Visible to the public Microelectronics Security

SoS Newsletter- Advanced Book Block

Microelectronics Security


Microelectronics are at the center of the IT world. Their security--provenance, integrity of their manufacture, and capacity for providing embedded security--is both an opportunity and a problem for cybersecurity research. The works cited here were presented between January and August of 2014 and cover a wide range of microelectronics security issues.

  • Jagasivamani, M.; Gadfort, P.; Sika, M.; Bajura, M.; Fritze, M., "Split-fabrication Obfuscation: Metrics And Techniques," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on , vol., no., pp.7,12, 6-7 May 2014. doi: 10.1109/HST.2014.6855560 Split-fabrication has been proposed as an approach for secure and trusted access to advanced microelectronics manufacturing capability using un-trusted sources. Each wafer to be manufactured is processed by two semiconductor foundries, combining the front-end capabilities of an advanced but untrusted semiconductor foundry with the back-end capabilities a trusted semiconductor foundry. Since the security of split fabrication relates directly to a front-end foundry's ability to interpret the partial circuit designs it receives, metrics are needed to evaluate the obfuscation of these designs as well as circuit design techniques to alter these metrics. This paper quantitatively examines several "front-end" obfuscation techniques and metrics inspired by information theory, and evaluates their impact on design effort, area, and performance penalties.
    Keywords: integrated circuits; network synthesis; semiconductor technology; circuit design techniques; front-end obfuscation techniques; microelectronics manufacturing; partial circuit designs; semiconductor foundries; split-fabrication obfuscation; Entropy; Foundries; Libraries; Logic gates; Manufacturing; Measurement; Standards (ID#:14-2965)
    URL:http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6855560&isnumber=6855557
  • Farrugia, R.A, "Reversible De-Identification for lossless image compression using Reversible Watermarking," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on , vol., no., pp.1258,1263, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859760 De-Identification is a process which can be used to ensure privacy by concealing the identity of individuals captured by video surveillance systems. One important challenge is to make the obfuscation process reversible so that the original image/video can be recovered by persons in possession of the right security credentials. This work presents a novel Reversible De-Identification method that can be used in conjunction with any obfuscation process. The residual information needed to reverse the obfuscation process is compressed, authenticated, encrypted and embedded within the obfuscated image using a two-level Reversible Watermarking scheme. The proposed method ensures an overall single-pass embedding capacity of 1.25 bpp, where 99.8% of the images considered required less than 0.8 bpp while none of them required more than 1.1 bpp. Experimental results further demonstrate that the proposed method managed to recover and authenticate all images considered.
    Keywords: data compression; image coding; image watermarking; message authentication; video surveillance; image authentication; image recovery; lossless image compression; obfuscation process; reversible de-identification; reversible watermarking; video surveillance systems; Cryptography; Face; Generators; Image color analysis; Payloads; Vectors; Watermarking (ID#:14-2966)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859760&isnumber=6859515
  • Signorini, G.; Grivet-Talocia, S.; Stievano, IS.; Fanucci, L., "Macromodel-based Signal and Power Integrity simulations of an LP-DDR2 interface in mSiP," Microelectronics and Electronics (PRIME), 2014 10th Conference on Ph.D. Research in, pp.1,4, June 30 2014-July 3 2014. doi: 10.1109/PRIME.2014.6872719 Signal and Power Integrity (SI/PI) analyses assume a paramount importance to ensure a secure integration of high-speed communication interfaces in low-cost highly-integrated System-in-Package(s) (SiP) for mobile applications. In an iterative fashion, design and time-domain SI/PI verifications are alternated to assess and optimize system functionality. The resulting complexity of the analysis limits simulation coverage and requires extremely long runtimes (hours, days). In order to ensure post-silicon correlation, electrical macromodels of Package/PCB parasitics and high-speed I/Os can be generated and included in the testbenches to expedite simulations. Using as example an LP-DDR2 memory interface to support the operations of a mobile digital base-band processor, we have developed and applied a macromodelling flow to demonstrate simulation run-time speed-up factors (x1200+), and enable interface-level analyses to study the effects of Package/PCB parasitics on signals and PDNs, as well as the corresponding degradation in the timing budget.
    Keywords: iterative methods; mobile handsets; printed circuits; system-in-package; time-domain analysis;LP-DDR2 interface; SI-PI analysis; electrical macromodel; high-speed I-O; high-speed communication interfaces; integration security; iterative fashion; low-cost highly-integrated system-in-packages; mSiP; macromodel-based signal-power integrity simulation; mobile application; package-PCB parasitics; post-silicon correlation; simulation coverage; system functionality assessment; system functionality optimization; time-domain SI-PI verification; Analytical models; Complexity theory; Mathematical model; Mobile communication; Packaging; Silicon; Time-domain analysis (ID#:14-2967)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6872719&isnumber=6872647
  • Ristov, P.; Mrvica, A; Miskovic, T., "Secure Data Storage," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, pp.1586,1591, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859818 Secure storage of data and the current availability of data and information are the most important aspects of any ICT (Information and Communications Technology) system. Data storage systems are mandatory components of modern information systems. The term backup refers to creating a backup or copy of data with the aim of restoring the data in case the original data become corrupted and inaccessible. Reliable and secure automated data storage is nowadays of great importance for business based on the smooth progress of information in an enterprise. Companies have to implement appropriate systems for securing the data storage. Some shipping companies use systems for saving data and applications in the so-called cloud. Cloud computing enables efficient and reliable fleet management. This technology reduces the cost of managing data and information resources, regardless of the size of the fleet.
    Keywords: back-up procedures; cloud computing; information systems ;information technology; naval engineering; security of data; cloud computing; data backup; fleet management; information and communications technology; modern information systems ;secure data storage; shipping companies; Cloud computing; Companies; Computers; Media; Memory; Servers; Storage area networks (ID#:14-2968)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859818&isnumber=6859515
  • Grznic, T.; Perhoc, D.; Maric, M.; Vlasic, F.; Kulcsar, T., "CROFlux -- Passive DNS method for Detecting Fast-Flux Domains," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, pp.1376,1380, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859782 In this paper we present our approach to fast flux detection called CROFlux that relies on the passive DNS replication method. The presented model can significantly reduce the number of false positive detections, and can detect other suspicious domains that are used for fast flux. This algorithm is used and implemented in Advanced Cyber Defense Centre - a European project co-funded by the European Commission.
    Keywords: Internet; security of data; Advanced Cyber Defense Centre; CROFlux; fast-flux domain detection; passive DNS replication method; Classification algorithms; Content distribution networks; Europe; IP networks; Malware; Peer-to-peer computing; Servers (ID#:14-2970)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859782&isnumber=6859515
  • Wahane, G.; Kanthe, AM.; Simunic, D., "Technique for Detection Of Cooperative Black Hole Attack Using True-Link In Mobile Ad-Hoc Networks," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on , vol., no., pp.1428,1434, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859791 Mobile Ad-hoc Network (MANET) is a collection of communication devices or nodes that wish to communicate without any fixed infrastructure and predetermined organization of available links. Security is a major challenge for these networks owing to their features of open medium, dynamically changing topologies. A black hole is a malicious node that falsely replies for any route requests without having active route to specified destination and drops all the receiving packets. Sometimes the black hole nodes cooperate with each other with the aim of dropping packets. These are known as cooperative black hole attack. This proposed work suggests the modification of Ad-hoc on Demand Distance Vector (AODV) routing protocol. We used a technique for detecting as well as defending against a cooperative black hole attack using True-link concept. True-link is a timing based countermeasure to the cooperative black hole attack. This paper shows the performance of MANET decreases for end-to-end delay, normalized routing overhead and increases throughput and packet delivery ratio.
    Keywords: cooperative communication; mobile ad hoc networks; routing protocols ;telecommunication links ;telecommunication security; AODV routing protocol; MANET; active route; ad-hoc on demand distance vector; black hole nodes; communication devices; communication nodes; cooperative black hole attack; end-to-end delay; fixed infrastructure; malicious node; mobile ad-hoc networks; packet delivery ratio; predetermined organization; receiving packets; route requests; routing overhead ;timing based countermeasure; true-link concept; Delays; Mobile ad hoc networks; Routing; Routing protocols; Security (ID#:14-2971)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859791&isnumber=6859515
  • Kounelis, I; Muftic, S.; Loschner, J., "Secure and Privacy-Enhanced E-Mail System Based on the Concept of Proxies," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, pp.1405, 1410, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859787 Security and privacy on the Internet and especially the e-mail, is becoming more and more important and crucial for the user. The requirements for the protection of e-mail include issues like tracking and privacy intrusions by hackers and commercial advertisers, intrusions by casual observers, and even spying by government agencies. In an expanding email use in the digital world, Internet and mobile, the quantity and sensitivity of personal information has also tremendously expanded. Therefore, protection of data and transactions and privacy of user information is key and of interest for many users. Based on such motives, in this paper we present the design and current implementation of our secure and privacy-enhanced e-mail system. The system provides protection of e-mails, privacy of locations from which the e-mail system is accessed, and authentication of legitimate users. Differently from existing standard approaches, which are based on adding security extensions to e-mail clients, our system is based on the concept of proxy servers that provide security and privacy of users and their e-mails. It uses all required standards: S/MIME for formatting of secure letters, strong cryptographic algorithms, PKI protocols and certificates. We already have the first implementation and an instance of the system is very easy to install and to use.
    Keywords: Internet; cryptographic protocols; data privacy; electronic mail; public key cryptography; Internet; PKI protocols; S-MIME; casual observers; commercial advertisers; cryptographic algorithms; digital world; government agencies; legitimate user authentication; locations privacy; privacy intrusions; privacy-enhanced e-mail system; proxy concept; secure letters; security extensions; tracking intrusions; user information privacy; Cryptography; Electronic mail; Postal services; Privacy; Servers; Standards; E-mail; PKI; Proxy Server; S/MIME; X.509 certificates (ID#:14-2972)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859787&isnumber=6859515
  • Cassettari, R.; Fanucci, L.; Boccini, G., "A New Hardware Implementation Of The Advanced Encryption Standard Algorithm For Automotive Applications," Microelectronics and Electronics (PRIME), 2014 10th Conference on Ph.D. Research in , vol., no., pp.1,4, June 30 2014-July 3 2014. doi: 10.1109/PRIME.2014.6872672 Modern cars are no longer mere mechanical devices and they are dominated by a large number of IT systems that guide a wide number of embedded systems called Electronic Control Unit (ECU). While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. After a brief introduction of the security in automotive environment we investigate how the automotive community approached this problem. In order to ensure some security aspects in automotive environment, it is needed a hardware implementation of the Advanced Encryption Standard (AES) algorithm with higher speed throughput than existing solutions. For this purpose, a new hardware implementation of this cryptographic algorithm is presented. The implementation results are compared with previous works.
    Keywords: automobiles; control engineering computing; cryptography; embedded systems; AES; ECU; IT systems; advanced encryption standard algorithm; automotive applications; automotive community; automotive environment; cryptographic algorithm; electronic control unit; embedded systems; hardware implementation; modern cars; Algorithm design and analysis; Automotive engineering; Encryption; Hardware; Throughput (ID#:14-2973)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6872672&isnumber=6872647
  • Portelo, J.; Raj, B.; Abad, A; Trancoso, I, "Privacy-preserving Speaker Verification Using Secure Binary Embeddings," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, pp.1268, 1272, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859762 Remote speaker verification services typically rely on the system having access to the users recordings, or features derived from them, and/or a model for the users voice. This conventional approach raises several privacy concerns. In this work, we address this privacy problem in the context of a speaker verification system using a factor analysis based front-end extractor, the so-called i-vectors. Preserving privacy in our context means that neither the system observes voice samples or speech models from the user, nor the user observes the universal model owned by the system. This is achieved by transforming speaker i-vectors to bit strings in a way that allows for the computation of approximate distances, instead of exact ones. The key to the transformation uses a hashing scheme known as secure binary embeddings. Then, an SVM classifier with a modified kernel operates on the hashes. Experiments showed that the secure system yielded similar results as its non-private counterpart. The approach may be extended to other types of biometric authentication.
    Keywords: approximation theory; data privacy; speaker recognition; SVM classifier; approximate distance computation; binary embeddings security; biometric authentication; factor analysis; front- end extractor; i-vectors; privacy-preserving speaker verification; remote speaker verification; Euclidean distance; Hamming distance; Privacy; Quantization (signal); Speech; Support vector machines; Vectors (ID#:14-2974)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859762&isnumber=6859515
  • Picek, S.; Batina, L.; Jakobovic, D.; Carpi, R.B., "Evolving Genetic Algorithms For Fault Injection Attacks," Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, pp.1106, 1111, 26-30 May 2014. doi: 10.1109/MIPRO.2014.6859734 Genetic algorithms are used today to solve numerous difficult problems. However, it is often needed to specialize and adapt them further in order to successfully tackle some specific problem. One such example is the fault injection attack where the goal is to find a specific set of parameters that can lead to a successful cryptographic attack in a minimum amount of time. In this paper we address the process of the specialization of genetic algorithm from its standard form to the final, highly-specialized one. In this process we needed to customize crossover operator, add a mapping between the values in cryptographic domain and genetic algorithm domain and finally to adapt genetic algorithm to work on-the-fly. For the last phase of development we plan to go to the memetic algorithm by adding a local search strategy. Furthermore, we give a comparison between our algorithm and random search which is the mostly employed method for this problem at the moment. Our experiments show that our algorithm significantly outperforms the random search.
    Keywords: cryptography; genetic algorithms; search problems crossover operator; cryptographic attack; fault injection attacks; genetic algorithms; local search strategy; memetic algorithm; Genetic algorithms; Monte Carlo methods; Optimization; Search problems; Security; Sociology (ID#:14-2975)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859734&isnumber=6859515

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.