Biblio

With the advent of technology and owing to mankind’s reliance on technology, it is of utmost importance to safeguard people’s data and their identity. Biometrics have for long played an important role in providing that layer of security ranging from small scale uses such as house locks to enterprises using them for confidentiality purposes. In this paper we will provide an insight into behavioral biometrics that rely on identifying and measuring human characteristics or behavior. We review different types of behavioral parameters such as keystroke dynamics, gait, footstep pressure signals and more.

Security is a key concern across the world, and it has been a common thread for all critical sectors. Nowadays, it may be stated that security is a backbone that is absolutely necessary for personal safety. The most important requirements of security systems for individuals are protection against theft and trespassing. CCTV cameras are often employed for security purposes. The biggest disadvantage of CCTV cameras is their high cost and the need for a trustworthy individual to monitor them. As a result, a solution that is both easy and cost-effective, as well as secure has been devised. The smart door lock is built on Raspberry Pi technology, and it works by capturing a picture through the Pi Camera module, detecting a visitor's face, and then allowing them to enter. Local binary pattern approach is used for Face recognition. Remote picture viewing, notification, on mobile device are all possible with an IOT based application. The proposed system may be installed at front doors, lockers, offices, and other locations where security is required. The proposed system has an accuracy of 89%, with an average processing time is 20 seconds for the overall process.

We propose TaintLock, a lightweight dynamic scan data authentication and encryption scheme that performs per-pattern authentication and encryption using taint and signature bits embedded within the test pattern. To prevent IP theft, we pair TaintLock with truly random logic locking (TRLL) to ensure resilience against both Oracle-guided and Oracle-free attacks, including scan deobfuscation attacks. TaintLock uses a substitution-permutation (SP) network to cryptographically authenticate each test pattern using embedded taint and signature bits. It further uses cryptographically generated keys to encrypt scan data for unauthenticated users dynamically. We show that it offers a low overhead, non-intrusive secure scan solution without impacting test coverage or test time while preventing IP theft.

Network Intrusion Detection Systems (IDSs) have been used to increase the level of network security for many years. The main purpose of such systems is to detect and block malicious activity in the network traffic. Researchers have been improving the performance of IDS technology for decades by applying various machine-learning techniques. From the perspective of academia, obtaining a quality dataset (i.e. a sufficient amount of captured network packets that contain both malicious and normal traffic) to support machine learning approaches has always been a challenge. There are many datasets publicly available for research purposes, including NSL-KDD, KDDCUP 99, CICIDS 2017 and UNSWNB15. However, these datasets are becoming obsolete over time and may no longer be adequate or valid to model and validate IDSs against state-of-the-art attack techniques. As attack techniques are continuously evolving, datasets used to develop and test IDSs also need to be kept up to date. Proven performance of an IDS tested on old attack patterns does not necessarily mean it will perform well against new patterns. Moreover, existing datasets may lack certain data fields or attributes necessary to analyse some of the new attack techniques. In this paper, we argue that academia needs up-to-date high-quality datasets. We compare publicly available datasets and suggest a way to provide up-to-date high-quality datasets for researchers and the security industry. The proposed solution is to utilize the network traffic captured from the Locked Shields exercise, one of the world’s largest live-fire international cyber defence exercises held annually by the NATO CCDCOE. During this three-day exercise, red team members consisting of dozens of white hackers selected by the governments of over 20 participating countries attempt to infiltrate the networks of over 20 blue teams, who are tasked to defend a fictional country called Berylia. After the exercise, network packets captured from each blue team’s network are handed over to each team. However, the countries are not willing to disclose the packet capture (PCAP) files to the public since these files contain specific information that could reveal how a particular nation might react to certain types of cyberattacks. To overcome this problem, we propose to create a dedicated virtual team, capture all the traffic from this team’s network, and disclose it to the public so that academia can use it for unclassified research and studies. In this way, the organizers of Locked Shields can effectively contribute to the advancement of future artificial intelligence (AI) enabled security solutions by providing annual datasets of up-to-date attack patterns.

The burglary of a safe in the city of Jombang, East Java, lost valuables belonging to the Cemerlang Multipurpose Trading Cooperative. Therefore, a security system tool was created in the safe that serves as a place to store valuables and important assets. Change the security system using the security system with a private unique method with modulo arithmetic pattern. The security system of the safe is designed in layers which are attached with the RFID tag by registering and then verifying it on the card. Entering the password on the card cannot be read or is not performed, then the system will refuse to open it. arduino mega type 256 components, RFID tag is attached to the RFID reader, only one validated passive tag can open access to the security system, namely number B9 20 E3 0F. Meanwhile, of the ten passwords entered, only three match the modulo arithmetic format and can open the security system, namely password numbers 22540, 51324 and 91032. The circuit system on the transistor in the solenoid driver circuit works after the safety system opens. The servo motor can rotate according to the input of the open 900 servo angle rotation program.

Lock design is an important mechanism for scheduling management and security protection in operating systems. However, there is no effective way to identify the differences and connections among lock models, and users need to spend considerable time to understand different lock architectures. In this paper, we propose a classification scheme that abstracts lock design into three types of models: basic spinlock, semaphore amount extension, lock chain structure, and verify the effectiveness of these three types of lock models in the context of current mainstream applications. We also investigate the specific details of applying this classification method, which can be used as a reference for developers to design lock models, thus shorten the software development cycle.

The rapid complexity growth of electronic systems nowadays increases their vulnerability to hacking, such as fault injection, including insertion of glitches into the system clock to corrupt internal state through timing errors. As a countermeasure, a frequency locked loop (FLL) based clock glitch detector is proposed in this paper. Regulated from an external supply voltage, this FLL locks at 16-36X of the system clock, creating four phases to measure the system clock by oversampling at 64-144X. The samples are then used to sense the frequency and close the frequency locked loop, as well as to detect glitches through pattern matching. Implemented in a 5nm FINFET process, it can detect the glitches or pulse width variations down to 3.125% of the input 40MHz clock cycle with the supply varying from 0.5 to 1.0V.

Sample-then-lock construction is a reusable fuzzy extractor for low-entropy sources. When applied on iris recognition scenarios, many subsets of an iris-code are used to lock the cryptographic key. The security of this construction relies on the entropy of subsets of iris codes. Simhadri et al. reported a security level of 32 bits on iris sources. In this paper, we propose two kinds of attacks to crack existing sample-then-lock schemes. Exploiting the low-entropy subsets, our attacks can break the locked key and the enrollment iris-code respectively in less than 220 brute force attempts. To protect from these proposed attacks, we design an improved sample-then-lock scheme. More precisely, our scheme employs stability and discriminability to select high-entropy subsets to lock the genuine secret, and conceals genuine locker by a large amount of chaff lockers. Our experiment verifies that existing schemes are vulnerable to the proposed attacks with a security level of less than 20 bits, while our scheme can resist these attacks with a security level of more than 100 bits when number of genuine subsets is 106.

The globalization of the integrated circuit (IC) manufacturing industry has lured the adversary to come up with numerous malicious activities in the IC supply chain. Logic locking has risen to prominence as a proactive defense strategy against such threats. CAS-Lock (proposed in CHES'20), is an advanced logic locking technique that harnesses the concept of single-point function in providing SAT-attack resiliency. It is claimed to be powerful and efficient enough in mitigating existing state-of-the-art attacks against logic locking techniques. Despite the security robustness of CAS-Lock as claimed by the authors, we expose a serious vulnerability and by exploiting the same we devise a novel attack algorithm against CAS-Lock. The proposed attack can not only reveal the correct key but also the exact AND/OR structure of the implemented CAS-Lock design along with all the key gates utilized in both the blocks of CAS-Lock. It simply relies on the externally observable Distinguishing Input Patterns (DIPs) pertaining to a carefully chosen key simulation of the locked design without the requirement of structural analysis of any kind of the locked netlist. Our attack is successful against various AND/OR cascaded-chain configurations of CAS-Lock and reports 100% success rate in recovering the correct key. It has an attack complexity of \$\textbackslashmathcalO(m)\$, where \$m\$ denotes the number of DIPs obtained for an incorrect key simulation.

In the last decade the use of artificial neural networks (ANNs) in many fields like image processing or speech recognition has become a common practice because of their effectiveness to solve complex tasks. However, in such a rush, very little attention has been paid to security aspects. In this work we explore the possibility to embed a watermark into the ANN parameters. We exploit model redundancy and adaptation capacity to lock a subset of its parameters to carry the watermark sequence. The watermark can be extracted in a simple way to claim copyright on models but can be very easily attacked with model fine-tuning. To tackle this culprit we devise a novel watermark aware training strategy. We aim at delving into the loss landscape to find an optimal configuration of the parameters such that we are robust to fine-tuning attacks towards the watermarked parameters. Our experimental results on classical ANN models trained on well-known MNIST and CIFAR-10 datasets show that the proposed approach makes the embedded watermark robust to fine-tuning and compression attacks.

Logic encryption is a method to improve hardware security by inserting key gates on carefully selected signals in a logic design. Various logic encryption schemes have been proposed in the past decade. Many attack methods to thwart these logic locking schemes have also emerged. The satisfiability (SAT) attack can recover correct keys for many logic obfuscation methods. Recently proposed sensitivity analysis attack can decrypt stripped functionality based logic encryption schemes. This article presents a new encryption scheme named SRTLock, which is resilient against both attacks. SRTLock method first generates 0-injection circuits and encrypts the functionality of these nodes with the key inputs. In the next step, these values are used to control the sensitivity of the functionally stripped output for specific input patterns. The resultant locked circuit is resilient against the SAT and sensitivity analysis attacks. Experimental results demonstrating this on several attacks using standard benchmark circuits are presented.

Logic obfuscation has been proposed as a counter-measure against supply chain threats such as overproduction and IP piracy. However, the functional corruption it offers can be exploited by oracle-guided pruning attacks to recover the obfuscation key, forcing existing logic obfuscation methods to trivialize their output corruption which in turn leads to a diminished protection scope. In this paper, we address this quandary through an FSM obfuscation methodology that delivers obfuscation scope not only through external secrets but more importantly through inherent state transition patterns. We leverage a minimum-cut graph partitioning algorithm to divide the FSM diagram and implement the resulting partitions with distinct FF configurations, enabled by a novel synthesis methodology supporting reconfigurable FFs. The obfuscated FSM can be activated by invoking key values to dynamically switch the FF configuration at a small number of inter-partition transitions. Yet, the overall obfuscation scope comprises far more intra-partition transitions which are driven solely by the inherent transition sequences and thus reveal no key trace. We validate the security of the proposed obfuscation method against numerous functional and structural attacks. Experimental results confirm its delivery of extensive obfuscation scope at marginal overheads.

This project develops a face recognition-based door locking system with two-factor authentication using OpenCV. It uses Raspberry Pi 4 as the microcontroller. Face recognition-based door locking has been around for many years, but most of them only provide face recognition without any added security features, and they are costly. The design of this project is based on human face recognition and the sending of a One-Time Password (OTP) using the Twilio service. It will recognize the person at the front door. Only people who match the faces stored in its dataset and then inputs the correct OTP will have access to unlock the door. The Twilio service and image processing algorithm Local Binary Pattern Histogram (LBPH) has been adopted for this system. Servo motor operates as a mechanism to access the door. Results show that LBPH takes a short time to recognize a face. Additionally, if an unknown face is detected, it will log this instance into a "Fail" file and an accompanying CSV sheet.

With the development in IC technology, testing the designs is becoming more and more complex. In the design, process testing consumes 60-80% of the time. The basic testing principle is providing the circuit under test (CUT) with input patterns, observing output responses, and comparing against the desired response called the golden response. As the density of the device are rising leads to difficulty in examining the sub-circuit of the chip. So, testing of design is becoming a time-consuming and costly process. Attaching additional logic to the circuit resolves the issue by testing itself. BIST is a relatively a design for testability technique to facilitate thorough testing of ICs and it comprises the test pattern generator, circuit under test, and output response analyzer. Quick diagnosis and very high fault coverage can be ensured by BIST. As complexity in the circuit is increasing, testing urges TPGs (Test Pattern Generators) to generate the test patterns for the CUT to sensitize the faults. TPGs are vulnerable to malicious activities such as scan-based side-channel attacks. Secret data saved on the chip can be extracted by an attacker by scanning out the test outcomes. These threats lead to the emergence of securing TPGs. This work demonstrates providing a secured test pattern generator for BIST circuits by locking the logic of TPG with a password or key generated by the key generation circuit. Only when the key is provided test patterns are generated. This provides versatile protection to TPG from malicious attacks such as scan-based side-channel attacks, Intellectual Property (IP) privacy, and IC overproduction.

The ever-increasing cost and complexity of cutting-edge manufacturing and test processes have migrated the semiconductor industry towards a globalized business model. With many untrusted entities involved in the supply chain located across the globe, original intellectual property (IP) owners face threats such as IP theft/piracy, tampering, counterfeiting, reverse engineering, and overproduction. Logic locking has emerged as a promising solution to protect integrated circuits (ICs) against supply chain vulnerabilities. It inserts key gates to corrupt circuit functionality for incorrect key inputs. A logic-locked chip test can be performed either before or after chip activation (becoming unlocked) by loading the unlocking key into the on-chip tamperproof memory. However, both pre-activation and post-activation tests suffer from lower test coverage, higher test cost, and critical security vulnerabilities. To address the shortcomings, we propose LL-ATPG, a logic-locking aware test method that applies a set of valet (dummy) keys based on a target test coverage to perform manufacturing test in an untrusted environment. LL-ATPG achieves high test coverage and minimizes test time overhead when testing the logic-locked chip before activation without sharing the unlocking key. We perform security analysis of LL-ATPG and experimentally demonstrate that sharing the valet keys with the untrusted foundry does not create additional vulnerability for the underlying locking method.

{On considering workplace thefts as a major problem, there is a requirement of designing a vandal proof door hardware and locking mechanism for ensuring the security of our property. So the door lock system with extra security features with a user friendly cost is suggested in this paper. When a stranger comes at the door, he/she has to pass three security levels for unlocking the solenoid locks present at the door and if he fails to do so, the door will remain locked. These three levels are of three extraordinary security features as one of them is using Fingerprint sensor, second is using a knocking pattern, and the last lock is unlocked by the preset pin/pattern entered by the user. Since, in addition to these features, there is one more option for the case of appearing of guest at the door and that is the Image capturing using web-camera present at the door and here the owner of the house is able to unlock all the locks if he wants the guest to enter the home. This all will be monitored by Node MCU}.

This paper presents a high-level circuit obfuscation technique to prevent the theft of intellectual property (IP) of integrated circuits. In particular, our technique protects a class of circuits that relies on constant multiplications, such as neural networks and filters, where the constants themselves are the IP to be protected. By making use of decoy constants and a key-based scheme, a reverse engineer adversary at an untrusted foundry is rendered incapable of discerning true constants from decoys. The time-multiplexed constant multiplication (TMCM) block of such circuits, which realizes the multiplication of an input variable by a constant at a time, is considered as our case study for obfuscation. Furthermore, two TMCM design architectures are taken into account; an implementation using a multiplier and a multiplierless shift-adds implementation. Optimization methods are also applied to reduce the hardware complexity of these architectures. The well-known satisfiability (SAT) and automatic test pattern generation (ATPG) based attacks are used to determine the vulnerability of the obfuscated designs. It is observed that the proposed technique incurs small overheads in area, power, and delay that are comparable to the hardware complexity of prominent logic locking methods. Yet, the advantage of our approach is in the insight that constants - instead of arbitrary circuit nodes - become key-protected.

This work investigates entropy-based prevention of Distributed Denial-of-Service (DDoS) attacks for Software Defined Networks (SDN). The experiments are conducted on a virtual SDN testbed setup within Mininet, a Linux-based network emulator. An arms race iterates on the SDN testbed between offense, launching botnet-based DDoS attacks with progressive sophistications, and defense who is deploying SDN controls with emerging technologies from other faucets of cyber engineering. The investigation focuses on the transmission control protocol’s synchronize flood attack that exploits vulnerabilities in the three-way TCP handshake protocol, to lock up a host from serving new users.The defensive strategy starts with a common packet filtering-based design from the literature to mitigate attacks. Utilizing machine learning algorithms, SDNs actively monitor all possible traffic as a collective dataset to detect DDoS attacks in real time. A constant upgrade to a stronger defense is necessary, as cyber/network security is an ongoing front where attackers always have the element of surprise. The defense further invests on entropy methods to improve early detection of DDoS attacks within the testbed environment. Entropy allows SDNs to learn the expected normal traffic patterns for a network as a whole using real time mathematical calculations, so that the SDN controllers can sense the distributed attack vectors building up before they overwhelm the network.This work reveals the vulnerabilities of SDNs to stealthy DDoS attacks and demonstrates the effectiveness of deploying entropy in SDN controllers for detection and mitigation purposes. Future work includes provisions to use these entropy detection methods, as part of a larger system, to redirect traffic and protect networks dynamically in real time. Other types of DoS, such as ransomware, will also be considered.

The outsourcing of portions of the integrated circuit design chain, mainly fabrication, to untrusted parties has led to an increasing concern regarding the security of fabricated ICs. To mitigate these concerns a number of approaches have been developed, including logic locking. The development of different logic locking methods has influenced research looking at different security evaluations, typically aimed at uncovering a secret key. In this paper, we make the case that corruptibility for incorrect keys is an important metric of logic locking. To measure corruptibility for circuits too large to exhaustively simulate, we describe an ATPG-based method to measure the corruptibility of incorrect keys. Results from applying the method to various circuits demonstrate that this method is effective at measuring the corruptibility for different locks.

Ransomware attack is posting a serious threat against Android devices and stored data that could be locked or/and encrypted by such attack. Existing solutions attempt to detect and prevent such attack by studying different features and applying various analysis mechanisms including static, dynamic or both. In this paper, recent ransomware detection solutions were investigated and compared. Moreover, a deep analysis of android permissions was conducted to identify significant android permissions that can discriminate ransomware with high accuracy before harming users' devices. Consequently, based on the outcome of this analysis, a permissions-based ransomware detection system is proposed. Different classifiers were tested to build the prediction model of this detection system. After the evaluation of the ransomware detection service, the results revealed high detection rate that reached 96.9%. Additionally, the newly permission-based android dataset constructed in this research will be made available to researchers and developers for future work.

The current state of the integrated circuit (IC) ecosystem is that only a handful of foundries are at the forefront, continuously pushing the state of the art in transistor miniaturization. Establishing and maintaining a FinFET-capable foundry is a billion dollar endeavor. This scenario dictates that many companies and governments have to develop their systems and products by relying on 3rd party IC fabrication. The major caveat within this practice is that the procured silicon cannot be blindly trusted: a malicious foundry can effectively modify the layout of the IC, reverse engineer its IPs, and overproduce the entire chip. The Hardware Security community has proposed many countermeasures to these threats. Notably, obfuscation has gained a lot of traction - here, the intent is to hide the functionality from the untrusted foundry such that the aforementioned threats are hindered or mitigated. In this paper, we summarize the research efforts of three independent research groups towards achieving trustworthy ICs, even when fabricated in untrusted offshore foundries. We extensively address the use of logic locking and its many variants, as well as the use of high-level synthesis (HLS) as an obfuscation approach of its own.

Register Transfer Level (RTL) locking seeks to prevent intellectual property (IP) theft of a design by locking the RTL description that functions correctly on the application of a key. This paper evaluates the security of a state-of-the-art RTL locking scheme using a satisfiability modulo theories (SMT) based algorithm to retrieve the secret key. The attack first obtains the high-level behavior of the locked RTL, and then use an SMT based formulation to find so-called distinguishing input patterns (DIP)1 The attack methodology has two main advantages over the gate-level attacks. First, since the attack handles the design at the RTL, the method scales to large designs. Second, the attack does not apply separate unlocking strategies for the combinational and sequential parts of a design; it handles both styles via a unifying abstraction. We demonstrate the attack on locked RTL generated by TAO [1], a state-of-the-art RTL locking solution. Empirical results show that we can partially or completely break designs locked by TAO.

In this paper, we observed Continuous Attacks are one kind of common side channel attack scenarios, where an adversary frequently probes the same target cache lines in a short time. Continuous Attacks cause target cache lines to go through multiple load-evict processes, exhibiting Ping-Pong Patterns. Identifying and obscuring Ping-Pong Patterns effectively interferes with the attacker's probe and mitigates Continuous Attacks. Based on the observations, this paper proposes Ping-Pong Regulator to identify multiple Ping-Pong Patterns and block them with different strategies (Preload or Lock). The Preload proactively loads target lines into the cache, causing the attacker to mistakenly infer that the victim has accessed these lines; the Lock fixes the attacked lines' directory entries on the last level cache directory until they are evicted out of caches, making an attacker's observation of the locked lines is always the L2 cache miss. The experimental evaluation demonstrates that the Ping-Pong Regulator efficiently identifies and secures attacked lines, induces negligible performance impacts and storage overhead, and does not require any software support.

Logic Locking is a well-accepted protection technique to enable trust in the outsourced design and fabrication processes of integrated circuits (ICs) where the original design is modified by incorporating additional key gates in the netlist, resulting in a key-dependent functional circuit. The original functionality of the chip is recovered once it is programmed with the secret key, otherwise, it produces incorrect results for some input patterns. Over the past decade, different attacks have been proposed to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we propose a novel stuck-at fault-based differential fault analysis (DFA) attack, which can be used to break logic locking that relies on a stored secret key. This proposed attack is based on self-referencing, where the secret key is determined by injecting faults in the key lines and comparing the response with its fault-free counterpart. A commercial ATPG tool can be used to generate test patterns that detect these faults, which will be used in DFA to determine the secret key. One test pattern is sufficient to determine one key bit, which results in at most \textbackslashtextbarK\textbackslashtextbar test patterns to determine the entire secret key of size \textbackslashtextbarK\textbackslashtextbar. The proposed attack is generic and can be extended to break any logic locked circuits.

Globalization of IC manufacturing has led to increased security concerns, notably IP theft. Several logic locking techniques have been developed for protecting designs, but they typically display very large overhead, and are generally susceptible to deciphering attacks. In this paper, we propose latch-based logic locking, which manipulates both the flow of data and logic in the design. This method converts an interconnected subset of existing flip-flops to pairs of latches with programmable phase. In tandem, decoy latches and logic are added, inhibiting an attacker from determining the actual design functionality. To validate this technique, we developed and verified a locking insertion flow, analyzed PPA and ATPG overhead on benchmark circuits and industry cores, extended existing attacks to account for the technique, and taped out a demonstration chip. Importantly, we show that the design overhead with this approach is significantly less than with previous logic locking schemes, while resisting model checker-based, oracle-driven attacks. With minimal delay overhead, large numbers of decoy latches can be added, cheaply increasing attack resistance.