Biblio

Over the past few years, malicious hardware modifications, a.k.a. hardware Trojans (HT), have emerged as a major security threat because integrated circuit (IC) companies have been fabricating chips at offshore foundries due to various factors including time-to-market, cost reduction demands, and the increased complexity of ICs. Among proposed hardware Trojan detection techniques, reverse engineering appears to be the most accurate and reliable one because it works for all circuits and Trojan types without a golden example of the chip. However, because reverse engineering is an extremely expensive, time-consuming, and destructive process, it is difficult to apply this technique for a large population of ICs in a real test environment. This paper proposes a novel golden-chip-free clustering method using backscattering side-channel to divide ICs into groups of Trojan-free and Trojan-infected boards. The technique requires no golden chip or a priori knowledge of the chip circuitry, and divides a large population of ICs into clusters based on how HTs (if existed) affect their backscattered signals. This significantly reduces the size of test vectors for reverse engineering based detection techniques, thus enables deployment of reverse engineering approaches to a large population of ICs in a real testing scenario. The results are collected on 100 different FPGA boards where boards are randomly chosen to be infected or not. The results show that we can cluster the boards with 100% accuracy and demonstrate that our technique can tolerate manufacturing variations among hardware instances to cluster all the boards accurately for 9 different dormant Trojan designs on 3 different benchmark circuits from Trusthub. We have also shown that we can detect dormant Trojan designs whose trigger size has shrunk to as small as 0.19% of the original circuit with 100% accuracy as well.

Passive radio frequency identification (RFID) systems raise new transmission secrecy protection challenges against the special proactive eavesdropper, since it is able to both enhance the information wiretap and interfere with the information detection at the RFID reader simultaneously by broadcasting its own continuous wave (CW) signal. To defend against proactive eavesdropping attacks, we propose an artificial noise (AN) aided secure transmission scheme for the RFID reader, which superimposes an AN signal on the CW signal to confuse the proactive eavesdropper. The power allocation between the AN signal and the CW signal are optimized to maximize the secrecy rate. Furthermore, we model the attack and defense process between the proactive eavesdropper and the RFID reader as a hierarchical security game, and prove it can achieve the equilibrium. Simulation results show the superiority of our proposed scheme in terms of the secrecy rate and the interactions between the RFID reader and the proactive eavesdropper.

Wireless networking opens up many opportunities to facilitate miniaturized robots in collaborative tasks, while the openness of wireless medium exposes robots to the threats of Sybil attackers, who can break the fundamental trust assumption in robotic collaboration by forging a large number of fictitious robots. Recent advances advocate the adoption of bulky multi-antenna systems to passively obtain fine-grained physical layer signatures, rendering them unaffordable to miniaturized robots. To overcome this conundrum, this paper presents ScatterID, a lightweight system that attaches featherlight and batteryless backscatter tags to single-antenna robots to defend against Sybil attacks. Instead of passively "observing" signatures, ScatterID actively "manipulates" multipath propagation by using backscatter tags to intentionally create rich multipath features obtainable to a single-antenna robot. These features are used to construct a distinct profile to detect the real signal source, even when the attacker is mobile and power-scaling. We implement ScatterID on the iRobot Create platform and evaluate it in typical indoor and outdoor environments. The experimental results show that our system achieves a high AUROC of 0.988 and an overall accuracy of 96.4% for identity verification.

In this paper, we propose a novel PHY layer security technique in radio frequency identification (RFID) backscatter communications system. In order to protect the RFID tag information confidentiality from the eavesdroppers attacks, the proposed technique deploys beam steering (BS) using a one dimensional (1-D) antenna array in the tag side in addition to noise injection from the reader side. The performance analysis and simulation results show that the new technique outperforms the already-existing noise injection security technique and overcomes its design limitations.

Denial of Service (DoS) attacks are a major threat currently observable in computer networks and especially the Internet. In such an attack a malicious party tries to either break a service, running on a server, or exhaust the capacity or bandwidth of the victim to hinder customers to effectively use the service. Recent reports show that the total number of Distributed Denial of Service (DDoS) attacks is steadily growing with "mega-attacks" peaking at hundreds of gigabit/s (Gbps). In this paper, we will provide a quantification of DDoS attacks in size and duration beyond these outliers reported in the media. We find that these mega attacks do exist, but the bulk of attacks is in practice only a fraction of these frequently reported values. We further show that it is feasible to collect meaningful backscatter traces using surprisingly small telescopes, thereby enabling a broader audience to perform attack intelligence research.

Traditional vibration inspection systems, equipped with separated sensing and communication modules, are either very expensive (e.g., hundreds of dollars) and/or suffer from occlusion and narrow field of view (e.g., laser). In this work, we present an RFID-based solution, Tagbeat, to inspect mechanical vibration using COTS RFID tags and readers. Making sense of micro and high-frequency vibration using random and low-frequency readings of tag has been a daunting task, especially challenging for achieving sub-millisecond period accuracy. Our system achieves these three goals by discerning the change pattern of backscatter signal replied from the tag, which is attached on the vibrating surface and displaced by the vibration within a small range. This work introduces three main innovations. First, it shows how one can utilize COTS RFID to sense mechanical vibration and accurately discover its period with a few periods of short and noisy samples. Second, a new digital microscope is designed to amplify the micro-vibration-induced weak signals. Third, Tagbeat introduces compressive reading to inspect high-frequency vibration with relatively low RFID read rate. We implement Tagbeat using a COTS RFID device and evaluate it with a commercial centrifugal machine. Empirical benchmarks with a prototype show that Tagbeat can inspect the vibration period with a mean accuracy of 0.36ms and a relative error rate of 0.03%. We also study three cases to demonstrate how to associate our inspection solution with the specific domain requirements.

In order to enhance the supply chain security at airports, the German federal ministry of education and research has initiated the project ESECLOG (enhanced security in the air cargo chain) which has the goal to improve the threat detection accuracy using one-sided access methods. In this paper, we present a new X-ray backscatter technology for non-intrusive imaging of suspicious objects (mainly low-Z explosives) in luggage's and parcels with only a single-sided access. A key element in this technology is the X-ray backscatter camera embedded with a special twisted-slit collimator. The developed technology has efficiently resolved the problem related to the imaging of complex interior of the object by fixing source and object positions and changing only the scanning direction of the X-ray backscatter camera. Experiments were carried out on luggages and parcels packed with mock-up dangerous materials including liquid and solid explosive simulants. In addition, the quality of the X-ray backscatter image was enhanced by employing high-resolution digital detector arrays. Experimental results are discussed and the efficiency of the present technique to detect suspicious objects in luggages and parcels is demonstrated. At the end, important applications of the proposed backscatter imaging technology to the aviation security are presented.