Biblio

Logic locking is a holistic design-for-trust technique that aims to protect the design intellectual property (IP) from untrustworthy entities throughout the supply chain. Functional and structural analysis-based attacks successfully circumvent state-of-the-art, provably secure logic locking (PSLL) techniques. However, such attacks are not holistic and target specific implementations of PSLL. Automating the detection and subsequent removal of protection logic added by PSLL while accounting for all possible variations is an open research problem. In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on PSLL that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24% - 100% successful in breaking various benchmarks locked using stripped-functionality logic locking [1], tenacious and traceless logic locking [2], and Anti-SAT [3]. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks [4], [5] fail. We also open source our attack framework [6].

With the rapid development of IoT in recent years, IoT is increasingly being used as an endpoint of supply chains. In general, as the majority of data is now being stored and shared over the network, information security is an important issue in terms of secure supply chain management. In response to cyber security breaches and threats, there has been much research and development on the secure storage and transfer of data over the network. However, there is a relatively limited amount of research and proposals for the security of endpoints, such as IoT linked in the supply chain network. In addition, it is difficult to ensure reliability for IoT itself due to a lack of resources such as CPU power and storage. Ensuring the reliability of IoT is essential when IoT is integrated into the supply chain. Thus, in order to secure the supply chain, we need to improve the reliability of IoT, the endpoint of the supply chain. In this work, we examine the use of IoT gateways, client certificates, and IdP as methods to compensate for the lack of IoT resources. The results of our qualitative evaluation demonstrate that using the IdP method is the most effective.

Many critical industrial control systems integrate a mixture of state-of-the-art and legacy equipment. Legacy installations lack advanced, and often even basic security features, risking entire system security. Existing research primarily focuses on the development of secure protocols for emerging devices or protocol translation proxies for legacy equipment. However, a robust security framework not only needs encryption but also mechanisms to prevent reconnaissance and unauthorized access to industrial devices. This paper proposes a novel Edge Security Gateway (ESG) that provides both, communication and endpoint security. The ESG is based on double ratchet algorithm and encrypts every message with a different key. It manages the ongoing renewal of short-lived session keys and provides localized firewall protection to individual devices. The ESG is easily customizable for a wide range of industrial application. As a use case, this paper presents the design and validation for synchrophasor technology in smart grid. The ESG effectiveness is practically validated in detecting reconnaissance, manipulation, replay, and command injection attacks due to its perfect forward and backward secrecy properties.

An efficient quantum circuit (program) compiler aims to minimize the gate-count - through efficient instruction translation, routing, gate, and cancellation - to improve run-time and noise. Therefore, a high-efficiency compiler is paramount to enable the game-changing promises of quantum computers. To date, the quantum computing hardware providers are offering a software stack supporting their hardware. However, several third-party software toolchains, including compilers, are emerging. They support hardware from different vendors and potentially offer better efficiency. As the quantum computing ecosystem becomes more popular and practical, it is only prudent to assume that more companies will start offering software-as-a-service for quantum computers, including high-performance compilers. With the emergence of third-party compilers, the security and privacy issues of quantum intellectual properties (IPs) will follow. A quantum circuit can include sensitive information such as critical financial analysis and proprietary algorithms. Therefore, submitting quantum circuits to untrusted compilers creates opportunities for adversaries to steal IPs. In this paper, we present a split compilation methodology to secure IPs from untrusted compilers while taking advantage of their optimizations. In this methodology, a quantum circuit is split into multiple parts that are sent to a single compiler at different times or to multiple compilers. In this way, the adversary has access to partial information. With analysis of over 152 circuits on three IBM hardware architectures, we demonstrate the split compilation methodology can completely secure IPs (when multiple compilers are used) or can introduce factorial time reconstruction complexity while incurring a modest overhead ( 3% to 6% on average).

Recently, Mobile Edge Cloud computing (MEC) has attracted attention both from academia and industry. The idea of moving a part of cloud resources closer to users and data sources can bring many advantages in terms of speed, data traffic, security and context-aware services. The MEC infrastructure does not only host and serves applications next to the end-users, but services can be dynamically migrated and reallocated as mobile users move in order to guarantee latency and performance constraints. This specific requirement calls for the involvement and collaboration of multiple MEC providers, which raises a major issue related to trustworthiness. Two main challenges need to be addressed: i) trustworthiness needs to be handled in a manner that does not affect latency or performance, ii) trustworthiness is considered in different dimensions - not only security metrics but also performance and quality metrics in general. In this paper, we propose a trust layer for public MEC infrastructure that handles establishing and updating trust relations among all MEC entities, making the interaction withing a MEC network transparent. First, we define trust attributes affecting the trusted quality of the entire infrastructure and then a methodology with a computation model that combines these trust attribute values. Our experiments showed that the trust model allows us to reduce latency by removing the burden from a single MEC node, while at the same time increase the network trustworthiness.

The electron mobility μ exhibits oscillatory behavior with gate electric field F in an asymmetrically doped double V-shaped AlxGa1-xAs quantum well field effect transistor structure. By changing F, single-double-single subband occupancy of the system is obtained. We show that μ oscillates within double subband occupancy as a function of F near resonance of subband states due to the relocation of subband wave functions between the wells through intersubband effects.

Logic encryption is a method to improve hardware security by inserting key gates on carefully selected signals in a logic design. Various logic encryption schemes have been proposed in the past decade. Many attack methods to thwart these logic locking schemes have also emerged. The satisfiability (SAT) attack can recover correct keys for many logic obfuscation methods. Recently proposed sensitivity analysis attack can decrypt stripped functionality based logic encryption schemes. This article presents a new encryption scheme named SRTLock, which is resilient against both attacks. SRTLock method first generates 0-injection circuits and encrypts the functionality of these nodes with the key inputs. In the next step, these values are used to control the sensitivity of the functionally stripped output for specific input patterns. The resultant locked circuit is resilient against the SAT and sensitivity analysis attacks. Experimental results demonstrating this on several attacks using standard benchmark circuits are presented.

The ever-increasing cost and complexity of cutting-edge manufacturing and test processes have migrated the semiconductor industry towards a globalized business model. With many untrusted entities involved in the supply chain located across the globe, original intellectual property (IP) owners face threats such as IP theft/piracy, tampering, counterfeiting, reverse engineering, and overproduction. Logic locking has emerged as a promising solution to protect integrated circuits (ICs) against supply chain vulnerabilities. It inserts key gates to corrupt circuit functionality for incorrect key inputs. A logic-locked chip test can be performed either before or after chip activation (becoming unlocked) by loading the unlocking key into the on-chip tamperproof memory. However, both pre-activation and post-activation tests suffer from lower test coverage, higher test cost, and critical security vulnerabilities. To address the shortcomings, we propose LL-ATPG, a logic-locking aware test method that applies a set of valet (dummy) keys based on a target test coverage to perform manufacturing test in an untrusted environment. LL-ATPG achieves high test coverage and minimizes test time overhead when testing the logic-locked chip before activation without sharing the unlocking key. We perform security analysis of LL-ATPG and experimentally demonstrate that sharing the valet keys with the untrusted foundry does not create additional vulnerability for the underlying locking method.

True random number generators (TRNG) are widely used to generate encryption keys in information security systems [1]–[2]. In TRNG, entropy source is a critical module who provides the source of randomness of output bit stream. The unavoidable electrical noise in circuit becomes an ideal entropy source due to its unpredictability. Among the methods of capturing electrical noise, ring oscillator-based entropy source makes the TRNG most robust to deterministic noise and 1/f noise which means the strongest anti-interference capability, so it is simple in structure and easy to integrate [3]. Thus, great research attention has focused on ring oscillator-based TRNGs [3] –[7]. In [4], a high-speed TRNG with 100Mbps output bit rate was proposed, but it took up too much power and area. A TRNG based on tetrahedral ring oscillator was proposed in [5]. Its power consumption was very low but the output bit rate was also very low. A ring oscillator-based TRNG with low output bit rate but high power was proposed in [7]. In a word, none of the above architectures achieve an appropriate compromise between bit rate and power consumption. This work presents a new feedback architecture of TRNG based on tetrahedral ring oscillator. The output random bit stream generates a relative random control voltage that acts on the transmission gates in oscillator through a feedback loop, thus increasing phase jitter of the oscillator and improving output bit rate. Furthermore, an XOR chain-based post-processing unit is added to eliminate the statistical deviations and correlations between raw bits.

There are numerous areas relied on random numbers. As one knows, in Cryptography, randomness plays a vital role from key generation to encrypting the systems. If randomness is not created effectively, the whole system is vulnerable to security threats where an outsider can easily predict the algorithm used to generate the random numbers in the system. Another main application where one would not touch is the role of random numbers in different devices mainly storage-related like Solid State Drives, Universal Serial Bus (USB), Secure Digital (SD) cards random performance testing. This paper focuses on various novel algorithms to generate random numbers for efficient performance evaluation of different drives. The main metrics for performance testing is random read and write performance. Here, the biggest challenge to test the random performance of the drive is not only the extent to which randomness is created but also the testing should cover the entire device (say complete NAND, NOR, etc.). So, the random number generator should generate in such a way that the random numbers should not be able to be predicted and must generate the numbers covering the entire range. This paper proposes different methods for such generators and towards the end, discusses the implementation in Field Programmable Gate Array (FPGA).

In this paper, we will describe the design and implementation of a secure payment system based on QR codes. These QR codes have been extensively used in recent years since they speed up the payment process and provide users with ultimate convenience. However, as convenient as they may sound, QR-based online payment systems are vulnerable to different types of attacks. Therefore, transaction processing needs to be secure enough to protect the integrity and confidentiality of every payment process. Moreover, the online payment system must provide authenticity for both the sender and receiver of each transaction. In this paper, the security of the proposed QR-based system is provided using visual cryptography. The proposed system consists of a mobile application and a payment gateway server that implements visual cryptography. The application provides a simple and user-friendly interface for users to carry out payment transactions in user-friendly secure environment.

With the development of quantum computers, classical cryptography for secure communication is in danger of becoming obsolete. Quantum cryptography, however, can exploit the laws of quantum mechanics to guarantee unconditional security independently of the computational power of a potential eavesdropper. An example is quantum key distribution (QKD), which allows two parties to encrypt a message through a random secret key encoded in the degrees of freedom of quantum particles, typically photons.

In recent years, cyber attackers are targeting the power system and imposing different damages to the national economy and public safety. False Data Injection Attack (FDIA) is one of the main types of Cyber-Physical attacks that adversaries can manipulate power system measurements and modify system data. Consequently, it may result in incorrect decision-making and control operations and lead to devastating effects. In this paper, we propose a two-stage detection method. In the first step, Gated Recurrent Unit (GRU), as a deep learning algorithm, is employed to forecast the data for the future horizon. Meanwhile, hyperparameter optimization is implemented to find the optimum parameters (i.e., number of layers, epoch, batch size, β1, β2, etc.) in the supervised learning process. In the second step, an unsupervised scoring algorithm is employed to find the sequences of false data. Furthermore, two penalty factors are defined to prevent the objective function from greedy behavior. We assess the capability of the proposed false data detection method through simulation studies on a real-world data set (ComEd. dataset, Northern Illinois, USA). The results demonstrate that the proposed method can detect different types of attacks, i.e., scaling, simple ramp, professional ramp, and random attacks, with good performance metrics (i.e., recall, precision, F1 Score). Furthermore, the proposed deep learning method can mitigate false data with the estimated true values.

Deploying a new network architecture in the Internet requires changing some, but not necessarily all elements between communicating applications. One way to achieve gradual deployment is a proxy or gateway which "translates" between the new architecture and TCP/IP. We present such a proxy, called "Performance Enhancing Proxy for Deploying Network Architectures (PEP-DNA)", which allows TCP/IP applications to benefit from advanced features of a new network architecture without having to be redeveloped. Our proxy is a kernel-based Linux implementation which can be installed wherever a translation needs to occur between a new architecture and TCP/IP domains. We discuss the proxy operation in detail and evaluate its efficiency and performance in a local testbed, demonstrating that it achieves high throughput with low additional latency overhead. In our experiments, we use the Recursive InterNetwork Architecture (RINA) and Information-Centric Networking (ICN) as examples, but our proxy is modular and flexible, and hence enables realistic gradual deployment of any new "clean-slate" approaches.

Lightning Network (LN) addresses the scalability problem of Bitcoin by leveraging off-chain transactions. Nevertheless, it is not possible to run LN on resource-constrained IoT devices due to its storage, memory, and processing requirements. Therefore, in this paper, we propose an efficient and secure protocol that enables an IoT device to use LN's functions through a gateway LN node. The idea is to involve the IoT device in LN operations with its digital signature by replacing original 2-of-2 multisignature channels with 3-of-3 multisignature channels. Our protocol enforces the LN gateway to request the IoT device's cryptographic signature for all operations on the channel. We evaluated the proposed protocol by implementing it on a Raspberry Pi for a toll payment scenario and demonstrated its feasibility and security.

Internet of Battlefield Things (IoBT) is the application of Internet of Things (IoT) to a battlefield environment. IoBT networks operate in difficult conditions due to high mobility and unpredictable nature of battle fields and securing them is a challenge. There is increasing interest to use deception techniques to enhance the security of IoBT networks. A honeypot is a system installed on a network as a trap to attract the attention of an attacker and it does not store any valuable data. In this work, we introduce IoBT dual sensor gateways. We propose a Reinforcement Learning (RL)-assisted scheme, in which the IoBT dual sensor gateways intelligently switch between honeypot and real function based on a threshold. The optimal threshold is determined using reinforcement learning approach that adapts to nodes reputation. To focus on the impact of the mobile and uncertain behavior of IoBT networks on the proposed scheme, we consider the nodes as moving vehicles. We statistically analyze the results of our RL-based scheme obtained using ns-3 network simulation, and optimize value of the threshold.

The Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. Anomalies in BGP can have several causes (mis-configuration, outage and attacks). These anomalies are classified into large or small scale anomalies. Machine learning models are used to analyze and detect anomalies from the complex data extracted from BGP behavior. Two types of data representation can be used inside the machine learning models: a graph representation of the network (graph features) or a statistical computation on the data (statistical features). In this paper, we evaluate and compare the accuracy of machine learning models using graph features and statistical features on both large and small scale BGP anomalies. We show that statistical features have better accuracy for large scale anomalies, and graph features increase the detection accuracy by 15% for small scale anomalies and are well suited for BGP small scale anomaly detection.

This paper presents a high-level circuit obfuscation technique to prevent the theft of intellectual property (IP) of integrated circuits. In particular, our technique protects a class of circuits that relies on constant multiplications, such as neural networks and filters, where the constants themselves are the IP to be protected. By making use of decoy constants and a key-based scheme, a reverse engineer adversary at an untrusted foundry is rendered incapable of discerning true constants from decoys. The time-multiplexed constant multiplication (TMCM) block of such circuits, which realizes the multiplication of an input variable by a constant at a time, is considered as our case study for obfuscation. Furthermore, two TMCM design architectures are taken into account; an implementation using a multiplier and a multiplierless shift-adds implementation. Optimization methods are also applied to reduce the hardware complexity of these architectures. The well-known satisfiability (SAT) and automatic test pattern generation (ATPG) based attacks are used to determine the vulnerability of the obfuscated designs. It is observed that the proposed technique incurs small overheads in area, power, and delay that are comparable to the hardware complexity of prominent logic locking methods. Yet, the advantage of our approach is in the insight that constants - instead of arbitrary circuit nodes - become key-protected.

Aggressive time-to-market constraints and enormous hardware design and fabrication costs have pushed the semiconductor industry toward hardware Intellectual Properties (IP) core design. However, the globalization of the integrated circuits (IC) supply chain exposes IP providers to theft and illegal redistribution of IPs. Watermarking and fingerprinting are proposed to detect IP piracy. Nevertheless, they come with additional hardware overhead and cannot guarantee IP security as advanced attacks are reported to remove the watermark, forge, or bypass it. In this work, we propose a novel methodology, GNN4IP, to assess similarities between circuits and detect IP piracy. We model the hardware design as a graph and construct a graph neural network model to learn its behavior using the comprehensive dataset of register transfer level codes and gate-level netlists that we have gathered. GNN4IP detects IP piracy with 96% accuracy in our dataset and recognizes the original IP in its obfuscated version with 100% accuracy.

The concealment and confusion nature of insider threat makes it a challenging task for security analysts to identify insider threat from log data. To detect insider threat, we propose a novel gated recurrent unit (GRU) and multi-autoencoder based insider threat detection method, which is an unsupervised anomaly detection method. It takes advantage of the extremely unbalanced characteristic of insider threat data and constructs a normal behavior autoencoder with low reconfiguration error through multi-level filter behavior learning, and identifies the behavior data with high reconfiguration error as abnormal behavior. In order to achieve the high efficiency of calculation and detection, GRU and multi-head attention are introduced into the autoencoder. Use dataset v6.2 of the CERT insider threat as validation data and threat detection recall as evaluation metric. The experimental results show that the effect of the proposed method is obviously better than that of Isolation Forest, LSTM autoencoder and multi-channel autoencoders based insider threat detection methods, and it's an effective insider threat detection technology.

Network function virtualization (NFV / VNF) and information-centric networking (ICN) are two trending technologies that have attracted expert's attention. NFV is a technique in which network functions (NF) are decoupling from commodity hardware to run on to create virtual communication services. The virtualized class nodes can bring several advantages such as reduce Operating Expenses (OPEX) and Capital Expenses (CAPEX). On the other hand, ICN is a technique that breaks the host-centric paradigm and shifts the focus to “named information” or content-centric. ICN provides highly efficient content retrieval network architecture where popular contents are cached to minimize duplicate transmissions and allow mobile users to access popular contents from caches of network gateways. This paper investigates the implementation of NFV in ICN. Besides, reviewing and discussing the weaknesses and strengths of each architecture in a critical analysis manner of both network architectures. Eventually, highlighted the current issues and future challenges of both architectures.

Quantum entanglement gives rise to a range of non-classical effects, which are extensively exploited in quantum computing and quantum communication. Therefore, detection and quantification of entanglement as well as preparation of highly entangled quantum states remain the fundamental objectives in these fields. Much attention has been devoted to the studies of graph states, which play a role of a central resource in quantum error correction, quantum cryptography and practical quantum metrology in the presence of noise.We examine multi-qubit graph states generated by the action of controlled phase shift operators on a separable quantum state of a system, in which all the qubits are in arbitrary identical states. Analytical expression is obtained for the geometric measure of entanglement of a qubit with other qubits in graph states represented by arbitrary graphs. We conclude that this quantity depends on the degree of the vertex corresponding to the qubit, the absolute values of the parameter of the phase shift gate and the parameter of the initial state the gate is acting on. Moreover, the geometric measure of entanglement of certain types of graph states is quantified on the IBM’s quantum computer ibmq\_athens based on the measurements of the mean spin. Namely, we consider states associated with the native connectivity of ibmq\_athens, the claw and the complete graphs. Appropriate protocols are proposed to prepare these states on the quantum computer. The results of quantum computations verify our theoretical findings [1].

A tamper-resistant logical operation method based on integrated nanophotonics is proposed focusing on electromagnetic side-channel attacks. In the proposed method, only the phase of each optical signal is modulated depending on its logical state, which keeps the power of optical signals in optical logic circuits constant. This provides logic-gate-level tamper resistance which is difficult to achieve with CMOS circuits. An optical implementation method based on electronically-controlled phase shifters is then proposed. The electrical part of proposed circuits achieves 300 times less instantaneous current change, which is proportional to intensity of the leaked electromagnetic wave, than a CMOS logic gate.

Always-On Denial of Service (DoS) Trojans with power drain payload can be disastrous in systems where on-chip power resources are limited. These Trojans are designed so that they have no impact on system behavior and hence, harder to detect. A formal verification method is presented to detect sequential always-on DoS Trojans in pipelined circuits and pipelined microprocessors. Since the method is proof-based, it provides a 100% accurate classification of sequential Trojan components. Another benefit of the approach is that it does not require a reference model, which is one of the requirements of many Trojan detection techniques (often a bottleneck to practical application). The efficiency and scalability of the proposed method have been evaluated on 36 benchmark circuits. The most complex of these benchmarks has as many as 135,898 gates. Detection times are very efficient with a 100% rate of detection, i.e., all Trojan sequential elements were detected and all non-trojan sequential elements were classified as such.

Nowadays malicious vendors can easily insert hardware Trojans into integrated circuit chips as the entire integrated chip supply chain involves numerous design houses and manufacturers on a global scale. It is thereby becoming a necessity to expose any possible hardware Trojans, if they ever exist in a chip. A typical Trojan circuit is made of a trigger and a payload that are interconnected with a trigger net. As trigger net can be viewed as the signature of a hardware Trojan, in this paper, we propose a gate-level hardware Trojan detection method and model that can be applied to screen the entire chip for trigger nets. In specific, we extract the trigger-net features for each net from known netlists and use the machine learning method to train multiple detection models according to the trigger modes. The detection models are used to identify suspicious trigger nets from the netlist of the integrated circuit under detection, and score each net in terms of suspiciousness value. By flagging the top 2% suspicious nets with the highest suspiciousness values, we shall be able to detect majority hardware Trojans, with an average accuracy rate of 96%.