Visible to the public Biblio

Filters: Keyword is supply chain  [Clear All Filters]
2023-06-09
Williams, Daniel, Clark, Chelece, McGahan, Rachel, Potteiger, Bradley, Cohen, Daniel, Musau, Patrick.  2022.  Discovery of AI/ML Supply Chain Vulnerabilities within Automotive Cyber-Physical Systems. 2022 IEEE International Conference on Assured Autonomy (ICAA). :93—96.
Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.
2023-04-14
Yadav, Abhay Kumar, Vishwakarma, Virendra Prasad.  2022.  Adoptation of Blockchain of Things(BCOT): Oppurtunities & Challenges. 2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS). :1–5.
IoT has been an efficient technology for interconnecting different physical objects with the internet. Several cyber-attacks have resulted in compromise in security. Blockchain distributed ledger provide immutability that can answer IoT security concerns. The paper aims at highlighting the challenges & problems currently associated with IoT implementation in real world and how these problems can be minimized by implementing Blockchain based solutions and smart contracts. Blockchain helps in creation of new highly robust IoT known as Blockchain of Things(BCoT). We will also examine presently employed projects working with integrating Blockchain & IoT together for creating desired solutions. We will also try to understand challenges & roadblocks preventing the further implementation of both technologies merger.
Kandera, Branislav, Holoda, Šimon, Jančík, Marián, Melníková, Lucia.  2022.  Supply Chain Risks Assessment of selected EUROCONTROL’s surveillance products. 2022 New Trends in Aviation Development (NTAD). :86–89.
Cybersecurity is without doubt becoming a societal challenge. It even starts to affect sectors that were not considered to be at risk in the past because of their relative isolation. One of these sectors is aviation in general, and specifically air traffic management. Nowadays, the cyber security is one of the essential issues of current Air Traffic Systems. Compliance with the basic principles of cyber security is mandated by European Union law as well as the national law. Therefore, EUROCONTROL as the provider of several tools or services (ARTAS, EAD, SDDS, etc.), is regularly conducting various activities, such as the cyber-security assessments, penetration testing, supply chain risk assessment, in order to maintain and improve persistence of the products against the cyber-attacks.
2023-01-05
Ezzahra, Essaber Fatima, Rachid, Benmoussa, Roland, De Guio.  2022.  Toward Lean Green Supply Chain Performance, A Risk Management Approach. 2022 14th International Colloquium of Logistics and Supply Chain Management (LOGISTIQUA). :1—6.
The purpose of this research work is to develop an approach based on risk management with a view to provide managers and decision-makers with assistance and appropriate guidelines to combine Lean and Green in a successful and integrated way. Risk cannot be managed if not well-identified; hence, a classification of supply chain risks in a Lean Green context was provided. Subsequently to risk identification an approach based on Weighted Product Method (WPM) was proposed; for risk assessment and prioritization, for its ease of use, flexibility and board adaptability. The output of this analysis provides visibility about organization's position toward desired performance and underlines crucial risks to be addressed which marks the starting point of the way to performance improvement. A case study was introduced to demonstrate the applicability and relevance of the developed framework.
Mefteh, Syrine, Rosdahl, Alexa L., Fagan, Kaitlin G., Kumar, Anirudh V..  2022.  Evaluating Chemical Supply Chain Criticality in the Water Treatment Industry: A Risk Analysis and Mitigation Model. 2022 Systems and Information Engineering Design Symposium (SIEDS). :73—78.
The assurance of the operability of surface water treatment facilities lies in many factors, but the factor with the largest impact on said assurance is the availability of the necessary chemicals. Facilities across the country vary in their processes and sources, but all require chemicals to produce potable water. The purpose of this project was to develop a risk assessment tool to determine the shortfalls and risks in the water treatment industry's chemical supply chain, which was used to produce a risk mitigation plan ensuring plant operability. To achieve this, a Fault Tree was built to address four main areas of concern: (i) market supply and demand, (ii) chemical substitutability, (iii) chemical transportation, and (iv) chemical storage process. Expert elicitation was then conducted to formulate a Failure Modes and Effects Analysis (FMEA) and develop Radar Charts, regarding the operations and management of specific plants. These tools were then employed to develop a final risk mitigation plan comprising two parts: (i) a quantitative analysis comparing and contrasting the risks of the water treatment plants under study and (ii) a qualitative recommendation for each of the plants-both culminating in a mitigation model on how to control and monitor chemical-related risks.
Bansal, Lakshya, Chaurasia, Shefali, Sabharwal, Munish, Vij, Mohit.  2022.  Blockchain Integration with end-to-end traceability in the Food Supply Chain. 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE). :1152—1156.
Food supply chain is a complex but necessary food production arrangement needed by the global community to maintain sustainability and food security. For the past few years, entities being a part of the food processing system have usually taken food supply chain for granted, they forget that just one disturbance in the chain can lead to poisoning, scarcity, or increased prices. This continually affects the vulnerable among society, including impoverished individuals and small restaurants/grocers. The food supply chain has been expanded across the globe involving many more entities, making the supply chain longer and more problematic making the traditional logistics pattern unable to match the expectations of customers. Food supply chains involve many challenges like lack of traceability and communication, supply of fraudulent food products and failure in monitoring warehouses. Therefore there is a need for a system that ensures authentic information about the product, a reliable trading mechanism. In this paper, we have proposed a comprehensive solution to make the supply chain consumer centric by using Blockchain. Blockchain technology in the food industry applies in a mindful and holistic manner to verify and certify the quality of food products by presenting authentic information about the products from the initial stages. The problem formulation, simulation and performance analysis are also discussed in this research work.
Dharma Putra, Guntur, Kang, Changhoon, Kanhere, Salil S., Won-Ki Hong, James.  2022.  DeTRM: Decentralised Trust and Reputation Management for Blockchain-based Supply Chains. 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). :1—5.
Blockchain has the potential to enhance supply chain management systems by providing stronger assurance in transparency and traceability of traded commodities. However, blockchain does not overcome the inherent issues of data trust in IoT enabled supply chains. Recent proposals attempt to tackle these issues by incorporating generic trust and reputation management methods, which do not entirely address the complex challenges of supply chain operations and suffers from significant drawbacks. In this paper, we propose DeTRM, a decentralised trust and reputation management solution for supply chains, which considers complex supply chain operations, such as splitting or merging of product lots, to provide a coherent trust management solution. We resolve data trust by correlating empirical data from adjacent sensor nodes, using which the authenticity of data can be assessed. We design a consortium blockchain, where smart contracts play a significant role in quantifying trustworthiness as a numerical score from different perspectives. A proof-of-concept implementation in Hyperledger Fabric shows that DeTRM is feasible and only incurs relatively small overheads compared to the baseline.
2022-09-09
Hadi, Ameer Khadim, Salem, Shahad.  2021.  A proposed methodology to use a Block-chain in Supply Chain Traceability. 2021 4th International Iraqi Conference on Engineering Technology and Their Applications (IICETA). :313—317.

Increasing consumer experience and companies inner quality presents a direct demand of different requirements on supply chain traceability. Typically, existing solutions have separate data storages which eventually provide limited support when multiple individuals are included. Therefore, the block-chain-based methods are utilized to defeat these deficiencies by generating digital illustrations of real products to following several objects at the same time. Nevertheless, they actually cannot identify the change of products in manufacturing methods. The connection between components included in the production decreased, whereby the ability to follow a product’s origin reduced consequently. In this paper, a methodology is recommended which involves using a Block-chain in Supply Chain Traceability, to solve the issues of manipulations and changes in data and product source. The method aims to improve the product’s origin transparency. Block-chain technology produces a specific method of storing data into a ledger, which is raised on many end-devices such as servers or computers. Unlike centralized systems, the records of the present system are encrypted and make it difficult to be manipulated. Accordingly, this method manages the product’s traceability changes. The recommended system is performed for the cheese supply chain. The result were found to be significant in terms of increasing food security and distributors competition.

Jayaprasanna, M.C., Soundharya, V.A., Suhana, M., Sujatha, S..  2021.  A Block Chain based Management System for Detecting Counterfeit Product in Supply Chain. 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV). :253—257.

In recent years, Counterfeit goods play a vital role in product manufacturing industries. This Phenomenon affects the sales and profit of the companies. To ensure the identification of real products throughout the supply chain, a functional block chain technology used for preventing product counterfeiting. By using a block chain technology, consumers do not need to rely on the trusted third parties to know the source of the purchased product safely. Any application that uses block chain technology as a basic framework ensures that the data content is “tamper-resistant”. In view of the fact that a block chain is the decentralized, distributed and digital ledger that stores transactional records known as blocks of the public in several databases known as chain across many networks. Therefore, any involved block cannot be changed in advance, without changing all subsequent block. In this paper, counterfeit products are detected using barcode reader, where a barcode of the product linked to a Block Chain Based Management (BCBM) system. So the proposed system may be used to store product details and unique code of that product as blocks in database. It collects the unique code from the customer and compares the code against entries in block chain database. If the code matches, it will give notification to the customer, otherwise it gets information from the customer about where they bought the product to detect counterfeit product manufacturer.

Palmo, Yangchen, Tanimoto, Shigeaki, Sato, Hiroyuki, Kanai, Atsushi.  2021.  IoT Reliability Improvement Method for Secure Supply Chain Management. 2021 IEEE 10th Global Conference on Consumer Electronics (GCCE). :364—365.

With the rapid development of IoT in recent years, IoT is increasingly being used as an endpoint of supply chains. In general, as the majority of data is now being stored and shared over the network, information security is an important issue in terms of secure supply chain management. In response to cyber security breaches and threats, there has been much research and development on the secure storage and transfer of data over the network. However, there is a relatively limited amount of research and proposals for the security of endpoints, such as IoT linked in the supply chain network. In addition, it is difficult to ensure reliability for IoT itself due to a lack of resources such as CPU power and storage. Ensuring the reliability of IoT is essential when IoT is integrated into the supply chain. Thus, in order to secure the supply chain, we need to improve the reliability of IoT, the endpoint of the supply chain. In this work, we examine the use of IoT gateways, client certificates, and IdP as methods to compensate for the lack of IoT resources. The results of our qualitative evaluation demonstrate that using the IdP method is the most effective.

Wang, Wan, Xu, Fengjiao, Zhang, Chao, Qin, Tingxin.  2021.  Analysis on security management for supply chain under Emergencies. 2021 International Conference on Public Management and Intelligent Society (PMIS). :208—211.

Focusing on security management for supply chain under emergencies, this paper analyzes the characteristics of supply chain risk, clarifies the relationship between business continuity management and security management for supply chain, organizational resilience and security management for supply chain separately, so as to propose suggestions to promote the realization of security management for supply chain combined these two concepts, which is of guiding significance for security management for supply chain and quality assurance of products and services under emergencies.

Liao, Han-Teng, Pan, Chung-Lien.  2021.  The Role of Resilience and Human Rights in the Green and Digital Transformation of Supply Chain. 2021 IEEE 2nd International Conference on Technology, Engineering, Management for Societal impact using Marketing, Entrepreneurship and Talent (TEMSMET). :1—7.
To make supply chains sustainable and smart, companies can use information and communication technologies to manage procurement, sourcing, conversion, logistics, and customer relationship management activities. Characterized by profit, people, and planet, the supply chain processes of creating values and managing risks are expected to be digitally transformed. Once digitized, datafied, and networked, supply chains can account for substantial progress towards sustainability. Given the lack of clarity on the concepts of resilience and human rights for the supply chain, especially with the recent advancement of social media, big data, artificial intelligence, and cloud computing, the study conducts a scoping review. To identify the size, scope, and themes, it collected 180 articles from the Web of Science bibliographic database. The bibliometric findings reveal the overall conceptual and intellectual structure, and the gaps for further research and development. The concept of resilience can be enriched, for instance, by the environmental, social, and governance (ESG) concerns. The enriched notion of resilience can also be expressed in digitized, datafied, and networked forms.
Kusrini, Elisa, Anggarani, Iga, Praditya, Tifa Ayu.  2021.  Analysis of Supply Chain Security Management Systems Based on ISO 28001: 2007: Case Study Leather Factory in Indonesia. 2021 IEEE 8th International Conference on Industrial Engineering and Applications (ICIEA). :471—477.
The international Supply Chains (SC) have expanded rapidly over the decades and also consist of many entities and business partners. The increasing complexity of supply chain makes it more vulnerable to a security threat. Therefore, it is necessary to evaluate security management systems to ensure the flow of goods in SC. In this paper we used international standards to assess the security of the company's supply chain compliance with ISO 28001. Supply chain security that needs to be assessed includes all inbound logistics activities to outbound logistics. The aim of this research is to analyse the security management system by identifying security threat, consequences, and likelihood to develop adequate countermeasures for the security of the company's supply chain. Security risk assessment was done using methodology compliance with ISO 28001 which are identify scope of security assessment, conduct security assessment, list applicable threat scenario, determine consequences, determine likelihood, determine risk score, risk evaluation using risk matrix, determine counter measures, and estimation of risk matrix after countermeasures. This research conducted in one of the leather factory in Indonesia. In this research we divided security threat into five category: asset security, personnel security, information security, goods and conveyance security, and closed cargo transport units. The security assessment was conducted by considering the performance review according to ISO 28001: 2007 and the results show that there are 22 security threat scenarios in the company's supply chain. Based upon a system of priorities by risk score, countermeasures are designed to reduce the threat into acceptable level.
Kieras, Timothy, Farooq, Muhammad Junaid, Zhu, Quanyan.  2020.  RIoTS: Risk Analysis of IoT Supply Chain Threats. 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). :1—6.
Securing the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this paper, we develop RIoTS, a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.
Pranesh, S.A., Kannan V., Vignesh, Viswanathan, N., Vijayalakshmi, M..  2020.  Design and Analysis of Incentive Mechanism for Ethereum-based Supply Chain Management Systems. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1—6.
Blockchain is becoming more popular because of its decentralized, secured, and transparent nature. Supply chain and its management is indispensable to improve customer services, reduce operating costs and improve financial position of a firm. Integration of blockchain and supply chain is substantial, but it alone is not enough for the sustainability of supply chain systems. The proposed mechanism speaks about the method of rewarding the supply chain parties with incentives so as to improve the security and make the integration of supply chain with blockchain sustainable. The proposed incentive mechanism employs the co-operative approach of game theory where all the supply chain parties show a cooperative behavior of following the blockchain-based supply chain protocols and also this mechanism makes a fair attempt in rewarding the supply chain parties with incentives.
Pennekamp, Jan, Alder, Fritz, Matzutt, Roman, Mühlberg, Jan Tobias, Piessens, Frank, Wehrle, Klaus.  2020.  Secure End-to-End Sensing in Supply Chains. 2020 IEEE Conference on Communications and Network Security (CNS). :1—6.
Trust along digitalized supply chains is challenged by the aspect that monitoring equipment may not be trustworthy or unreliable as respective measurements originate from potentially untrusted parties. To allow for dynamic relationships along supply chains, we propose a blockchain-backed supply chain monitoring architecture relying on trusted hardware. Our design provides a notion of secure end-to-end sensing of interactions even when originating from untrusted surroundings. Due to attested checkpointing, we can identify misinformation early on and reliably pinpoint the origin. A blockchain enables long-term verifiability for all (now trustworthy) IoT data within our system even if issues are detected only after the fact. Our feasibility study and cost analysis further show that our design is indeed deployable in and applicable to today’s supply chain settings.
Sobb, Theresa May, Turnbull, Benjamin.  2020.  Assessment of Cyber Security Implications of New Technology Integrations into Military Supply Chains. 2020 IEEE Security and Privacy Workshops (SPW). :128—135.
Military supply chains play a critical role in the acquisition and movement of goods for defence purposes. The disruption of these supply chain processes can have potentially devastating affects to the operational capability of military forces. The introduction and integration of new technologies into defence supply chains can serve to increase their effectiveness. However, the benefits posed by these technologies may be outweighed by significant consequences to the cyber security of the entire defence supply chain. Supply chains are complex Systems of Systems, and the introduction of an insecure technology into such a complex ecosystem may induce cascading system-wide failure, and have catastrophic consequences to military mission assurance. Subsequently, there is a need for an evaluative process to determine the extent to which a new technology will affect the cyber security of military supply chains. This work proposes a new model, the Military Supply Chain Cyber Implications Model (M-SCCIM), that serves to aid military decision makers in understanding the potential cyber security impact of introducing new technologies to supply chains. M-SCCIM is a multiphase model that enables understanding of cyber security and supply chain implications through the lenses of theoretical examinations, pilot applications and system wide implementations.
Kieras, Timothy, Farooq, Muhammad Junaid, Zhu, Quanyan.  2020.  Modeling and Assessment of IoT Supply Chain Security Risks: The Role of Structural and Parametric Uncertainties. 2020 IEEE Security and Privacy Workshops (SPW). :163—170.

Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.

2022-08-03
Nakano, Yuto, Nakamura, Toru, Kobayashi, Yasuaki, Ozu, Takashi, Ishizaka, Masahito, Hashimoto, Masayuki, Yokoyama, Hiroyuki, Miyake, Yutaka, Kiyomoto, Shinsaku.  2021.  Automatic Security Inspection Framework for Trustworthy Supply Chain. 2021 IEEE/ACIS 19th International Conference on Software Engineering Research, Management and Applications (SERA). :45—50.
Threats and risks against supply chains are increasing and a framework to add the trustworthiness of supply chain has been considered. In this framework, organisations in the supply chain validate the conformance to the pre-defined requirements. The results of validations are linked each other to achieve the trustworthiness of the entire supply chain. In this paper, we further consider this framework for data supply chains. First, we implement the framework and evaluate the performance. The evaluation shows 500 digital evidences (logs) can be checked in 0.28 second. We also propose five methods to improve the performance as well as five new functionalities to improve usability. With these functionalities, the framework also supports maintaining the certificate chain.
2022-06-10
Ramachandran, Gowri Sankar, Deane, Felicity, Malik, Sidra, Dorri, Ali, Jurdak, Raja.  2021.  Towards Assisted Autonomy for Supply Chain Compliance Management. 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :321–330.

In an agricultural supply chain, farmers, food processors, transportation agencies, importers, and exporters must comply with different regulations imposed by one or more jurisdictions depending on the nature of their business operations. Supply chain stakeholders conventionally transport their goods, along with the corresponding documentation via regulators for compliance checks. This is generally followed by a tedious and manual process to ensure the goods meet regulatory requirements. However, supply chain systems are changing through digitization. In digitized supply chains, data is shared with the relevant stakeholders through digital supply chain platforms, including blockchain technology. In such datadriven digital supply chains, the regulators may be able to leverage digital technologies, such as artificial intelligence and machine learning, to automate the compliance verification process. However, a barrier to progress is the risk that information will not be credible, thus reversing the gains that automation could achieve. Automating compliance based on inaccurate data may compromise the safety and credibility of the agricultural supply chain, which discourages regulators and other stakeholders from adopting and relying on automation. Within this article we consider the challenges of digital supply chains when we describe parts of the compliance management process and how it can be automated to improve the operational efficiency of agricultural supply chains. We introduce assisted autonomy as a means to pragmatically automate the compliance verification process by combining the power of digital systems while keeping the human in-the-loop. We argue that autonomous compliance is possible, but that the need for human led inspection processes will never be replaced by machines, however it can be minimised through “assisted autonomy”.

2021-12-21
Coufal\'ıková, Aneta, Klaban, Ivo, \v Slajs, Tomá\v s.  2021.  Complex Strategy against Supply Chain Attacks. 2021 International Conference on Military Technologies (ICMT). :1–5.
The risk of cyber-attack is omnipresent, there are lots of threat actors in the cyber field and the number of attacks increases every day. The paper defines currently the most discussed supply chain attacks, briefly summarizes significant events of successful supply chain attacks and outlines complex strategy leading to the prevention of such attacks; the strategy which can be used not only by civil organizations but governmental ones, too. Risks of supply chain attacks against the Czech army are taken into consideration and possible mitigations are suggested.
2021-11-08
Martin, Robert Alan.  2020.  Assurance for CyberPhysical Systems: Addressing Supply Chain Challenges to Trustworthy Software-Enabled Things. 2020 IEEE Systems Security Symposium (SSS). :1–5.
Software is playing a pivotal role in most enterprises, whether they realize it or not, and with the proliferation of Industrial Internet of Things (IoT) and other CyberPhysical systems across our society and critical infrastructure and our collective love affair with automation, optimization, and ``smart'' devices, the role of these types of systems is only going to increase. This talk addresses the myriad of issues that underlie unsafe, insecure, and unreliable software and provides the insights of the Industrial Internet Consortium and other government and industry efforts on how to conquer them and pave the way to a marketplace of trustworthy software-enabled connected things. As the experience of several sectors has shown, the dependence on connected software needs to be met with a strong understanding of the risks to the overall trustworthiness of our software-based capabilities that we, our enterprises, and our world utilize. In many of these new connected systems issues of safety, reliability, and resilience rival or dominate concerns for security and privacy, the long-time focus of many in the IT world. Without a scalable and efficient method for managing these risks so our enterprises can continue to benefit from these advancements that powers our military, commercial industries, cities, and homes to new levels of efficiency, versatility, and cost effectiveness we face the potential for harm, death, and destructiveness. In such a marketplace, creating, exchanging, and integrating components that are trustworthy as well as entering into value-chain relationships with trustworthy partners and service suppliers will be common if we can provide a method for explicitly defining what is meant by the word trustworthy. The approach being pursued by these groups for applying Software Assurance to these systems and their Supply Chains by leveraging Structured Assurance Cases (the focus of this paper), Software Bill of Materials, and secure development practices applied to the evolving Agile and DevSecOps methodologies, is to explicitly identify the detailed requirements ``about what we need to know about something for it to be worthy of our trust'' and to do that in a way that we can convey that basis of trust to others that: can scale; is consistent within different workflows; is flexible to differing sets of hazards and environments; and is applicable to all sectors, domains, and industries.
2021-03-29
Das, T., Eldosouky, A. R., Sengupta, S..  2020.  Think Smart, Play Dumb: Analyzing Deception in Hardware Trojan Detection Using Game Theory. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
In recent years, integrated circuits (ICs) have become significant for various industries and their security has been given greater priority, specifically in the supply chain. Budgetary constraints have compelled IC designers to offshore manufacturing to third-party companies. When the designer gets the manufactured ICs back, it is imperative to test for potential threats like hardware trojans (HT). In this paper, a novel multi-level game-theoretic framework is introduced to analyze the interactions between a malicious IC manufacturer and the tester. In particular, the game is formulated as a non-cooperative, zero-sum, repeated game using prospect theory (PT) that captures different players' rationalities under uncertainty. The repeated game is separated into a learning stage, in which the defender learns about the attacker's tendencies, and an actual game stage, where this learning is used. Experiments show great incentive for the attacker to deceive the defender about their actual rationality by "playing dumb" in the learning stage (deception). This scenario is captured using hypergame theory to model the attacker's view of the game. The optimal deception rationality of the attacker is analytically derived to maximize utility gain. For the defender, a first-step deception mitigation process is proposed to thwart the effects of deception. Simulation results show that the attacker can profit from the deception as it can successfully insert HTs in the manufactured ICs without being detected.
2021-02-23
Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N..  2020.  An Analysis of Pre-installed Android Software. 2020 IEEE Symposium on Security and Privacy (SP). :1039—1055.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

2020-11-02
Wang, Jiawei, Zhang, Yuejun, Wang, Pengjun, Luan, Zhicun, Xue, Xiaoyong, Zeng, Xiaoyang, Yu, Qiaoyan.  2019.  An Orthogonal Algorithm for Key Management in Hardware Obfuscation. 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :1—4.

The globalization of supply chain makes semiconductor chips susceptible to various security threats. Design obfuscation techniques have been widely investigated to thwart intellectual property (IP) piracy attacks. Key distribution among IP providers, system integration team, and end users remains as a challenging problem. This work proposes an orthogonal obfuscation method, which utilizes an orthogonal matrix to authenticate obfuscation keys, rather than directly examining each activation key. The proposed method hides the keys by using an orthogonal obfuscation algorithm to increasing the key retrieval time, such that the primary keys for IP cores will not be leaked. The simulation results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS'89 benchmark circuits. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.4% and consumes 4.7% more power than the baseline1.