some applications because of their parallel nature and optimality in terms of the number of gates used for certain processes.

Another trend in the use of FPGAs is hardware acceleration, where one can use the FPGA to accelerate certain parts of an algorithm and share part of the computation between the FPGA and a generic processor (Bing using FPGA for its search algorithm accelerations) FPGAs are seeing increased use as AI accelerators for accelerating artificial neural networks for machine learning applications.

How can you configure an FPGA yourself (and why to do it anyway?)?

As we know, to make any chip using logic gates, we need Hardware Descriptive Languages such as Verilog HDL or VHDL. These languages are generally known only by people with Electronics Engineering backgrounds, thereby keeping these magnificent pieces of machinery away from other engineers, thereby increasing the need for a heterogeneous environment for exploiting hardware. OpenCL (developed by Apple Inc.) a pioneer in this field, is a framework for writing programs that execute across heterogeneous platforms consisting of CPUs, GPUs, DSPs, FPGAs, and other types of processors. OpenCL includes a language for developing kernels (functions that execute on hardware devices) as well as application programming interfaces (APIs) that allow the main program to control the kernels. OpenCL allows you to develop your code in the familiar C programming language. Then, using the additional capabilities provided by it, you can separate your code into normal software and kernels that can execute in parallel. These kernels can be sent to the FPGAs without you having to learn the low-level HDL coding practices of FPGA designers.

Sounds too much? Let’s simplify the stuff.

Many of you have had experience with Arduino or similar small microcontroller projects. With these projects, you usually breadboard up a small circuit, connect it to your Arduino, and write some code in the C to perform the task at hand. Typically your breadboard can hold just a few discrete components and small ICs. Then you go through the pain of wiring up the circuit and connecting it to your Arduino with a bird’s nest of jumper wires.

Instead, imagine having a breadboard the size of a basketball court or football field to play with and, best of all, no jumper wires. Imagine you can connect everything virtually. You don’t even need to buy a separate microcontroller board; you can just drop different processors into your design as you choose. Now that’s what I’m talking about!

Welcome to the world of FPGAs!

References:

1. Intel: https://www.intel.in/

2. Wikipedia: https://en.wikipedia.org/wiki/Field-programmable_gate_array

3. Makezine: https://makezine.com/2019/10/11/a-brief-history-of-fpga/

4. Xilinx: https://www.xilinx.com/

Day13 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day13 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 3 minutes

author: aman

Blog III - Part III - Day 13

Understanding Hyperproperties and Blockchain together. And how this could be so big!

Let's get in....

In this micro-blog

  • Let us check this vaguely
  • 2-trace property
  • Hyperproperties
  • Safety and Liveness - Another 2 very Important terms
  • Blockchain & Hyperproperties
  • How this could be so big?
Safety and Liveness - Another 2 very Important terms

As already explained, Property is a set of traces(traces are the set of System states). So, intuitively the Properties are the set of all the traces, where the system can reach.

Now, there are two things to be well noted, there are certain states "where a system should never reach & certain states where a system should eventually reach.

Well these are termed as "Safety" and "Liveness" trace properties. Where: Safety: is the property that prescribes that a system should never reach some bad state , while Livenes: is the property that prescribes that a system shoudl "eventually" reach some "Good State".

Give some time understanding this stuff. These are 2 very important terms when thinking about System proofs.

Every trace property is an intersection of safety & liveness property.

Blockchain & Hyperproperties

A very straight explanation from Hyperpoperties paper[1], says

"If systems are modeled as sets of execution traces [35], then the extension of a system property is a set of sets of traces or, equivalently, a set of trace properties. We name this type of set a hyperproperty."

Thus these safety and liveness property are said as heypersafety & hyperliveness.

Every property of any system anywhere can be defined in terms of these hyperproperties...

Now you must remember there was a CIA triangle, that Hrishabh explained about in Winter School 2019, which stands for : (take an example of something stored inside a locker)

C -> Confidentiality can't see what is inside the locker
I -> Integrity can't tamper what is inside the locker
A -> Availability can't destroy the locker's availability

If you think very crucially, you'll find that only confidentiality and intergrity are the two properties concerned with the secure information flow.

The most invincible idea behind blockchain is the safety of data.

To ensure the flow of data never goes in wrong hands, which is described by the very term secure information flow.

Now considering application of hyperproperties in the Blockchain, let us take 2 traces of blockchain:

π1 & π2.

There are two ways hyperoperties to check here!

  1. Non-interference: if some commands are issued by the high-level users (say the general of the army, that should not reach to the ears of the soldier). These should be removable, without the low-level user noticing any changes.
  2. Observational Determinism: System should always appear deterministic to the trusted users, or in this case high level users.

Suppose, in the blockchain, there are two traces, π1 & π2.

Day13 - "Why?" & "What in?" Security & Blockchain?

This is clipped form Dr. Pramod's teaching. It explains about Observational Determinism, but not with Blockchain

The upper one is π1(set of states as viewed by high level) and lower one is π2(set of states as viewed by low level).

High-Level user is that user, who can make changes to the Blockchain. And Low-level are the ones, who can just look at the states and retrieve data.

Now, whenever some critical input is given by the high level user(like, a general take some decision), it should not be noticed by the low-levels(the soldiers).

So, in OBSERVATIONAL DETERMINISM, the states of blockchain observed by both the low level and high level user should be same. (Notice that obsT between the two traces,showing the observations being made.)

That is all, this has a very crucial implications in the field of Systems, and even larger when applied to Blockchain.

How this could be so big?

This is very big thing. Though introduced back in 2003(observational determinism) & 1982(non interference), these hyperproperties turns out to be very crucial checks in the security.

Just consider a statement:

"If the low level is able to see the change made by the high level, there is the safety issues with Confidentiality adn Intergrity of the data."

Hope you got a very intuitive feel about these stuff.

Hope you had a great read.

See y'all....

Day12 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day12 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 4 minutes

author: aman

Blog III - Part II - Day 12

In this blog, we’ll vaguely discuss the Hyperproperties and Information Flow thing.

As continued, this blog will contain the understandings from the Teachings of Dr Pramod, from SAT SMT Winter School 2018[1]. I will try to portray my understanding from his teachings and is working with him closely on Blockchain, I suppose it earned me a proper understanding.

Let us do this....

In this micro-blog

  • Let us check this vaguely
  • 2-trace property
  • Hyperproperties
  • How this could be so big?
Let us check it vaguely

We'll play a game, known as Distinguishability Game.

We pose a challenge game between attacker and a defender, where the attacker needs to exploit flow of information and the defender has to prevent it.

2 people:

day12_01 day12_02
attacker defender

Situation: There are two systems behind a wall, say system_0 and system_1, and the attacker just have the access to a function foo(x). He doesn't know, whenever he makes a call, to what system does this does the call go to.

The attacker is just like any other user, but who is trying to attack an arrangement behind a wall, popularly known as adversaries.

The defender is the arrangement behind the wall, which diverts the calls to different systems, which have following secret keys: "secret_b" , where b -> {0,1}. i.e. secret_0 or secret_1.

Game Initialisation

  • secret_0 := {0,1,2,3}
  • secret_1 := {4,5,6,7}
  • publicx := {10,11,12,13}
  • whenever a normal user makes a call, "only publicx is called, and thus the values inside it are returned"

Game Execution

  • there are a lot of calls to foo(x) made from across the world, and by the users with different access levels, i.e. admins & normal user
  • so the calls by a normal user are interspersed calls made by the admins

Finalisation

  • if attacker is able to identify which system in system_b the call is sent to, he wins, as this information should not be made available to the "normal user"

---> Now consider the following picture

day12_03

The attacker will try to observe the value of "r", and specially "he will be looking for any unexpected values"

Considering this program, try to make following calls to the system(both normal user and admins included),

• priv_level = sup_user, foo(1), obs = ∅ • priv_level = user, foo(1), obs = 11 • priv_level = sup_user, foo(2), obs= ∅ ........ These calls will go on forever the attacker will

But, now if the program has been like the following, and we bagin with our game:

day12_04

we start with the following calls, (notice the introduction of variable t)

day12_05

  • priv_level = sup_user, foo(1), obs = ∅
  • priv_level = user, foo(4),
    • obs = 2 -> b = 0
    • obs = 6 -> b = 1

Woosh!!! Did you realise here attacker wins the game, by observing the value of r & t.

If the value returned to the attacker is 2 clearly the secret key b, chosen will be b = 0 and if the value returned to the attacker is 6 clearly the secret key b, chosen will be b = 1

The system just leaked the information.

AFAIK, during my study I encountered this incident had already been reported, where the highly confidential data was leaked due a misprinted "=", I may be wrong though. But, This is a very critical exploitation of Information Flow.

In the very next blog, I'll take a use case of blockchain, and try to determine for such observations for it.

Thanks y'all..

and yeah, Amid this Corona virus thing, be safe...

_ Team CEV

E-Mailing professors shouldn’t be that hard

by in UncategorizedLeave a Comment on E-Mailing professors shouldn’t be that hard
Reading Time: 2 minutes

Following are a few excerpts from the regular CEV Group chats. Where we were discussing a few very important points you must take care for before emailing professors.

Since, our college has no such source, where the undergrads can learn this skill, which is required in real life. 

CEV is publicizing it for everyone’s benefit…

Make a good use of it…

I don’t know if it is quite random. But I wanted to share this thing with you people.

Good Structuring of an Email is very important. I believe I have received a few very good responses from the professors abroad, just because of probably good structuring of Emails. Professors generally find it good reading the emails is it is structured well. Plus, it reflects, how good you are in documenting the things about you.

A few suggested tips:

1) Try seeing the cover letter from Professor’s POV, (this works for both the cover letter and the resume.). Generally, professor has less time and a large no. of applications, highlighting only the important points while writing a letter/resume works well.

2) Do at least some research about the professor before emailing them. Generally, professors receive a lot of emails regarding assistantship. They have a very good eye at detecting the template emails. So, working on researching about the professors have the benefits like you can show interest in his work, and importantly, you can design your cover letter according to his interests.

3) Always be straight to the point. Seriously, professors love that. Adding a few informal lines at the bottom of the text separately will work, but the initial part of the most highlighted part should be straight to the point.

4) Don’t be cheesy! strictly

5) It is perfectly ok to write about the things you are currently doing(ongoing) or the things you can complete until the date of the interview scheduled by the professor.

6) Try giving reminders after 3 days or a week. Generally, the professor put the email to the reading waitlist, then they forget to look back to it. Giving a properly scheduled reminder, helps him to identify your genuine interests and obviously, helps him remember about your email.

7) never use email trackers. It’s creepy.

Team CEV will make sure to update this list as frequently as possible.

Day11 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day11 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 2 minutes

author: aman

Blog III - Part I - Day 11

Hope the blogs are going pretty well.

In this very blog, divided into several micro-blogs, I'll be explaining about the Hyperproperties. This particular thing will take you to the most obvious level of understanding the computer systems. And in this particular micro-blog, I'll tell about hyperproperties, directly.

Most of the work will be taken from the teachings of my mentor Dr Pramod Subramanyan[1], IITK. He is Doctorate from UPenn and Post-Doctorate from UC, Berkeley, and one of the smartest individual I have ever met.

I will try to prepare everything from my understanding...

In this micro-blog

  • Let us check this vaguely
  • 2-trace property
  • Hyperproperties
  • How this could be so big?
Hyperproperties

This excerpt is from #Day08 blog, where I have tried to give a few intuitive explanations about Formal Methods and Verifications.

Day11 - "Why?" & "What in?" Security & Blockchain?

This explains about the states.

One more definition I want to speak about is traces, which are just the sequence of states.

e.g. for a system S the Trace(S) can be intuitively understood as,

t1 = S1 -> S2 -> S3....

where, Sn is the state of the system, at a certain point.

"A Trace Property is a set of Infinite states."

"A hyperproperty is a set of sets of infinite traces, or equivalently a set of trace properties."

{{S1, S2, S3, ...}, {S1, S2, S4, ...}, {S1, S4, S6, ...} ....}

The interpretation of a hyperproperty as a security policy is that the hyperproperty is the set of systems allowed by that policy. Each trace property in a hyperproperty is an allowed system, specifying exactly which executions must be possible for that system.

Trace properties are satisfied by traces, whereas hyperproperties are satisfied by sets of traces.

These hyperproperties are largely employed as a tool to measure Secure information flow, and many other security issues.

Actually I started in the exact order written in the above checkbox. But switched it to explaining the Hyperproperties first. Just try giving a thought over, "Hyperproperties and Blockchain"

See y'all on the next blog...

Day10 – “Why?” & “What in?” Security & Blockchain?

by in UncategorizedLeave a Comment on Day10 – “Why?” & “What in?” Security & Blockchain?
Reading Time: 3 minutes

author: aman

Blog II - Part III - Day 10

Apologies for not being able to write the #Day10 blog on time. But this blog will contain some wonderful things, actually applicable in the field of Security of blockchain.

I will pick up just one case I have worked on extensively, followed by the intuitive trails of other cases, you can think of logically. The blogs will be mostly texts so, just read.

Lets get through...

In this micro-blog

  • Formal Methods
  • Formal Verification
  • First Order Logic
  • Information Flow and Vulnerability : Just a CASE
  • ..... will keep adding
Information Flow and Vulnerability : Just a CASE

The theory of Information Flow draws some important points in the direction of how the data flows, i.e. the access of information to different type of users. Let's try to understand it from a critical point of view...

The PLOT

Suppose you are an NSA Agent, just like Edward Snowden was, and you need to design a system that just have to fetch data to the other "normal" employees that serve the government.

Now the government employee simply query about the data and gets the required data. But it's perfectly normal right y'all... What is the problem?

The Challenge

The thing is that, there are a certain "high-level" access to information and certain "low-level" access to information. The critical point in Information Flow expresses the fact that, the high level access information should not be accessed by the people who have low-level access. In this case, the govt. employee should never access the information that only an NSA employee should have access to.

If there is anyway, the government employee is somehow able to find out the high level information, it is a security flaw.

There was this machine learning competition, where the people were given anonymised IMBD data(i.e. the identity of people were removed). One of the participant was able to apply some stastical techniques to deanonymise the data, i.e. he was able to identify the people. This is clearly a fault in securing information, which those participants should not have access to.

The participants applied the technique called "Differential learning" to de-anonymise the data. This is just a way in which a certain information can be exploited. But understanding this thing, will be a bit more complex.

Let me give you a simple example, of how the access to variables can be exploited to leak certain information.

example[1]
suppose there are 2 variable, l & h. l ->

Low-level variable, some info. that both the govt employee and NSA can know about
h -> high-level variable, some info. that ""only"" the NSA agent should know abt

now, being a government employee I write a certain program:

var l, h
if h = true:
    l = 3
else
    l = 42

The govt. employee runs the program, and check the value of l after it finishes.
Now, by the value of l, whether it is 3 or 42, the govt. employee will be able to find the current state of value of h.

Isn't it much obvious? But it is clearly a big Vulnerability. The government employee should never come to know about the value of h. Now, he can make various queries to the NSA Database, and make certain conclusions of the results obtained. "The similar way the machine learning people were able to do." 😉

In the very next BLOG, I will tell about HYPERPROPERTIES, the very basic way to find out if a SYSTEM LEAKS SOME INFORMATION, the term was introduced by F B Scheidner and MR Clarkson, in 2010 in Cornell University.

I will also, cover, how this particular thing is used in Blockchain. This will be the very start where we will be employing BLOCKCHAIN examples, to understanf its seurity aspects.

Let us first get some responses on this blog.

CEV - Handout