Biblio

Now a day's data hacking is the main issue for cloud computing, protecting a data there are so many methods in that one most usable method is the data Encryption. Process of Encryption is the converting a data into an un readable form using encryption key, encoded version that can only be read with authorized access to the decryption key. This paper presenting a simple, energy and area efficient method for endurance issue in secure resistive main memories. In this method, by employing the random characteristics of the encrypted data encoded by the Advanced Encryption Standard (AES) as well as a rotational shift operation. Random Shifter is simple hardware implementation and energy efficient method. It is considerably smaller than that of other recently proposed methods. Random Shifter technique used for secure memory with other error correction methods. Due to their reprogram ability, Field Programmable Gate Arrays (FPGA) are a popular choice for the hardware implementation of cryptographic algorithms. The proposed random shifter algorithm for AES and DES (Hybrid) data is implemented in the VIRTEX FPGA and it is efficient and suitable for hardware-critical applications. This Paper is implemented using model sim and Xilinx 14.5 version.

Device-to-Device (D2D) communications play a key role in the mobile communication networks. In spite of its benefits, new system architecture expose the D2D communications to unique security threats. Due to D2D users share the same licensed spectrum resources with the cellular users, both the cellular user and D2D receiver can eavesdrop each other's critical information. Thus, to maximize the secrecy rate from the perspective of physical layer security, the letter proposed a optimal power allocation scheme and subsequently to optimization problem of resource allocation is systematically investigated. The efficacy of the proposed scheme is assessed numerically.

The inference results of neural network accelerators often involve personal privacy or business secrets in intelligent systems. It is important for the safety of convolutional neural network (CNN) accelerator to prevent the key data and inference result from being leaked. The latest CNN models have started to combine with fully homomorphic encryption (FHE), ensuring the data security. However, the computational complexity, data storage overhead, inference time are significantly increased compared with the traditional neural network models. This paper proposed a lightweight FHE scheme on fully-connected layer for CNN hardware accelerator to achieve security inference, which not only protects the privacy of inference results, but also avoids excessive hardware overhead and great performance degradation. Compared with state-of-the-art works, this work reduces computational complexity by approximately 90% and decreases ciphertext size by 87%∼95%.

With the emergence and development of quantum computers, the traditional public-key cryptography (PKC) is facing the risk of being cracked. In order to resist quantum attacks and ensure long-term communication security, NIST launched a global collection of Post Quantum Cryptography (PQC) standards in 2016, and it is currently in the third round of selection. There are three Lattice-based PKC algorithms that stand out, and NTRU is one of them. In this article, we proposed the first complete and compact full hardware implementation of NTRU algorithm submitted in the third round. By using one structure to complete the design of the three types of complex polynomial multiplications in the algorithm, we achieved better performance while reducing area costs.

Security plays a paradigmatic role in the area of networking. The main goal of security is to protect these networks which contains confidential data against various kinds of attacks. By changing parameters like key size, increasing the rounds of iteration and finally using confusion box as the S-box, the strength of the cryptographic algorithms can be incremented. By using the Data Encryption Standard (DES), the images can be secured with the help of Dynamic S-boxes. Each of these 8 S-boxes contain 64 elements. Each row contains elements in the range 0–15 and are unique. Our proposed system generates these S-boxes dynamically depending on the key. The evaluation of this Dynamic S-box and DES shows much fruitful results over factors like Non-linearity, Strict Avalanche criterion, Balance, memory and time required for implementation using images.

Three issues should be addressed in ubiquitous power Internet of things (IoT) terminals, such as lack of terminal standardization, high business coupling and weak local intelligent processing ability. The application of operating system in power IoT terminals provides the possibility to solve the above problems, but needs to address the real-time and security problems. In this paper, TrustZone based virtualization architecture is used to tackle the above real-time and security problems, which adopts the dual system architecture of real-time operating system (FreeRTOS) to run real-time tasks, such as power parameter acquisition and control on the real-time operating system, to solve the real-time problem; And non real-time tasks are run on the general operating system(Linux) to solve the expansibility problem of power terminals with hardware assisted virtualization technology achieving the isolation of resources, ensuring the safety of power related applications. The scheme is verified on the physical platform. The results show that the dual operating system power IoT terminal scheme based on ARM TrustZone meets the security requirements and has better real-time performance, with unifying terminal standards, business decoupling and enhancing local processing capacity.

Usually on the top of Smart Chip covered with active shielding layer to prevent invasive physical exploration tampering attacks on part of the chip's function modules, to obtain the chip's critical storage data and sensitive information. This paper introduces a design based on UMC55 technology, and applied to the safety chip active shielding layer method for layout design, the layout design from the two aspects of the metal shielding line and shielding layer detecting circuit, using the minimum size advantage and layout design process when the depth of hidden shielding line interface and port order connection method and greatly increased the difficulty of physical attack. The layout design can withstand most of the current FIB physical attack technology, and has been applied to the actual smart card design, and it has important practical significance for the security design and attack of the chip.

Network intrusion detection systems (NIDS) are widely used solutions targeting the security of any network device connected to the Internet and are taking the lead in the battle against intruders. This paper addresses the network security issues by implementing a hardware-based NIDS solution with a Naïve Bayes machine learning (ML) algorithm for classification using NSL Knowledge Discovery in Databases (KDD) dataset. The proposed FPGA implementation of the Naive Bayes classifier focuses on low latency and provides intrusion detection in just 240ns, with accuracy/precision of 70/97%, occupying 1 % of the Virtex7 VC709 FPGA chip area.

The power terminal network has the characteristics of a large number of nodes, various types, and complex network topology. After the power terminal network is attacked, the impact of power terminals in different business scenarios is also different. Traditional impact assessment methods based on network traffic or power system operation rules are difficult to achieve comprehensive attack impact analysis. In this paper, from the three levels of terminal security itself, terminal network security and terminal business application security, it constructs quantitative indicators for analyzing the impact of power terminals after being attacked, so as to determine the depth and breadth of the impact of the attack on the power terminal network, and provide the next defense measures with realistic basis.

High throughput of crypto circuit is critical for many high performance security applications. The proposed SM3 circuit design breaks the inherent limitation of the conventional algorithm flow by removing the "blocking point" on the critical path, and reorganizes the algebraic structure by adding four parallel compensation operations. In addition, the round expansion architecture, CSA (Carry Save Adder) and pre-calculation are also used in this design. Due to the optimization at both the algorithm level and the circuit level, the synthesized circuit of this design can reach maximum 415MHz operating clock frequency and 6.4Gbps throughput with SMIC 40nm high performance technology. Compared with the conventional implementation method, the throughput performance of the proposed SM3 circuit increases by 97.5% and the chip area of SM3 algorithm area is only increased by 16.2%.

This paper analyzes the current situation and shortcomings of traditional security chip production program management, then proposes a management approach of a chip issue program management method and develope a management system based on Webservice technology. The program management method and system of chip production proposed in this paper simplifies the program management process of chip production and improves the working efficiency of chip production management.

As edge computing has been widely used in IoT (Internet of Things) systems, the security has become one of important issues for IoT. Because of a large amount of private information stored in edge computing devices, it makes edge computing devices attractive to various kinds attacks. To deal with this challenge, this paper proposes a security awareness scheme for edge computing devices in IoT system. Test results show that the proposed approach can improve services-oriented security situation of IoT systems based on edge computing.

One of the most important information in Wireless Sensor Networks (WSNs) is the location of each sensor node. This kind of information is very attractive to attackers for real position exposure of nodes making the whole network vulnerable to different kinds of attacks. According to WSNs privacy, there are two types of threats affect the network: Contextual and Content privacy. In this work, we study contextual privacy, where an eavesdropper tries to find the location of the source or sink node. We propose a Multi-Sinks Cluster-Based Location Privacy Protection (MSCLP) scheme in WSNs that divides the WSN into clusters, each cluster managed by one cluster head (CH). Each CH sends random fake packets in a loop then sends the real packet to the neighbor's CHs using a dynamic routing method to confuse the attacker from tracing back the real packet to reveal the actual location of the source node, we are taking in our consideration two important metrics: the energy consumption, and the delay.

In this paper, a hybrid optical frequency hopping system based on OAM multiplexing is proposed, which is mainly applied to the security of free space optical communication. In the proposed scheme, the segmented users' data goes through two stages of hopping successively to realize data hiding. And the security performance is also analyzed in this paper. © 2020 The Author(s).

Achieving efficient and secure accesses to real-time information from the designated IoT node is the fundamental key requirement for the applications of the Internet of Things. However, IoT nodes are prone to physical attacks, public channels reveal the sensitive information, and gateways that manage the IoT nodes suffer from the single-point failure, thereby causing the security and privacy problems. In this paper, a blockchain-based user remote authentication scheme using physical unclonable functions (PUFs) is proposed to overcome these problems. The PUFs provide physically secure identities for the IoT nodes and the blockchain acts as a distributed database to manage the key materials reliably for gateways. The security analysis is conducted and shows that our scheme realizes reliable security features and resists various attacks. Furthermore, a prototype was implemented to prove our scheme is efficient, scalable, and suitable for IoT scenarios.

In this work, we propose and demonstrate a multi-layer 3-dimensional (3D) vertical RRAM (VRRAM) PUF with in-cell stabilization scheme to improve both cost efficiency and reliability. An 8-layer VRRAM array was manufactured with excellent uniformity and good endurance of \textbackslashtextgreater107. Apart from the variation in RRAM resistance, enhanced randomness is obtained thanks to the parasitic IR drop and abundant sneak current paths in 3D VRRAM. To deal with the common issue of unstable bits in PUF output, in-cell stabilization is proposed by first employing asymmetric biasing to detect the unstable bits and then exploiting reprogramming to expand the deviation to stabilize the output. The bit error rate is reduced by \textbackslashtextgreater7X (68X) for 3(5) times reprogramming. The proposed PUF features excellent resistance against machine learning attack and passes both National Institute of Standards and Technology (NIST) 800-22 and NIST 800-90B test suites.

Various hardware security solutions have been developed recently to help counter hardware level attacks such as hardware Trojan, integrated circuit (IC) counterfeiting and intellectual property (IP) clone/piracy. However, existing solutions often provide specific types of protections. While these solutions achieve great success in preventing even advanced hardware attacks, the compatibility of among these hardware security methods are rarely discussed. The inconsistency hampers with the development of a comprehensive solution for hardware IC and IP from various attacks. In this paper, we develop a security primitive generator to help solve the compatibility issue among different protection techniques. Specifically, we focus on two modern IC/IP protection methods, logic locking and watermarking. A combined locking and watermarking technique is developed based on enhanced finite state machines (FSMs). The security primitive generator will take user-specified constraints and automatically generate an FSM module to perform both logic locking and watermarking. The generated FSM can be integrated into any designs for protection. Our experimental results show that the generator can facilitate circuit protection and provide the flexibility for users to achieve a better tradeoff between security levels and design overheads.

Facial biometrics have the advantages of high reliability, strong distinguishability and easily acquired for authentication. Therefore, it is becoming wildly used in identity authentication filed. However, there are stability, security and privacy issues in generating face key, which brings great challenges to face biometric authentication. In this paper, we propose a biometric key generation scheme based on face image. On the one hand, a deep neural network model for feature extraction is used to improve the stability of identity authentication. On the other hand, a key generation mechanism is designed to generate random biometric key while hiding original facial biometrics to enhance security and privacy of user authentication. The results show the FAR reach to 0.53% and the FRR reach to 0.57% in LFW face database, which achieves the better performance of biometric identification, and the proposed method is able to realize randomness of the generated biometric keys by NIST statistical test suite.

This paper presents a multi-channel, 12 bit, ADC IP core with programmable gain amplifier which is implemented as part of novel Security SoC. The measurement results show that effective number of bits (ENOB) of the ADC IP core reaches 8 bits, SNDR of 47.14dB and SFDR of 56.55dB at 100Ksps sampling rate. The input voltage range is 0V to 3.3V, active die area of 700um*620um in 0.35um CMOS process, and the ADC consumes 22mW in all channel auto-scan mode at 3.3V power supply.

With the construction of State Grid informatization, professional data such as operation inspection, marketing, and regulation have gradually shifted from offline to online. In recent years, cyberspace security incidents have occurred frequently, and national and group cybersecurity threats have emerged. As the next-generation communication system, quantum security has to satisfy the security requirements. Also, it is especially important to build the fusion application of energy network quantum private communication technology and conventional network, and to form a safe and reliable quantum-level communication technology solution suitable for the power grid. In this paper, from the perspective of the multi-terminal quantum key application, combined with a mature electricity consumption information collection system, a handheld meter reading solution based on quantum private communication technology is proposed to effectively integrate the two and achieve technological upgrading. First, from the technical theory and application fields, the current situation of quantum private communication technology and its feasibility of combining with classical facilities are introduced and analyzed. Then, the hardware security module and handheld meter reading terminal equipment are taken as typical examples to design and realize quantum key shared storage, business security process application model; finally, based on the overall environment of quantum key distribution, the architecture design of multi-terminal quantum key application verification is implemented to verify the quantum key business application process.

With the advancement of computing and communication technologies, data transmission in the internet are getting bigger and faster. However, it is necessary to secure the data to prevent fraud and criminal over the internet. Furthermore, most of the data related to statistics requires to be analyzed securely such as weather data, health data, financial and other services. This paper presents an implementation of cloud security using homomorphic encryption for data analytic in the cloud. We apply the homomorphic encryption that allows the data to be processed without being decrypted. Experimental results show that, for the polynomial degree 26, 28, and 210, the total executions are 2.2 ms, 4.4 ms, 25 ms per data, respectively. The implementation is useful for big data security such as for environment, financial and hospital data analytics.

The increased reliance on the Internet and the corresponding surge in connectivity demand has led to a significant growth in Internet-of-Things (IoT) devices. The continued deployment of IoT devices has in turn led to an increase in network attacks due to the larger number of potential attack surfaces as illustrated by the recent reports that IoT malware attacks increased by 215.7% from 10.3 million in 2017 to 32.7 million in 2018. This illustrates the increased vulnerability and susceptibility of IoT devices and networks. Therefore, there is a need for proper effective and efficient attack detection and mitigation techniques in such environments. Machine learning (ML) has emerged as one potential solution due to the abundance of data generated and available for IoT devices and networks. Hence, they have significant potential to be adopted for intrusion detection for IoT environments. To that end, this paper proposes an optimized ML-based framework consisting of a combination of Bayesian optimization Gaussian Process (BO-GP) algorithm and decision tree (DT) classification model to detect attacks on IoT devices in an effective and efficient manner. The performance of the proposed framework is evaluated using the Bot-IoT-2018 dataset. Experimental results show that the proposed optimized framework has a high detection accuracy, precision, recall, and F-score, highlighting its effectiveness and robustness for the detection of botnet attacks in IoT environments.

Implementations of Cyber-Physical Systems (CPS), like the Internet of Things, Smart Factories or Smart Grid gain more and more impact in their fields of application, as they extend the functionality and quality of the offered services significantly. However, the coupling of safety-critical embedded systems and services of the cyber-space domain introduce many new challenges for system engineers. Especially, the goal to achieve a high level of security throughout CPS presents a major challenge. However, it is necessary to develop and deploy secure CPS, as vulnerabilities and threats may lead to a non- or maliciously modified functionality of the CPS. This could ultimately cause harm to life of involved actors, or at least sensitive information can be leaked or lost. Therefore, it is essential that system engineers are aware of the level of security of the deployed CPS. For this purpose, security metrics and security evaluation frameworks can be utilized, as they are able to quantitatively express security, based on different measurements and rules. However, existing security scoring solutions may not be able to generate accurate security scores for CPS, as they insufficiently consider the typical CPS characteristics, like the communication of heterogeneous systems of physical- and cyber-space domain in an unpredictable manner. Therefore, we propose a security analysis framework, called Security Qualification Matrix (SQM). The SQM is capable to analyses multiple attacks on a System-of-Systems level simultaneously. With this approach, dependencies, potential side effects and the impact of mitigation concepts can quickly be identified and evaluated.

In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Power communication network is an important infrastructure of power system. For a large number of widely distributed business terminals and communication terminals. The data protection is related to the safe and stable operation of the whole power grid. How to solve the problem that lots of nodes need a large number of keys and avoid the situation that these nodes cannot exchange information safely because of the lack of keys. In order to solve the problem, this paper proposed a segmentation and combination technology based on quantum key to extend the limited key. The basic idea was to obtain a division scheme according to different conditions, and divide a key into several different sub-keys, and then combine these key segments to generate new keys and distribute them to different terminals in the system. Sufficient keys were beneficial to key updating, and could effectively enhance the ability of communication system to resist damage and intrusion. Through the analysis and calculation, the validity of this method in the use of limited quantum keys to achieve the business data secure transmission of a large number of terminal was further verified.