Biblio
Discrete Cosine Transform (DCT) is used in JPEG compression, image encryption, image watermarking and channel estimation. In this paper, an Application Specific Processor (ASP) for DCT based applications is designed and implemented to Field Programmable Gate Array (FPGA). One dimensional DCT and IDCT hardwares which have fully parallel architecture have been implemented and connected to MicroBlaze softcore processer. To show a basic application of ASP, DCT based image watermarking example is studied in this system.
In our digital world internet is a widespread channel for transmission of information. Information that is transmitted can be in form of messages, images, audios and videos. Due to this escalating use of digital data exchange cryptography and network security has now become very important in modern digital communication network. Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. The term cryptography is most often associated with scrambling plaintext into ciphertext. This process is called as encryption. Today in industrial processes images are very frequently used, so it has become essential for us to protect the confidential image data from unauthorized access. In this paper Advanced Encryption Standard (AES) which is a symmetric algorithm is used for encryption and decryption of image. Performance of Advanced Encryption Standard algorithm is further enhanced by adding a key stream generator W7. NIOS II soft core processor is used for implementation of encryption and decryption algorithm. A system is designed with the help of SOPC (System on programmable chip) builder tool which is available in QUARTUS II (Version 10.1) environment using NIOS II soft core processor. Developed single core system is implemented using Altera DE2 FPGA board (Cyclone II EP2C35F672). Using MATLAB the image is read and then by using DWT (Discrete Wavelet Transform) the image is compressed. The image obtained after compression is now given as input to proposed AES encryption algorithm. The output of encryption algorithm is given as input to decryption algorithm in order to get back the original image. The implementation of which is done on the developed single core platform using NIOS II processor. Finally the output is analyzed in MATLAB by plotting histogram of original and encrypted image.
Robust and stringent fault detection and correction techniques in executing Advanced Encryption Standard (AES) are still interesting issues for many critical applications. The purpose of fault detection and correction techniques is not only to ensure the reliability of a cryptosystem, but also protect the system against side channel attacks. Such errors could result due to a fault injection attack, production faults, noise or radiation effects in deep space. Devising a proper error control mechanisms for AES cipher during execution would improve both system reliability and security. In this work a novel fault detection and correction algorithm is proposed. The proposed mechanism is making use of the linear mappings of AES round structure to detect errors in the ShiftRow (SR) and MixColumn (MC) transformations. The error correction is achieved by creating temporary redundant check words through the combined SR and MC mapping to create in case of errors an error syndrome leading to error correction with relatively minor additional complexity. The proposed technique is making use of an error detecting and correcting capability in the combined mapping of SR and MC rather than detecting and/or correcting errors in each transformation separately. The proposed technique is making use especially of the MC mapping exhibiting efficient ECC properties, which can be deployed to simplify the design of a fault-tolerance technique. The performance of the algorithm proposed is evaluated by a simulated system model in FPGA technology. The simulation results demonstrate the ability to reach relatively high fault coverage with error correction up to four bytes of execution errors in the merged transformation SR-MC. The overall gate complexity overhead of the resulting system is estimated for proposed technique in FPGA technology.
In this paper, we propose SAFE (Security Aware FlexRay scheduling Engine), to provide a problem definition and a design framework for FlexRay static segment schedule to address the new challenge on security. From a high level specification of the application, the architecture and communication middleware are synthesized to satisfy security requirements, in addition to extensibility, costs, and end-to-end latencies. The proposed design process is applied to two industrial case studies consisting of a set of active safety functions and an X-by-wire system respectively.
This paper presents an efficient implementation of key-value store using Bloom filters on FPGA. Bloom filters are used to reduce the number of unnecessary accesses to the hash tables, thereby improving the performance. Additionally, for better hash table utilization, we use a modified cuckoo hashing algorithm for the implementation. They are implemented in FPGA to further improve the performance. Experimental results show significant performance improvement over existing approaches.
The detectability of malicious circuitry on FPGAs with varying placement properties yet has to be investigated. The authors utilize a Xilinx Virtex-II Pro target platform in order to insert a sequential denial-of-service Trojan into an existing AES design by manipulating a Xilinx-specific, intermediate file format prior to the bitstream generation. Thereby, there is no need for an attacker to acquire access to the hardware description language representation of a potential target architecture. Using a side-channel analysis setup for electromagnetic emanation (EM) measurements, they evaluate the detectability of different Trojan designs with varying location and logic distribution properties. The authors successfully distinguish the malicious from the genuine designs and provide information on how the location and distribution properties of the Trojan logic affect its detectability. To the best of their knowledge, this has been the first practically conducted Trojan detection using localized EM measurements.
Cloud computing is widely deployed to handle challenges such as big data processing and storage. Due to the outsourcing and sharing feature of cloud computing, security is one of the main concerns that hinders the end users to shift their businesses to the cloud. A lot of cryptographic techniques have been proposed to alleviate the data security issues in cloud computing, but most of these works focus on solving a specific security problem such as data sharing, comparison, searching, etc. At the same time, little efforts have been done on program security and formalization of the security requirements in the context of cloud computing. We propose a formal definition of the security of cloud computing, which captures the essence of the security requirements of both data and program. Analysis of some existing technologies under the proposed definition shows the effectiveness of the definition. We also give a simple look-up table based solution for secure cloud computing which satisfies the given definition. As FPGA uses look-up table as its main computation component, it is a suitable hardware platform for the proposed secure cloud computing scheme. So we use FPGAs to implement the proposed solution for k-means clustering algorithm, which shows the effectiveness of the proposed solution.
The Internet of Things (IoT) is here, more than 10 billion units are already connected and five times more devices are expected to be deployed in the next five years. Technological standarization and the management and fostering of rapid innovation by governments are among the main challenges of the IoT. However, security and privacy are the key to make the IoT reliable and trusted. Security mechanisms for the IoT should provide features such as scalability, interoperability and lightness. This paper addresses authentication and access control in the frame of the IoT. It presents Physical Unclonable Functions (PUF), which can provide cheap, secure, tamper-proof secret keys to authentify constrained M2M devices. To be successfully used in the IoT context, this technology needs to be embedded in a standardized identity and access management framework. On the other hand, Embedded Subscriber Identity Module (eSIM) can provide cellular connectivity with scalability, interoperability and standard compliant security protocols. The paper discusses an authorization scheme for a constrained resource server taking advantage of PUF and eSIM features. Concrete IoT uses cases are discussed (SCADA and building automation).
Trusted Platform Module (TPM) has gained its popularity in computing systems as a hardware security approach. TPM provides the boot time security by verifying the platform integrity including hardware and software. However, once the software is loaded, TPM can no longer protect the software execution. In this work, we propose a dynamic TPM design, which performs control flow checking to protect the program from runtime attacks. The control flow checker is integrated at the commit stage of the processor pipeline. The control flow of program is verified to defend the attacks such as stack smashing using buffer overflow and code reuse. We implement the proposed dynamic TPM design in FPGA to achieve high performance, low cost and flexibility for easy functionality upgrade based on FPGA. In our design, neither the source code nor the Instruction Set Architecture (ISA) needs to be changed. The benchmark simulations demonstrate less than 1% of performance penalty on the processor, and an effective software protection from the attacks.
While many theoretical and simulation works have highlighted the potential gains of cognitive radio, several technical issues still need to be evaluated from an experimental point of view. Deploying complex heterogeneous system scenarios is tedious, time consuming and hardly reproducible. To address this problem, we have developed a new experimental facility, called CorteXlab, that allows complex multi-node cognitive radio scenarios to be easily deployed and tested by anyone in the world. Our objective is not to design new software defined radio (SDR) nodes, but rather to provide a comprehensive access to a large set of high performance SDR nodes. The CorteXlab facility offers a 167 m2 electromagnetically (EM) shielded room and integrates a set of 24 universal software radio peripherals (USRPs) from National Instruments, 18 PicoSDR nodes from Nutaq and 42 IoT-Lab wireless sensor nodes from Hikob. CorteXlab is built upon the foundations of the SensLAB testbed and is based the free and open-source toolkit GNU Radio. Automation in scenario deployment, experiment start, stop and results collection is performed by an experiment controller, called Minus. CorteXlab is in its final stages of development and is already capable of running test scenarios. In this contribution, we show that CorteXlab is able to easily cope with the usual issues faced by other testbeds providing a reproducible experiment environment for CR experimentation.
The advanced encryption standard (AES) has been sufficiently studied to confirm that its decryption is computationally impossible. However, its vulnerability against fault analysis attacks has been pointed out in recent years. To verify the vulnerability of electronic devices in the future, into which cryptographic circuits have been incorporated, fault Analysis attacks must be thoroughly studied. The present study proposes a new fault analysis attack method which utilizes the tendency of an operation error due to a glitch. The present study also verifies the validity of the proposed method by performing evaluation experiments using FPGA.
In this paper we present a secure and unclonable embedded system design that can target either an FPGA or an ASIC technology. The premise of the security is that the executed machine code and the executing environment (the embedded processor) will authenticate each other at a per-instruction basis using Physical Unclonable Functions (PUFs) that are built into the processor. The PUFs ensure that the execution of the binary code may only proceed if the binary is compiled with the correct intrinsic knowledge of the PUFs, and that such intrinsic knowledge is virtually unique to each processor and therefore unclonable. We will explain how to implement and integrate the PUFs into the processor's execution environment such that each instruction is authenticated and de-obfuscated on-demand and how to transform an ordinary binary executable into PUF-aware, obfuscated binaries. We will also present a prototype system on a Xilinx Spartan6-based FPGA board.
Hardware Trojan Threats (HTTs) are stealthy components embedded inside integrated circuits (ICs) with an intention to attack and cripple the IC similar to viruses infecting the human body. Previous efforts have focused essentially on systems being compromised using HTTs and the effectiveness of physical parameters including power consumption, timing variation and utilization for detecting HTTs. We propose a novel metric for hardware Trojan detection coined as HTT detectability metric (HDM) that uses a weighted combination of normalized physical parameters. HTTs are identified by comparing the HDM with an optimal detection threshold; if the monitored HDM exceeds the estimated optimal detection threshold, the IC will be tagged as malicious. As opposed to existing efforts, this work investigates a system model from a designer perspective in increasing the security of the device and an adversary model from an attacker perspective exposing and exploiting the vulnerabilities in the device. Using existing Trojan implementations and Trojan taxonomy as a baseline, seven HTTs were designed and implemented on a FPGA testbed; these Trojans perform a variety of threats ranging from sensitive information leak, denial of service to beat the Root of Trust (RoT). Security analysis on the implemented Trojans showed that existing detection techniques based on physical characteristics such as power consumption, timing variation or utilization alone does not necessarily capture the existence of HTTs and only a maximum of 57% of designed HTTs were detected. On the other hand, 86% of the implemented Trojans were detected with HDM. We further carry out analytical studies to determine the optimal detection threshold that minimizes the summation of false alarm and missed detection probabilities.
Security issues in computer networks have focused on attacks on end systems and the control plane. An entirely new class of emerging network attacks aims at the data plane of the network. Data plane forwarding in network routers has traditionally been implemented with custom-logic hardware, but recent router designs increasingly use software-programmable network processors for packet forwarding. These general-purpose processing devices exhibit software vulnerabilities and are susceptible to attacks. We demonstrate-to our knowledge the first-practical attack that exploits a vulnerability in packet processing software to launch a devastating denial-of-service attack from within the network infrastructure. This attack uses only a single attack packet to consume the full link bandwidth of the router's outgoing link. We also present a hardware-based defense mechanism that can detect situations where malicious packets try to change the operation of the network processor. Using a hardware monitor, our NetFPGA-based prototype system checks every instruction executed by the network processor and can detect deviations from correct processing within four clock cycles. A recovery system can restore the network processor to a safe state within six cycles. This high-speed detection and recovery system can ensure that network processors can be protected effectively and efficiently from this new class of attacks.