Biblio

Continued advances in IoT technology have prompted new investigation into its usage for military operations, both to augment and complement existing military sensing assets and support next-generation artificial intelligence and machine learning systems. Under the emerging Internet of Battlefield Things (IoBT) paradigm, a multitude of operational conditions (e.g., diverse asset ownership, degraded networking infrastructure, adversary activities) necessitate the development of novel security techniques, centered on establishment of trust for individual assets and supporting resilience of broader systems. To advance current IoBT efforts, a set of research directions are proposed that aim to fundamentally address the issues of trust and trustworthiness in contested battlefield environments, building on prior research in the cybersecurity domain. These research directions focus on two themes: (1) Supporting trust assessment for known/unknown IoT assets; (2) Ensuring continued trust of known IoBT assets and systems.

Military technology is ever-evolving to increase the safety and security of soldiers on the field while integrating Internet-of-Things solutions to improve operational efficiency in mission oriented tasks in the battlefield. Centralized communication technology is the traditional network model used for battlefields and is vulnerable to denial of service attacks, therefore suffers performance hazards. They also lead to a central point of failure, due to which, a flexible model that is mobile, resilient, and effective for different scenarios must be proposed. Blockchain offers a distributed platform that allows multiple nodes to update a distributed ledger in a tamper-resistant manner. The decentralized nature of this system suggests that it can be an effective tool for battlefields in securing data communication among Internet-of-Battlefield Things (IoBT). In this paper, we integrate a permissioned blockchain, namely Hyperledger Sawtooth, in IoBT context and evaluate its performance with the goal of determining whether it has the potential to serve the performance needs of IoBT environment. Using different testing parameters, the metric data would help in suggesting the best parameter set, network configuration and blockchain usability views in IoBT context. We show that a blockchain-integrated IoBT platform has heavy dependency on the characteristics of the underlying network such as topology, link bandwidth, jitter, and other communication configurations, that can be tuned up to achieve optimal performance.

FastChain is a simulator built in NS-3 which simulates the networked battlefield scenario with military applications, connecting tankers, soldiers and drones to form Internet-of-Battlefield-Things (IoBT). Computing, storage and communication resources in IoBT are limited during certain situations in IoBT. Under these circumstances, these resources should be carefully combined to handle the task to accomplish the mission. FastChain simulator uses Sharding approach to provide an efficient solution to combine resources of IoBT devices by identifying the correct and the best set of IoBT devices for a given scenario. Then, the set of IoBT devices for a given scenario collaborate together for sharding enabled Blockchain technology. Interested researchers, policy makers and developers can download and use the FastChain simulator to design, develop and evaluate blockchain enabled IoBT scenarios that helps make robust and trustworthy informed decisions in mission-critical IoBT environment.

Modern mobile operating systems store a lot of excessive information that can be used against its owner or organization, like a call history or various system logs. This article describes a universal way of preventing any mobile operating system or application from saving its data in device's internal storage without reducing their functionality. The goal of this work is creation of a software that solves the described problem and works on the bootloading stage. A general algorithm of the designed software, along with its main solutions and requirements, is presented in this paper. Hardware requirement, software testing results and general applications of this software are also listed in this paper.

With the emergence of cloud, content-based image retrieval (CBIR) on encrypted domain gain enormous importance due to the ever increasing need for ensuring confidentiality, authentication, integrity and privacy of data. CBIR on outsourced encrypted images can be done by extracting features from unencrypted images and generating searchable encrypted index based on it. Visual descriptors like color descriptors, shape and texture descriptors, etc. are employed for similarity search. Since visual descriptors used to represent an image have crucial role in retrieving most similar results, an attempt to combine them has been made in this paper. The effect of combining different visual descriptors on retrieval precision in secure CBIR scheme proposed by Xia et al. is analyzed. Experimental results show that combining visual descriptors can significantly enhance retrieval precision of the secure CBIR scheme.

Blockchain technology has attracted much attention due to the great success of the cryptocurrencies. Owing to its immutability property and consensus protocol, blockchain offers a new solution for trusted storage and computation services. To scale up the services, prior research has suggested a hybrid storage architecture, where only small meta-data are stored onchain and the raw data are outsourced to off-chain storage. To protect data integrity, a cryptographic proof can be constructed online for queries over the data stored in the system. However, the previous schemes only support simple key-value queries. In this paper, we take the first step toward studying authenticated range queries in the hybrid-storage blockchain. The key challenge lies in how to design an authenticated data structure (ADS) that can be efficiently maintained by the blockchain, in which a unique gas cost model is employed. By analyzing the performance of the existing techniques, we propose a novel ADS, called GEM2-tree, which is not only gas-efficient but also effective in supporting authenticated queries. To further reduce the ADS maintenance cost without sacrificing much the query performance, we also propose an optimized structure, GEM2*-tree, by designing a two-level index structure. Theoretical analysis and empirical evaluation validate the performance of the proposed ADSs.

Nowadays database outsourcing has become business owners' preferred option and they are benefiting from its flexibility, reliability, and low cost. However, because database service providers cannot always be fully trusted and data owners will no longer have a direct control over their own data, how to make the outsourced data secure becomes a hot research topic. From the data integrity protection aspect, the client wants to make sure the data returned is correct, complete, and up-to-date. Previous research work in literature put more efforts on data correctness, while data completeness is still a challenging problem to solve. There are some existing works that tried to protect the completeness of data. Unfortunately, these solutions were considered not fully solving the problem because of their high communication or computation overhead. The implementations and limitations of existing works will be further discussed in this paper. From the data confidentiality protection aspect, order-preserving encryption (OPE) is a widely used encryption scheme in protecting data confidentiality. It allows the client to perform range queries and some other operations such as GROUP BY and ORDER BY over the OPE encrypted data. Therefore, it is worthy to develop a solution that allows user to verify the query completeness for an OPE encrypted database so that both data confidentiality and completeness are both protected. Inspired by this motivation, we propose a new data completeness protecting scheme by inserting fake tuples into databases. Both the real and fake tuples are OPE encrypted and thus the cloud server cannot distinguish among them. While our new scheme is much more efficient than all existing approaches, the level of security protection remains the same.

As cloud storage and computing gains popularity, data entrusted to the cloud has the potential to be exposed to more people and thus more vulnerable to attacks. It is important to develop mechanisms to protect data privacy and integrity so that clients can safely outsource their data to the cloud. We present a method for ensuring data completeness which is one facet of the data integrity problem. Our approach converts a standard database to a Completeness Protected Database (CPDB) by inserting some semantic fake data before outsourcing it to the cloud. These fake data are initially produced using our generating function which uses Order Preserving Encryption, which allows the user to be able to regenerate these fake data and match them to fake data returned from a range query to check for completeness. The CPDB is innovative in the following ways: (1) fake data is deterministically generated but is semantically indistinguishable from other existing data; (2) since fake data is generated by deterministic functions, data owners do not need to locally store the fake data that have been inserted, instead they can re-generate fake data using the functions; (3) no costly data encryption/signature is used in our scheme compared to previous work which encrypt/sign the entire database.

In this paper, a technique to design analog circuits with enhanced security is described. The proposed key based obfuscation technique uses a mesh topology to obfuscate the physical dimensions and the threshold voltage of the transistor. To mitigate the additional overhead of implementing the obfuscated circuitry, a satisfiability modulo theory (SMT) based algorithm is proposed to auto-determine the sizes of the transistors selected for obfuscation such that only a limited set of key values produce the correct circuit functionality. The proposed algorithm and the obfuscation methodology is implemented on an LC tank voltage-controlled oscillator (VCO). The operating frequency of the VCO is masked with a 24-bit encryption key applied to a 2×6 mesh structure that obfuscates the dimensions of each varactor transistor. The probability of determining the correct key is 5.96×10-8 through brute force attack. The dimensions of the obfuscated transistors determined by the analog satisfiability (aSAT) algorithm result in at least a 15%, 3%, and 13% deviation in, respectively, the effective transistor dimensions, target frequency, and voltage amplitude when an incorrect key is applied to the VCO. In addition, only one key produces the desired frequency and properly sets the overall performance specifications of the VCO. The simulated results indicate that the proposed design methodology, which quickly and accurately determines the transistor sizes for obfuscation, produces the target specifications and provides protection for analog circuits against IP piracy and reverse engineering.

Due to globalization of Integrated Circuit (IC) design flow, Intellectual Property (IP) cores have increasingly become susceptible to various hardware threats such as Trojan insertion, piracy, overbuilding etc. An IP core can be secured against these threats using functional obfuscation based security mechanism. This paper presents a functional obfuscation of digital signal processing (DSP) core for consumer electronics systems using a novel IP core locking block (ILB) logic that leverages the structure of flip-flops and combinational circuits. These ILBs perform the locking of the functionality of a DSP design and actuate the correct functionality only on application of a valid key sequence. In existing approaches so far, executing exhaustive trials are sufficient to extract the valid keys from an obfuscated design. However, proposed work is capable of hindering the extraction of valid keys even on exhaustive trials, unless successfully applied in the first attempt only. In other words, the proposed work drastically reduces the probability of obtaining valid key of a functionally obfuscated design in exhaustive trials. Experimental results indicate that the proposed approach achieves higher security and lower design overhead than previous works.

Intellectual Property (IP) infringement including piracy and overproduction have emerged as significant threats in the semiconductor supply chain. Key-based obfuscation techniques (i.e., logic locking) are widely applied to secure legacy IP from such attacks. However, the fundamental question remains open whether an attacker is allowed an exponential amount of time to seek correct key or could it be useful to lock out the design in a non-destructive manner after several incorrect attempts. In this paper, we address this question with a robust design lockout technique. Specifically, we perform comparisons on obfuscation logic output that reflects the condition (correct or incorrect) of the applied key without changing the system behavior. The proposed approach, when combined with key obfuscation (logic locking) technique, increases the difficulty of reverse engineering key obfuscated RTL module. We provide security evaluation of DLockout against three common side-channel attacks followed by a quantitative assessment of the resilience. We conducted a set of experiments on four datapath intensive IPs and one crypto core for three different key lengths (32-, 64-, and 128-bit) under the typical design corner. On average, DLockout incurs negligible area, power, and delay overheads.

Blockchain technology has brought a huge paradigm shift in multiple industries, by integrating distributed ledger, smart contracts and consensus protocol under the same roof. Notable applications of blockchain include cryptocurrencies and large-scale multi-party transaction management systems. The latter fits very well into the domain of manufacturing and supply chain management for Integrated Circuits (IC), which, despite several advanced technologies, is vulnerable to malicious practices, such as overproduction, IP piracy and deleterious design modification to gain unfair advantages. To combat these threats, researchers have proposed several ideas like hardware metering, design obfuscation, split manufacturing and watermarking. In this paper, we show, how these issues can be complementarily dealt with using blockchain technology coupled with identity-based encryption and physical unclonable functions, for improved resilience against certain adversarial motives. As part of our proposed blockchain protocol, titled `BLIC', we propose an authentication mechanism to secure both active and passive IC transactions, and a composite consensus protocol designed for IC supply chains. We also present studies on the security, scalability, privacy and anonymity of the BLIC protocol.

The manufacturing of integrated circuits (IC) outside of the design houses makes it possible for the adversary to easily perform a reverse engineering attack against intellectual property (IP)/IC. The aim of this attack can be the IP piracy, overproduction, counterfeiting or inserting hardware Trojan (HT) throughout the supply chain of the IC. Preventing hardware Trojan insertion is a significant issue in the context of hardware security (HS) and has not been considered in most of the previous logic encryption methods. To eliminate this problem, in this paper an Anti-Trojan insertion algorithm is presented. The idea is based on the fact that reducing the signals with low-observability (LO) and low-controllability (LC) can prevent HT insertion significantly. The security of logic encryption methods depends on the algorithm and the encryption key. However, the security of these methods has been compromised by SAT attacks over recent years. SAT attacks, can decode the correct key from most logic encryption techniques. In this article, by using the PUF-based encryption, the applied key in the encryption is randomized and SAT attack cannot be performed. Based on the output of PUF, a unique encryption has been made for each chip that preventing from counterfeiting and IP piracy.

IP piracy, reverse engineering, and tampering with FPGA based IP is increasing over time. ROPUF based IP obfuscation can provide a feasible solution. In this paper, a novel approach of FPGA IP obfuscation is implemented using Ring Oscillator based Physical Unclonable Function (ROPUF) and random logic gates. This approach provides a lock and key mechanism as well as authentication of FPGA based designs to protect from security threats. Using the Xilinx ISE design tools and ISCAS 89 benchmarks we have designed a secure FPGA based IP protection scheme with an average of 15% area and 10% of power overhead.

In this article, we introduce the MACH-2K trust overlay network and its architecture. MACH-2K's objectives are to (a) enhance the resiliency of emergency response and public service networks and (b) help build such networks in places, or at times, where network infrastructure is limited. Resiliency may be enhanced in an economic manner by building new ad hoc networks of private mobile devices and joining these to public service networks at specific trusted points. The major barrier to building resiliency by using private devices is ensuring security. MACH-2K uses device location and communication utility patterns to assign trust to devices, after owner approval. After trust is established, message confidentiality, privacy, and integrity may be implemented by well-known cryptographic means. MACH-2K devices may be then requested to forward or consume different types of messages depending on their current level of trust and utility.

The group key maintenance in MANET is especially risky, because repeated node movement, link breakdown and lower capacity resources. The member movement needs key refreshment to maintain privacy among members. To survive with these characteristics variety of clustering concepts used to subdivide the network. To establish considerably stable and trustable environment fuzzy based trust clustering taken into consideration with Group key management. The nodes with highest trust and energy elected as Cluster Head and it forms cluster in its range. The proposed work analyze secure multicast transmission by implementing Polynomial-based key management in Fuzzy Trust based clustered networks (FTBCA) for secure multicast transmission that protect against both internal and external attackers and measure the performance by injecting attack models.

Mobile Ad-hoc Networks (MANETs) are formed when a group of mobile nodes, communicate through wireless links in the absence of central administration. These features make them more vulnerable to several attacks like identity spoofing which leads to identity disclosure. Providing anonymity and privacy for identity are critical issues, especially when the size of such networks scales up. to avoid the centralization problem for key distribution in MANETs. This paper proposes a key distribution scheme for clustered ad-hoc networks. The network is divided into groups of clusters, and each cluster head is responsible for distributing periodically updated security keys among cluster members, for protecting privacy through encryption. Also, an authentication scheme is proposed to ensure the confidentiality of new members to the cluster. The simulation study proves the effectiveness of the proposed scheme in terms of availability and overhead. It scales well for high dense networks and gives less packet drop rate compared to its centralized counterpart in the presence of malicious nodes.

A deniable authentication (DA) protocol plays a vital role to provide security and privacy of the mobile nodes in a mobile ad hoc network (MANET). In recent years, a number of similar works have been proposed, but most of them experience heavy computational and communication overhead. Further, most of these protocols are not secure against different attacks. To address these concerns, we devised an identity-based deniable authentication (IBDA) protocol with adequate security and efficiency. The proposed IBDA protocol is mainly designed for MANETs, where the mobile devices are resource-limited. The proposed IBDA protocol used the elliptic curve cryptography (ECC) and identity-based cryptosystem (IBC). The security of our IBDA protocol depends on the elliptic curve discrete logarithm (ECDL) problem and bilinear Diffie-Hellman (BDH) problem.

Security is one of the more challenging problem for wireless Ad-Hoc networks specially in MANT due their features like dynamic topology, no centralized infrastructure, open architecture, etc. that make its more prone to different attacks. These attacks can be passive or active. The passive attack it hard to detect it in the network because its targets the confidential of data packet by eavesdropping on it. Therefore, the privacy preservation for data packets payload which it transmission over MANET has been a major part of concern. especially for safety-sensitive applications such as, privacy conference meetings, military applications, etc. In this paper it used symmetric cryptography to provide privacy for data packet by proposed modified AES based on five proposed which are: Key generation based on multi chaotic system, new SubByte, new ShiftRows, Add-two-XOR, Add-Shiftcycl.

With the advent of blockchain technology, multiple avenues of use are being explored. The immutability and security afforded by blockchain are the key aspects of exploitation. Extending this to legal contracts involving digital intellectual properties provides a way to overcome the use of antiquated paperwork to handle digital assets.

Digital signal processing (DSP) and multimedia based reusable Intellectual property (IP) cores form key components of system-on-chips used in consumer electronic devices. They represent years of valuable investment and hence need protection against prevalent threats such as IP cloning and fraudulent claim of ownership. This paper presents a novel crypto digital signature approach which incorporates multiple security modules such as encryption, hashing and encoding for protection of digital signature processing cores. The proposed approach achieves higher robustness (and reliability), in terms of lower probability of coincidence, at lower design cost than existing watermarking approaches for IP cores. The proposed approach achieves stronger proof of authorship (on average by 39.7%) as well as requires lesser storage hardware compared to a recent similar work.

It is common to certify when a file was created in digital investigations, e.g., determining first inventors for patentable ideas in intellectual property systems to resolve disputes. Secure time-stamping schemes can be derived from blockchain-based storage to protect files from backdating/forward-dating, where a file is integrated into a transaction on a blockchain and the timestamp of the corresponding block reflects the latest time the file was created. Nevertheless, blocks' timestamps in blockchains suffer from time errors, which causes the inaccuracy of files' timestamps. In this paper, we propose an accurate blockchain-based time-stamping scheme called Chronos. In Chronos, when a file is created, the file and a sufficient number of successive blocks that are latest confirmed on blockchain are integrated into a transaction. Due to chain quality, it is computationally infeasible to pre-compute these blocks. The time when the last block was chained to the blockchain serves as the earliest creation time of the file. The time when the block including the transaction was chained indicates the latest creation time of the file. Therefore, Chronos makes the file's creation time corresponding to this time interval. Based on chain growth, Chronos derives the time when these two blocks were chained from their heights on the blockchain, which ensures the accuracy of the file's timestamp. The security and performance of Chronos are demonstrated by a comprehensive evaluation.

In many industry Internet of Things applications, resources like CPU, memory, and battery power are limited and cannot afford the classic cryptographic security solutions. Silicon physical unclonable function (PUF) is a lightweight security primitive that exploits manufacturing variations during the chip fabrication process for key generation and/or device authentication. However, traditional weak PUFs such as ring oscillator (RO) PUF generate chip-unique key for each device, which restricts their application in security protocols where the same key is required to be shared in resource-constrained devices. In this article, in order to address this issue, we propose a PUF-based key sharing method for the first time. The basic idea is to implement one-to-one input-output mapping with lookup table (LUT)-based interstage crossing structures in each level of inverters of RO PUF. Individual customization on configuration bits of interstage crossing structure and different RO selections with challenges bring high flexibility. Therefore, with the flexible configuration of interstage crossing structures and challenges, crossover RO PUF can generate the same shared key for resource-constrained devices, which enables a new application for lightweight key sharing protocols.

Mobile ad hoc network (MANET) is an infrastructure less, self organizing on demand wireless communication. The nodes communicate among themselves through their radio range and nodes within the range are known as neighbor nodes. DSR (Dynamic Source Routing), a MANET reactive routing protocol identify the destination by transmitting route request (RREQ) control message into the network and establishes a path after receiving route reply (RREP) control messages. The intermediate node lies in between source to destination may also send RREP control message, weather they have path information about that destination is present into their route cache due to any previous communication. A malicious node may enter within the network and may send RREP control message to the source before original RREP is being received. After receiving RREP without knowing about the destination source starts to send data and data may reached to a different location. In this paper we proposed a novel algorithm by which a malicious node, even stay in the network and send RREP control message but before data transmission source can authenticate the destination by applying PGP (pretty Good Privacy) encryption program. In order to design our algorithm we proposed to add an extra field with RREQ control message with a unique index value (UIV) and two extra fields in RREP applied over UIV to form a random key (Rk) in such a way that, our proposal can maintained two way authorization scheme. Even a malicious node may exists into the network but before data transmission source can identified weather RREP is received by the requested destination or a by a malicious node.

A Mobile Ad Hoc Network (MANET) is considered a type of network which is wireless and has no fixed infrastructure composed of a set if nodes in self organized fashion which are randomly, frequently and unpredictably mobile. MANETs can be applied in both military and civil environments ones because of its numerous applications. This is due to their special characteristics and self-configuration capability. This is due to its dynamic nature, lack of fixed infrastructure, and the no need of being centrally managed; a special type of routing protocols such as Anonymous routing protocols are needed to hide the identifiable information of communicating parties, while preserving the communication secrecy. This paper provides an examination of a comprehensive list of anonymous routing protocols in MANET, focusing their security and performance capabilities.