Biblio

SCADA system is an essential component for automated control and monitoring in many of the Critical Infrastructures (CI). Cyber-attacks like Stuxnet, Aurora, Maroochy on SCADA systems give us clear insight about the damage a determined adversary can cause to any country's security, economy, and health-care systems. An in-depth analysis of these attacks can help in developing techniques to detect and prevent attacks. In this paper, we focus on the assessment of SCADA vulnerabilities from the widely used National Vulnerability Database (NVD) until May 2019. We analyzed the vulnerabilities based on severity, frequency, availability, integrity and confidentiality impact, and Common Weaknesses. The number of reported vulnerabilities are increasing yearly. Approximately 89% of the attacks are the network exploits severely impacting availability of these systems. About 19% of the weaknesses are due to buffer errors due to the use of insecure and legacy operating systems. We focus on finding the answer to four key questions that are required for developing new technologies for securing SCADA systems. We believe this is the first study of its kind which looks at correlating SCADA attacks with publicly available vulnerabilities. Our analysis can provide security researchers with useful insights into SCADA critical vulnerabilities and vulnerable components, which need attention. We also propose a domain-specific vulnerability scoring system for SCADA systems considering the interdependency of the various components.

Network Function Virtualization (NFV) is an implementation of cloud computing that leverages virtualization technology to provide on-demand network functions such as firewalls, domain name servers, etc., as software services. One of the methods that help us understand the design and implementation process of such a new system in an abstract way is architectural modeling. Architectural modeling can be presented through UML diagrams to show the interaction between different components and its stakeholders. Also, it can be used to analyze the security threats and the possible countermeasures to mitigate the threats. In this paper, we show some of the possible threats that may jeopardize the security of NFV. We use misuse patterns to analyze misuses based on privilege escalation and VM escape threats. The misuse patterns are part of an ongoing catalog, which is the first step toward building a security reference architecture for NFV.

With the ever so growing boundaries for security in the cloud, it is necessary to develop ways to prevent from total cloud server failure. In this paper, we try to design a Game Strategy Block that sets up rules for security based on a tower defence game to secure the hypervisor from potential threats. We also try to define a utility function named the Virtual Machine Vitality Measure (VMVM) that could enlighten on the status of the virtual machines on the virtual environment.

Functional Safety standards like ISO 26262 require a detailed analysis of the dependability of components subjected to perturbations. Radiation testing or even much more abstract RTL fault injection campaigns are costly and complex to set up especially for SoCs and Cyber Physical Systems (CPSs) comprising intertwined hardware and software. Moreover, some approaches are only applicable at the very end of the development cycle, making potential iterations difficult when market pressure and cost reduction are paramount. In this tutorial, we present a summary of classical state-of-the-art approaches, then alternative approaches for the dependability analysis that can give an early yet accurate estimation of the safety or security characteristics of HW-SW systems. Designers can rely on these tools to identify issues in their design to be addressed by protection mechanisms, ensuring that system dependability constraints are met with limited risk when subjected later to usual fault injections and to e.g., radiation testing or laser attacks for certification.

The analysis of applied tasks and methods of entropy signal processing are carried out in this article. The theoretical comments about the specific schemes of special processors for the determination of probability and correlation activity are given. The perspective of the influence of probabilistic entropy of C. Shannon as cipher signal receivers is reviewed. Examples of entropy-manipulated signals and system characteristics of the proposed special processors are given.

The paper describes modification of the ATA (Attack Tree Analysis) technique for assessment of instrumentation and control systems (ICS) dependability (reliability, availability and cyber security) called AvTA (Availability Tree Analysis). The techniques FMEA, FMECA and IMECA applied to carry out preliminary semi-formal and criticality oriented analysis before AvTA based assessment are described. AvTA models combine reliability and cyber security subtrees considering probabilities of ICS recovery in case of hardware (physical) and software (design) failures and attacks on components casing failures. Successful recovery events (SREs) avoid corresponding failures in tree using OR gates if probabilities of SRE for assumed time are more than required. Case for dependability AvTA based assessment (model, availability function and technology of decision-making for choice of component and system parameters) for smart building ICS (Building Automation Systems, BAS) is discussed.

Cyber-physical systems (CPSs) encompass a network of sensors and actuators that are monitored, controlled and integrated by a computing and communication core. As autonomous underwater vehicles (AUVs) become more intelligent and connected, new use cases in ocean production, security and environmental monitoring become feasible. Swarms of small, affordable and hydrobatic AUVs can be beneficial in substance cloud tracking and algae farming, and a CPS linking the AUVs with multi-fidelity simulations can improve performance while reducing risks and costs. In this paper, we present a CPS concept tightly linking the AUV network in ROS to virtual validation using Simulink and Gazebo. A robust hardware-software interface using the open-source UAVCAN-ROS bridge is described for enabling hardware-in-the-loop validation. Hardware features of the hydrobatic SAM AUV are described, with a focus on subsystem integration. Results presented include pre-tuning of controllers, validation of mission plans in simulation and real time subsystem performance in tank tests. These first results demonstrate the interconnection between different system elements and offer a proof of concept.

Security down to hardware (HW) has become a fundamental requirement in highly-connected and ubiquitously deployed systems, as a result of the recent discovery of a wide range of vulnerabilities in commercial devices, as well as the affordability of several attacks that were traditionally considered unlikely. HW security is now a fundamental requirement in view of the massive attack surface that they expose, and the substantial power penalty entailed by solutions at higher levels of abstraction.In large-scale networks of connected devices, attacks need to be counteracted at low cost down to individual nodes, which need to be identified or authenticated securely, and protect confidentiality and integrity of the data that is sensed, stored, processed and wirelessly exchanged. In many security-sensitive applications, physical attacks against individual chips need to be counteracted to truly enable an end-to-end chain of trust from nodes to cloud and actuation (i.e., always-on security). These requirements have motivated the on-going global research and development effort to assure hardware security at low cost and power penalty down to low-end devices (i.e., ubiquitous security).This paper provides a fresh overview of the fundamentals, the design requirements and the state of the art in primitives for HW security. Challenges and future directions are discussed using recent silicon demonstrations as case studies.

Industrial Control Security (ICS) plays an important role in protecting Industrial assets and processed from being tampered by attackers. Recent years witness the fast development of ICS technology. However there are still shortage of techniques and measures to verify the effectiveness of ICS approaches. In this paper, we propose a verification framework named vICS, for security measures in industrial environments. vICS does not requires installing any agent in industrial environments, and could be viewed as a non-intrusive way. We use vICS to evaluate the effectiveness of classic ICS techniques and measures through several experiments. The results shown that vICS provide an feasible solution for verifying the effectiveness of classic ICS techniques and measures for industrial environments.

We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin token-fingerprinting attacks. To facilitate real-world deployment, our system is backwards-compatible with today's U2F-enabled web services and runs on commodity hardware tokens after a firmware modification. A True2F-protected authentication takes just 57ms to complete on the token, compared with 23ms for unprotected U2F.

Model compression is considered to be an effective way to reduce the implementation cost of deep neural networks (DNNs) while maintaining the inference accuracy. Many recent studies have developed efficient model compression algorithms and implementations in accelerators on various devices. Protecting integrity of DNN inference against fault attacks is important for diverse deep learning enabled applications. However, there has been little research investigating the fault resilience of DNNs and the impact of model compression on fault tolerance. In this work, we consider faults on different data types and develop a simulation framework for understanding the fault resiliency of compressed DNN models as compared to uncompressed models. We perform our experiments on two common DNNs, LeNet-5 and VGG16, and evaluate their fault resiliency with different types of compression. The results show that binary quantization can effectively increase the fault resilience of DNN models by 10000x for both LeNet5 and VGG16. Finally, we propose software and hardware mitigation techniques to increase the fault resiliency of DNN models.

A method to increase the resiliency of in-cone logic locking against the SAT attack is described in this paper. Current logic locking techniques provide protection through the addition of circuitry outside of the original logic cone. While the additional circuitry provides provable security against the SAT attack, other attacks, such as the removal attack, limit the efficacy of such techniques. Traditional in-cone logic locking is not prone to removal attacks, but is less secure against the SAT attack. The focus of this paper is, therefore, the analysis of in-cone logic locking to increase the security against the SAT attack, which provides a comparison between in-cone techniques and newly developed methodologies. A novel algorithm is developed that utilizes maximum fanout free cones (MFFC). The application of the algorithm limits the fanout of incorrect key information. The MFFC based algorithm resulted in an average increase of 61.8% in the minimum number of iterations required to complete the SAT attack across 1,000 different variable orderings of the circuit netlist while restricted to a 5% overhead in area.

Emerging intelligent systems have stringent constraints including cost and power consumption. When they are used in critical applications, resiliency becomes another key requirement. Much research into techniques for fault tolerance and dependability has been successfully applied to highly critical systems, such as those used in space, where cost is not an overriding constraint. Further, most resiliency techniques were focused on dealing with failures in the hardware and bugs in the software. The next generation of systems used in critical applications will also have to be tolerant to test escapes after manufacturing, soft errors and transients in the electronics, hardware bugs, hardware and software Trojans and viruses, as well as intrusions and other security attacks during operation. This paper will assess the impact of these threats on the results produced by a critical system, and proposed solutions to each of them. It is argued that run-time checks at the application-level are necessary to deal with errors in the results.

Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 20-30 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.

Real-time clock circuits are widely used in modern electronic systems to provide time information to the systems at the beginning of the system power-on. In this paper, we present two types of Hardware Trojan designs that employ the time information as the trigger conditions. One is a real-time based Trojan, which will attack a system at some specific realworld time. The other is a relative-time based Trojan, which will be triggered when a specific time period passes after the system is powered on. In either case when a Trojan is triggered its payload may corrupt the system or leakage internal information to the outside world. Experimental results show that the extra power consumption, area overhead and delay time are all quite small and thus the detection of the Trojans is difficult by using traditional side-channel detection methods.

The rapid growth and globalization of the integrated circuit (IC) industry put the threat of hardware Trojans (HTs) front and center among all security concerns in the IC supply chain. Current Trojan detection approaches always assume HTs are composed of digital circuits. However, recent demonstrations of analog attacks, such as A2 and Rowhammer, invalidate the digital assumption in previous HT detection or testing methods. At the system level, attackers can utilize the analog properties of the underlying circuits such as charge-sharing and capacitive coupling effects to create information leakage paths. These new capacitor-based vulnerabilities are rarely covered in digital testings. To address these stealthy yet harmful threats, we identify a large class of such capacitor-enabled attacks and define them as charge-domain Trojans. We are able to abstract the detailed charge-domain models for these Trojans and expose the circuit-level properties that critically contribute to their information leakage paths. Aided by the abstract models, an information flow tracking (IFT) based solution is developed to detect charge-domain leakage paths and then identify the charge-domain Trojans/vulnerabilities. Our proposed method is validated on an experimental RISC microcontroller design injected with different variants of charge-domain Trojans. We demonstrate that successful detection can be accomplished with an automatic tool which realizes the IFT-based solution.

Hardware Trojans are malicious modifications on integrated circuits (IC), which pose a grave threat to the security of modern military and commercial systems. Existing methods of detecting hardware Trojans are plagued by the inability of detecting all Trojans, reliance on golden chip that might not be available, high time cost, and low accuracy. In this paper, we present Golden Gates, a novel detection method designed to achieve a comparable level of accuracy to full reverse engineering, yet paying only a fraction of its cost in time. The proposed method inserts golden gate circuits (GGC) to achieve superlative accuracy in the classification of all existing gate footprints using rapid scanning electron microscopy (SEM) and backside ultra thinning. Possible attacks against GGC as well as malicious modifications on interconnect layers are discussed and addressed with secure built-in exhaustive test infrastructure. Evaluation with real SEM images demonstrate high classification accuracy and resistance to attacks of the proposed technique.

Nowadays due to economic reasons most of the semiconductor companies prefer to outsource the manufacturing part of their designs to third fabrication foundries, the so-called fabs. Untrustworthy fabs can extract circuit blocks, the called intellectual properties (IPs), from the layouts and then pirate them. Such fabs are suspected of hardware Trojan (HT) threat in which malicious circuits are added to the layouts for sabotage objectives. HTs lead up to increase power consumption in HT-infected circuits. However, due to process variations, the power of HTs including few gates in million-gate circuits is not detectable in power consumption analysis (PCA). Thus, such circuits should be considered as a collection of small sub-circuits, and PCA must be individually performed for each one of them. In this article, we introduce an approach facilitating PCA-based HT detection methods. Concerning this approach, we propose a new logic locking method and algorithm. Logic locking methods and algorithm are usually employed against IP piracy. They modify circuits such that they do not correctly work without applying a correct key to. Our experiments at the gate level and post-synthesis show that the proposed locking method and algorithm increase the proportion of HT activity and consequently HT power to circuit power.

With the globalization of integrated circuit (IC) design and manufacturing, malicious third-party vendors can easily insert hardware Trojans into their intellect property (IP) cores during IC design phase, threatening the security of IC systems. It is strongly required to develop hardware-Trojan detection methods especially for the IC design phase. As the particularity of Trigger nets in Trojan circuits, in this paper, we propose an ensemble-learning-based hardware-Trojan detection method by detecting the Trigger nets at the gate level. We extract the Trigger-net features for each net from known netlists and use the ensemble learning method to train two detection models according to the Trojan types. The detection models are used to identify suspicious Trigger nets in an unknown detected netlist and give results of suspiciousness values for each detected net. By flagging the top n% suspicious nets of each detection model as the suspicious Trigger nets based on the suspiciousness values, the proposed method can achieve, on average, 88% true positive rate, 90% true negative rate, and 90% Accuracy.

Hardware Trojan threats caused by malicious designers and untrusted manufacturers have become one of serious issues in modern VLSI systems. In this paper, we show some experimental results to insert hardware Trojans into asynchronous circuits. As a result, the overhead of hardware Trojan insertion in asynchronous circuits may be small for malicious designers who have enough knowledge about the asynchronous circuits. In addition, we also show several Trojan detection methods using deep learning schemes which have been proposed to detect synchronous hardware Trojan in the netlist level. We apply them to asynchronous hardware Trojan circuits and show their results. They have a great potential to detect a hardware Trojan in asynchronous circuits.

Hardware Trojan Horses and active fault attacks are a threat to the safety and security of electronic systems. By such manipulations, an attacker can extract sensitive information or disturb the functionality of a device. Therefore, several protections against malicious inclusions have been devised in recent years. A prominent technique to detect abnormal behavior in the field is run-time verification. It relies on dedicated monitoring circuits and on verification rules generated from a set of temporal properties. An important question when dealing with such protections is the effectiveness of the protection against unknown attacks. In this paper, we present a methodology based on automatic generation of monitoring and formal verification techniques that can be used to validate and analyze the quality of a set of temporal properties when used as protection against generic attackers of variable strengths.

To accurately detect Hardware Trojans in integrated circuits design process, a machine-learning-based detection method at the register transfer level (RTL) is proposed. In this method, circuit features are extracted from the RTL source codes and a training database is built using circuits in a Hardware Trojans library. The training database is used to train an efficient detection model based on the gradient boosting algorithm. In order to expand the Hardware Trojans library for detecting new types of Hardware Trojans and update the detection model in time, a server-client mechanism is used. The proposed method can achieve 100% true positive rate and 89% true negative rate, on average, based on the benchmark from Trust-Hub.

Present security study involving analysis of manipulation of individual droplets of samples and reagents by digital microfluidic biochip has remarked that the biochip design flow is vulnerable to piracy attacks, hardware Trojans attacks, overproduction, Denial-of-Service attacks, and counterfeiting. Attackers can introduce bioprotocol manipulation attacks against biochips used for medical diagnosis, biochemical analysis, and frequent diseases detection in healthcare industry. Among these attacks, hardware Trojans have created a major threatening issue in its security concern with multiple ways to crack the sensitive data or alter original functionality by doing malicious operations in biochips. In this paper, we present a systematic algorithm for the assignment of checkpoints required for error-recovery of available bioprotocols in case of hardware Trojans attacks in performing operations by biochip. Moreover, it can guide the placement and timing of checkpoints so that the result of an attack is reduced, and hence enhance the security concerns of digital microfluidic biochips. Comparative study with traditional checkpoint schemes demonstrate the superiority of the proposed algorithm without overhead of the bioprotocol completion time with higher error detection accuracy.

With the recent proliferation of Internet of Things (IoT) and embedded devices, there is a growing need to develop a security framework to protect such devices. RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against such attacks. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the RISC-V processor core. We implement FIXER on RocketChip, a RISC-V SoC platform, by leveraging the integrated Rocket Custom Coprocessor (RoCC) to detect and prevent attacks. Compared to existing software based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.

Protection of secured data content in volatile memories (processor caches, embedded RAMs etc) is essential in networking, wireless, automotive and other embedded secure applications. It is utmost important to protect secret data, like authentication credentials, cryptographic keys etc., stored over volatile memories which can be hacked during normal device operations. Several security attacks like cold boot, disclosure attack, data remanence, physical attack, cache attack etc. can extract the cryptographic keys or secure data from volatile memories of the system. The content protection of memory is typically done by assuring data deletion in minimum possible time to minimize data remanence effects. In today's state-of-the-art SoCs, dedicated hardwares are used to functionally erase the private memory contents in case of security violations. This paper, in general, proposes a novel approach of using existing memory built-in-self-test (MBIST) hardware to zeroize (initialize memory to all zeros) on-chip memory contents before it is being hacked either through different side channels or secuirty attacks. Our results show that the proposed MBIST based content zeroization approach is substantially faster than conventional techniques. By adopting the proposed approach, functional hardware requirement for memory zeroization can be waived.