Biblio

The communication security issue is of great importance and should not be ignored in backbone optical networks which is undergoing the evolution toward software defined networks (SDN). With the aim to solve this problem, this paper conducts deep analysis into the security challenge of software defined optical networks (SDON) and proposes a so-called security-enhanced signaling scheme of SDON. The proposed scheme makes full advantage of current OpenFIow protocol with some necessary extensions and security improvement, by combining digital signatures and message feedback with efficient PKI (Public Key Infrastructure) in signaling procedure of OpenFIow interaction. Thus, this security-enhanced signaling procedure is also designed in details to make sure the end-to-end trusted service connection. Simulation results show that this proposed approach can greatly improve the security level of large-scale optical network for Energy Internet services with better performance in term of connection success rate performance.

Industry 4.0 is based on the CPS architecture since it is the next generation in the industry. The CPS architecture is a system based on Cloud Computing technology and Internet of Things where computer elements collaborate for the control of physical entities. The security framework in this architecture is necessary for the protection of two parts (physical and information) so basically, security in CPS is classified into two main parts: information security (data) and security of control. In this work, we propose two models to solve the two problems detected in the security framework. The first proposal SCCAF (Smart Cloud Computing Adoption Framework) treats the nature of information that serves for the detection and the blocking of the threats our basic architecture CPS. The second model is a modeled detector related to the physical nature for detecting node information.

The evolution of the microelectronics manufacturing industry is characterized by increased complexity, analysis, integration, distribution, data sharing and collaboration, all of which is enabled by the big data explosion. This evolution affords a number of opportunities in improved productivity and quality, and reduced cost, however it also brings with it a number of risks associated with maintaining security of data systems. The International Roadmap for Devices and System Factory Integration International Focus Team (IRDS FI IFT) determined that a security technology roadmap for the industry is needed to better understand the needs, challenges and potential solutions for security in the microelectronics industry and its supply chain. As a first step in providing this roadmap, the IFT conducted a security survey, soliciting input from users, suppliers and OEMs. Preliminary results indicate that data partitioning with IP protection is the number one topic of concern, with the need for industry-wide standards as the second most important topic. Further, the "fear" of security breach is considered to be a significant hindrance to Advanced Process Control efforts as well as use of cloud-based solutions. The IRDS FI IFT will endeavor to provide components of a security roadmap for the industry in the 2018 FI chapter, leveraging the output of the survey effort combined with follow-up discussions with users and consultations with experts.

Reliability and robustness of Internet of Things (IoT)-cloud-based communication is an important issue for prospective development of the IoT concept. In this regard, a robust and unique client-to-cloud communication physical layer is required. Physical Unclonable Function (PUF) is regarded as a suitable physics-based random identification hardware, but suffers from reliability problems. In this paper, we propose novel hardware concepts and furthermore an analysis method in CMOS technology to improve the hardware-based robustness of the generated PUF word from its first point of generation to the last cloud-interfacing point in a client. Moreover, we present a spectral analysis for an inexpensive high-yield implementation in a 65nm generation. We also offer robust monitoring concepts for the PUF-interfacing communication physical layer hardware.

This paper presents a true random number generator that exploits the subthreshold properties of jitter of events propagating in a self-timed ring and jitter of events propagating in an inverter based ring oscillator. Design was implemented in 180nm CMOS flash process. Devices provide high quality random bit sequences passing FIPS 140-2 and NIST SP 800-22 statistical tests which guaranty uniform distribution and unpredictability thanks to the physics based entropy source.

Hardware implementations of cryptographic algorithms may leak information through numerous side channels, which can be used to reveal the secret cryptographic keys, and therefore compromise the security of the algorithm. Power Analysis Attacks (PAAs) [1] exploit the information leakage from the device's power consumption (typically measured on the supply and/or ground pins). Digital circuits consume dynamic switching energy when data propagate through the logic in each new calculation (e.g. new clock cycle). The average power dissipation of a design can be expressed by: Ptot(t) = α · (Pd(t) + Ppvt(t)) (1) where α is the activity factor (the probability that the gate will switch) and depends on the probability distribution of the inputs to the combinatorial logic. This induces a linear relationship between the power and the processed data [2]. Pd is the deterministic power dissipated by the switching of the gate, including any parasitic and intrinsic capacitances, and hence can be evaluated prior to manufacturing. Ppvt is the change in expected power consumption due to nondeterministic parameters such as process variations, mismatch, temperature, etc. In this manuscript, we describe the design of logic gates that induce data-independent (constant) α and Pd.

Physically unclonable functions (PUFs) are used to uniquely identify electronic devices. Here, we introduce a hybrid silicon CMOS-nanotube PUF circuit that uses the variations of nanotube transistors to generate a random response. An analog silicon circuit subsequently converts the nanotube response to zero or one bits. We fabricate an array of nanotube transistors to study and model their device variability. The behavior of the hybrid CMOS-nanotube PUF is then simulated. The parameters of the analog circuit are tuned to achieve the desired normalized Hamming inter-distance of 0.5. The co-design of the nanotube array and the silicon CMOS is an attractive feature for increasing the immunity of the hybrid PUF against an unauthorized duplication. The heterogeneous integration of nanotubes with silicon CMOS offers a new strategy for realizing security tokens that are strong, low-cost, and reliable.

The paper presents an example Sensor-cloud architecture that integrates security as its native ingredient. It is based on the multi-layer client-server model with separation of physical and virtual instances of sensors, gateways, application servers and data storage. It proposes the application of virtualised sensor nodes as a prerequisite for increasing security, privacy, reliability and data protection. All main concerns in Sensor-Cloud security are addressed: from secure association, authentication and authorization to privacy and data integrity and protection. The main concept is that securing the virtual instances is easier to implement, manage and audit and the only bottleneck is the physical interaction between real sensor and its virtual reflection.

The Semantic Web can be used to enable the interoperability of IoT devices and to annotate their functional and nonfunctional properties, including security and privacy. In this paper, we will show how to use the ontology and JSON-LD to annotate connectivity, security and privacy properties of IoT devices. Out of that, we will present our prototype for a lightweight, secure application level protocol wrapper that ensures communication consistency, secrecy and integrity for low cost IoT devices like the ESP8266 and Photon particle.

Untrusted third-party vendors and manufacturers have raised security concerns in hardware supply chain. Among all existing solutions, formal verification methods provide powerful solutions in detection malicious behaviors at the pre-silicon stage. However, little work have been done towards built-in hardware runtime verification at the post-silicon stage. In this paper, a runtime formal verification framework is proposed to evaluate the trust of hardware during its execution. This framework combines the symbolic execution and SAT solving methods to validate the user defined properties. The proposed framework has been demonstrated on an FPGA platform using an SoC design with untrusted IPs. The experimentation results show that the proposed approach can provide high-level security assurance for hardware at runtime.

This work applies side channel analysis on hardware implementations of two CAESAR candidates, Keyak and Ascon. Both algorithms are cryptographic sponges with an iterated permutation. The algorithms share an s-box so attacks on the non-linear step of the permutation are similar. This work presents the first results of a DPA attack on Keyak using traces generated by an FPGA. A new attack is crafted for a larger sensitive variable to reduce the number of traces. It also presents and applies the first CPA attack on Ascon. Using a toy-sized threshold implementation of Ascon we try to give insight in the order of the steps of a permutation.

The number of resource-limited wireless devices utilized in many areas of Internet of Things is growing rapidly; there is a concern about privacy and security. Various lightweight block ciphers are proposed; this work presents a modified lightweight block cipher algorithm. A Linear Feedback Shift Register is used to replace the key generation function in the XTEA1 Algorithm. Using the same evaluation conditions, we analyzed the software implementation of the modified XTEA using FELICS (Fair Evaluation of Lightweight Cryptographic Systems) a benchmarking framework which calculates RAM footprint, ROM occupation and execution time on three largely used embedded devices: 8-bit AVR microcontroller, 16-bit MSP microcontroller and 32-bit ARM microcontroller. Implementation results show that it provides less software requirements compared to original XTEA. We enhanced the security level and the software performance.

Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: integrity, confidentiality and secure measurement. We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models.