Biblio

As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.

Privacy and security have become the most important aspects in any sphere of technology today from embedded systems to VLS I circuits. One such an attack compromising the privacy, security and trust of a networked control system by making them vulnerable to unauthorized access is the Hardware Trojan Horses. Even cryptographic algorithms whose purpose is to safeguard information are susceptible to these Trojan attacks. This paper discusses hybrid supervised machine learning models that predict with great accuracy whether the RSA asymmetric cryptosystem implemented in Atmel XMega microcontroller is Trojan-free (Golden) or Trojan-infected by analyzing the power profiles of the golden algorithm and trojan-infected algorithm. The power profiles are obtained using the ChipWhisperer Lite Board. The features selected from the power profiles are used to create datasets for the proposed hybrid models and train the proposed models using the 70/30 rule. The proposed hybrid models can be concluded that it has an accuracy of more than 88% irrespective of the Trojan types and size of the datasets.

Cryptographic protocols are utilized for establishing a secure session between “honest” agents which communicate strictly according to the protocol rules as well as for ensuring the authenticated and confidential transmission of messages. The specification of a cryptographic protocol is usually presented as a set of requirements for the sequences of transmitted messages including the format of such messages. Note that protocol can describe several execution scenarios. All these requirements lead to a huge formal specification for a real cryptographic protocol and therefore, it is difficult to verify the security of the whole cryptographic protocol at once. In this paper, to overcome this problem, we suggest verifying the protocol security for its fragments. Namely, we verify the security properties for a special set of so-called traces of the cryptographic protocol. Intuitively, a trace of the cryptographic protocol is a sequence of computations, value checks, and transmissions on the sides of “honest” agents permitted by the protocol. In order to choose such set of traces, we introduce an Adversary model and the notion of a similarity relation for traces. We then verify the security properties of selected traces with Tamarin Prover. Experimental results for the EAP and Noise protocols clearly show that this approach can be promising for automatic verification of large protocols.

The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.

Inter-substation Generic Object Oriented Substation Events (GOOSE) communications that are used for critical protection functions have several cyber-security vulnerabilities. GOOSE messages are directly mapped to the Layer 2 Ethernet without network and transport layer headers that provide data encapsulation. The high-status-number attack is a malicious attack on GOOSE messages that allows hackers to completely take over intelligent electronic devices (IEDs) subscribing to GOOSE communications. The status-number parameter of GOOSE messages, stNum is tampered with in these attacks. Given the strict delivery time requirement of 3 ms for GOOSE messaging, it is infeasible to encrypt the GOOSE payload. This work proposes to secure the sensitive stNum parameter of the GOOSE payload using systematically encoded polynomial codes. Exploiting linear codes allows for the security features to be encoded in linear time, in contrast to complex hashing algorithms. At the subscribing IED, the security feature is used to verify that the stNum parameter has not been tampered with during transmission in the insecure medium. The decoding and verification using syndrome computation at the subscriber IED is also accomplished in linear time.

The privacy protection and information security are two crucial issues for future advanced artificial intelligence devices, especially for cooperative system with rich core data exchange which may offer opportunities for attackers to fake interaction messages. To combat such threat, great efforts have been made by introducing trust mechanism in initiative or passive way. Furthermore, blockchain and distributed ledger technology provide a decentralized and peer-to-peer network, which has great potential application for multi-agent system, such as IoTs and robots. It eliminates third-party interference and data in the blockchain are stored in an encrypted way permanently and anti-destroys. In this paper, a methodology of blockchain is proposed and designed for advanced cooperative system with artificial intelligence to protect privacy and sensitive data exchange between multi-agents. The validation procedure is performed in laboratory by a three-level computing networks of Raspberry Pi 3B+, NVIDIA Jetson Tx2 and local computing server for a robot system with four manipulators and four binocular cameras in peer computing nodes by Go language.

Hardware-assisted isolation technology provide a Trusted Execution Environment (TEE) for the Trusted Computing Base (TCB) of a system. Since there is no standardization for such systems, many technologies using different approaches have been implemented over time. Before selecting or implementing a TEE, it is essential to understand the security architecture, features and analyze the technologies with respect to the new security vulnerabilities (i.e. Micro-architectural class of vulnerabilities). These technologies can be divided into two main types: 1) Isolation by software virtualization and 2) Isolation by hardware. In this paper, we discuss technology implementation of each type i.e. Intel SGX and ARM TrustZone for type-1; Intel ME and AMD Secure Processor for type-2. We also cover the vulnerability analysis against each technology with respect to the latest discovered attacks. This would enable a user to precisely appreciate the security capabilities of each technology.

In many-cores based on Network-on-Chip (NoC), several applications execute simultaneously, sharing computation, communication and memory resources. This resource sharing leads to security and trust problems. Hardware Trojans (HTs) may steal sensitive information, degrade system performance, and in extreme cases, induce physical damages. Methods available in the literature to prevent attacks include firewalls, denial-of-service detection, dedicated routing algorithms, cryptography, task migration, and secure zones. The goal of this paper is to add an HT in an NoC, able to execute three types of attacks: packet duplication, block applications, and misrouting. The paper qualitatively evaluates the attacks' effect against methods available in the literature, and its effects showed in an NoC-based many-core. The resulting system is an open-source NoC-based many-core for researchers to evaluate new methods against HT attacks.

Applying machine learning techniques to detect malicious encrypted network traffic has become a challenging research topic. Traditional approaches based on studying network patterns fail to operate on encrypted data, especially without compromising the integrity of encryption. In addition, the requirement of rendering network-wide intelligent protection in a timely manner further exacerbates the problem. In this paper, we propose to leverage ×86 multicore platforms provisioned at enterprises' network edge with the software accelerators to design an encrypted traffic analytics (ETA) system with accelerated speed. Specifically, we explore a suite of data features and machine learning models with an open dataset. Then we show that by using Intel DAAL and OpenVINO libraries in model training and inference, we are able to reduce the training and inference time by a maximum order of 31× and 46× respectively while retaining the model accuracy.

The papers in this special section focus on network science for high confidence cyber-physical systems (CPS) Here CPS refers to the engineered systems that can seamlessly integrate the physical world with the cyber world via advanced computation and communication capabilities. To enable high-confidence CPS for achieving better benefits as well as supporting emerging applications, network science-based theories and methodologies are needed to cope with the ever-growing complexity of smart CPS, to predict the system behaviors, and to model the deep inter-dependencies among CPS and the natural world. The major objective of this special section is to exploit various network science techniques such as modeling, analysis, mining, visualization, and optimization to advance the science of supporting high-confidence CPS for greater assurances of security, safety, scalability, efficiency, and reliability. These papers bring a timely and important research topic. The challenges and opportunities of applying network science approaches to high-confidence CPS are profound and far-reaching.

Due to the rapid growth of using Internet of Things (IoT) devices in the daily life, the need to achieve an acceptable level of security and privacy according to the real security risks for these devices is rising. Security risks may include privacy threats like gaining sensitive information from a device, and authentication problems from counterfeit or cloned devices. It becomes more challenging to add strong security features to extremely constrained devices compared to battery operated devices that have more computational and storage capabilities. We propose a novel application specific instruction-set architecture that allows flexibility on many design levels and achieves the required security level for the Electronic Product Code (EPC) passive Radio Frequency Identification (RFID) tag device. Our solution moves a major design effort from hardware to software, which largely reduces the final unit cost. The proposed architecture can be implemented with 4,662 gate equivalent units (GEs) for 65 nm CMOS technology excluding the memory and the cryptographic units. The synthesis results fulfill the requirements of extremely constrained devices and allow the inclusion of cryptographic units into the datapath of the proposed application-specific instruction set processor (ASIP).

In the era of edge computing and Artificial Intelligence (AI), securing billions of edge devices within a network against intelligent attacks is crucial. We propose PUFGAN, an innovative machine learning attack-proof security architecture, by embedding a self-adversarial agent within a device fingerprint- based security primitive, public PUF (PPUF) known for its strong fingerprint-driven cryptography. The self-adversarial agent is implemented using Generative Adversarial Networks (GANs). The agent attempts to self-attack the system based on two GAN variants, vanilla GAN and conditional GAN. By turning the attacking quality through generating realistic secret keys used in the PPUF primitive into system vulnerability, the security architecture is able to monitor its internal vulnerability. If the vulnerability level reaches at a specific value, PUFGAN allows the system to restructure its underlying security primitive via feedback to the PPUF hardware, maintaining security entropy at as high a level as possible. We evaluated PUFGAN on three different machine environments: Google Colab, a desktop PC, and a Raspberry Pi 2, using a real-world PPUF dataset. Extensive experiments demonstrated that even a strong device fingerprint security primitive can become vulnerable, necessitating active restructuring of the current primitive, making the system resilient against extreme attacking environments.

The recent advancement in the automotive sector has led to a technological explosion. As a result, the modern car provides a wide range of features supported by state of the art hardware and software. Unfortunately, while this is the case of most major components, in the same vehicle we find dozens of sensors and sub-systems built over legacy hardware and software with limited computational capabilities. This paper presents LOKI, a lightweight cryptographic key distribution scheme applicable in the case of the classical invehicle communication systems. The LOKI protocol stands out compared to already proposed protocols in the literature due to its ability to use only a single broadcast message to initiate the generation of a new cryptographic key across a group of nodes. It's lightweight key derivation algorithm takes advantage of a reverse hash chain traversal algorithm to generate fresh session keys. Experimental results consisting of a laboratory-scale system based on Vector Informatik's CANoe simulation environment demonstrate the effectiveness of the developed methodology and its seamless impact manifested on the network.

The massive proliferation of state of the art interfaces into the automotive sector has triggered a revolution in terms of the technological ecosystem that is found in today's modern car. Accordingly, on the one hand, we find dozens of Electronic Control Units (ECUs) running several hundred MB of code, and more and more sophisticated dashboards with integrated wireless communications. On the other hand, in the same vehicle we find the underlying communication infrastructure struggling to keep up with the pace of these radical changes. This paper presents MixCAN (MIXed data authentication for Control Area Networks), an approach for mixing different message signatures (i.e., authentication tags) in order to reduce the overhead of Controller Area Network (CAN) communications. MixCAN leverages the attributes of Bloom Filters in order to ensure that an ECU can sign messages with different CAN identifiers (i.e., mix different message signatures), and that other ECUs can verify the signature for a subset of monitored CAN identifiers. Extensive experimental results based on Vectors Informatik's CANoe/CANalyzer simulation environment and the data set provided by Hacking and Countermeasure Research Lab (HCRL) confirm the validity and applicability of the developed approach. Subsequent experiments including a test bed consisting of Raspberry Pi 3 Model B+ systems equipped with CAN communication modules demonstrate the practical integration of MixCAN in real automotive systems.

With increasing improvements in different areas, Internet control has been making prominent impacts in almost all areas of technology that has resulted in reasonable advances in every discrete field and therefore the industries too are proceeding to the field of IoT (Internet of Things), in which the communication among heterogeneous equipments is via Internet broadly. So imparting these advances of technology in the Power Station Plant sectors i.e. the power plants will be remotely controlled additional to remote monitoring, with no corporal place as a factor for controlling or monitoring. But imparting this technology the security factor needs to be considered as a basic and such methods need to be put into practice that the communication in such networks or control systems is defended against any third party interventions while the data is being transferred from one device to the other device through the internet (Unrestricted Channel). The paper puts forward exercising RSA,DES and AES encrypting schemes for the purpose of data encryption at the Data Link Layer i.e. before it is transmitted to the other device through Internet and as a result of this the security constraints are maintained. The records put to use have been supplied by NTPC, Dadri, India plus simulation part was executed employing MATLAB.

A quantum high secure direct communication with authentication protocol is proposed by using single photons. The high security of the protocol is achieved on levels. The first level involves the verification of the quantum channel security by using fake photons. The authentication process is also ensured by the fake photons. The second level of security is given by the use of multiple polarization bases. The secret message is encoded in groups of photons; each single character of the message is associated with m (m≥7) photons. Thus, at least 27 (128) characters will be encoded. In order to defeat the quantum teleportation attack, the string of bits associated to the secret message is encrypted with a secret string of bits by using XOR operator. Encryption of the sender's identity string and the receiver's identity string by the XOR operator with a random string of fake photons defends quantum man-in-the-middle attack efficiently. Quantum memory is required to implement our protocol. Storage of quantum information is a key element in quantum information processing and provides a more flexible, effective and efficient communication. Our protocol is feasible with current technologies.

IoT is an emerging technology in modern world of communication. As the usage of IoT devices is increasing in day to day life, the secure data communication in IoT environment is the major challenge. Especially, small sized Single-Board Computers (SBCs) or Microcontrollers devices are widely used to transfer data with another in IoT. Due to the less processing power and storage capabilities, the data acquired from these devices must be transferred very securely in order to avoid some ethical issues. There are many cryptography approaches are applied to transfer data between IoT devices, but there are obvious chances to suspect encrypted messages by eavesdroppers. To add more secure data transfer, steganography mechanism is used to avoid the chances of suspicion as another layer of security. Based on the capabilities of IoT devices, low complexity images are used to hide the data with different hiding algorithms. In this research study, the secret data is encoded through QR code and embedded in low complexity cover images by applying image to image hiding fashion. The encoded image is sent to the receiving device via the network. The receiving device extracts the QR code from image using secret key then decoded the original data. The performance measure of the system is evaluated by the image quality parameters mainly Peak Signal to Noise Ratio (PSNR), Normalized Coefficient (NC) and Security with maintaining the quality of contemporary IoT system. Thus, the proposed method hides the precious information within an image using the properties of QR code and sending it without any suspicion to attacker and competes with the existing methods in terms of providing more secure communication between Microcontroller devices in IoT environment.

Two-Dimensional barcodes are used as data authentication storage tool on several cryptographic architectures. This article describes a novel meaningful image authentication method for data validation using the Meaningless Reversible Degradation concept and QR Codes. The system architecture use the Meaningless Reversible Degradation algorithm, systematic Reed-Solomon error correction codes, meaningful images, and QR Codes. The encoded images are the secret key for visual validation. The proposed work encodes any secret image file up to 3.892 Bytes and is decoded using data stored in a QR Code and a digital file retrieved through a wireless connection on a mobile device. The QR Code carries partially distorted and stream ciphered bits. The QR Code version is defined in conformity with the secret image file size. Once the QR Code data is decoded, the authenticating party retrieves a previous created Reed-Solomon redundancy file to correct the QR Code stored data. Finally, the secret image is decoded for user visual identification. A regular QR Code reader cannot decode any meaningful information when the QR Code is scanned. The presented cryptosystem improves the redundancy download file size up to 50% compared to a plaintext image transmission.

True Random number Generator (TRNG) is critical for secure communications. In this work, we explain in details regarding our recent solution on TRNG using random telegraph noise (RTN) including the benefits and the disadvantages. Security check is performed using the NIST randomness tests for both the RTN-based TRNG and various conventional pseudo random umber generator. The newly-proposed design shows excellent randomness, power consumption, low design complexity, small area and high speed, making it a suitable candidate for future cryptographically secured applications within the internet of things.

This paper investigates the use of Software-Defined Networking (SDN) in the detection and mitigation of malware threat, focusing on the example of ExPetr ransomware. Extensive static and dynamic analysis of ExPetr is performed in a purpose-built SDN testbed. The results acquired from this analysis are then used to design and implement an SDN-based solution to detect the malware and prevent it from spreading to other machines inside a local network. Our solution consists of three security mechanisms that have been implemented as components/modules of the Python-based POX controller. These mechanisms include: port blocking, SMB payload inspection, and HTTP payload inspection. When malicious activity is detected, the controller communicates with the SDN switches via the OpenFlow protocol and installs appropriate entries in their flow tables. In particular, the controller blocks machines which are considered infected, by monitoring and reacting in real time to the network traffic they produce. Our experimental results demonstrate that the proposed designs are effective against self-propagating malware in local networks. The implemented system can respond to malicious activities quickly and in real time. Furthermore, by tuning certain thresholds of the detection mechanisms it is possible to trade-off the detection time with the false positive rate.

Currently as the widespread use of virtual monetary units (like Bitcoin, Ethereum, Ripple, Litecoin) has begun, people with bad intentions have been attracted to this area and have produced and marketed ransomware in order to obtain virtual currency easily. This ransomware infiltrates the victim's system with smartly-designed methods and encrypts the files found in the system. After the encryption process, the attacker leaves a message demanding a ransom in virtual currency to open access to the encrypted files and warns that otherwise the files will not be accessible. This type of ransomware is becoming more popular over time, so currently it is the largest information technology security threat. In the literature, there are many studies about detection and analysis of this cyber-bullying. In this study, we focused on crypto-ransomware and investigated a forensic analysis of a current attack example in detail. In this example, the attack method and behavior of the crypto-ransomware were analyzed and it was identified that information belonging to the attacker was accessible. With this dimension, we think our study will significantly contribute to the struggle against this threat.

With the spread of information technology in human life, data protection is a critical task. On the other hand, malicious programs are developed, which can manipulate sensitive and critical data and restrict access to this data. Ransomware is an example of such a malicious program that encrypts data, restricts users' access to the system or their data, and then request a ransom payment. Many types of research have been proposed for ransomware detection. Most of these methods attempt to identify ransomware by relying on program behavior during execution. The main weakness of these methods is that it is not clear how long the program should be monitored to show its real behavior. Therefore, sometimes, these researches cannot early detect ransomware. In this paper, a new method for ransomware detection is proposed that does not require running the program and uses the PE header of the executable files. To extract effective features from the PE header files, an image based on PE header is constructed. Then, according to the advantages of Convolutional Neural Networks in extracting features from images and classifying them, CNN is used. The proposed method achieves 93.33% accuracy. Our results indicate the usefulness and practicality method for ransomware detection.

In this paper, we are going to verify the possibility to create a ransomware simulation that will use an arbitrary combination of known tactics and techniques to bypass an anti-malware defense. To verify this hypothesis, we conducted an experiment in which an agent was trained with the help of reinforcement learning to run the ransomware simulator in a way that can bypass anti-ransomware solution and encrypt the target files. The novelty of the proposed method lies in applying reinforcement learning to anti-ransomware testing that may help to identify weaknesses in the anti-ransomware defense and fix them before a real attack happens.

Lightweight cryptography concept has been a very hot topic for the last few years and considered as a new domain of encryption suitable for big data networks, small devices, phones, cards and embedded systems. These systems require low latency security and low power consuming [1]. An improved lightweight encryption algorithm ILEA is proposed in this paper. ILEA is based on PRINCE lightweight algorithm as his main core with two defacing balanced mixing layers added. ILEA presented in two programming languages: PYTHON, C++ with a comparative study with original PRINCE results and some of another lightweight algorithms.

Lightweight cryptography is a new branch of cryptography focused on providing security to resource-constraint devices such as wireless sensor networks (WSN), Radio-Frequency Identification (RFIDs) and other embedded systems. The factors considered in lightweight cryptography are mainly circuit area, memory requirement, processing time, latency, power, and energy consumption. This paper presents a discussion on common lightweight block ciphers in terms of different performance parameters, strength, design trends, limitations, and applications including the National Institute of Science and Technology (NIST) round 1 and 2 candidates. Analysis of these lightweight algorithms has offered an insight into this newly emerging field of cryptography.