Your search keyword '"Computer security compromised by hardware failure"' showing total 142 results

1. Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

Author

Rui Xu, Danfeng Zhang, Andrew Ferraiuolo, G. Edward Suh, and Andrew C. Myers

Subjects

medicine.medical_specialty, Hardware security module, Computer science, Real-time computing, Computer security compromised by hardware failure, 02 engineering and technology, Software, medicine, 0202 electrical engineering, electronic engineering, information engineering, Hardware compatibility list, Information flow (information theory), Programmer, computer.programming_language, General Environmental Science, Hardware architecture, business.industry, Hardware description language, 020207 software engineering, General Medicine, Computer Graphics and Computer-Aided Design, 020202 computer hardware & architecture, Embedded system, General Earth and Planetary Sciences, business, computer

Abstract

Hardware-based mechanisms for software isolation are becoming increasingly popular, but implementing these mechanisms correctly has proved difficult, undermining the root of security. This work introduces an effective way to formally verify important properties of such hardware security mechanisms. In our approach, hardware is developed using a lightweight security-typed hardware description language (HDL) that performs static information flow analysis. We show the practicality of our approach by implementing and verifying a simplified but realistic multi-core prototype of the ARM TrustZone architecture. To make the security-typed HDL expressive enough to verify a realistic processor, we develop new type system features. Our experiments suggest that information flow analysis is efficient, and programmer effort is modest. We also show that information flow constraints are an effective way to detect hardware vulnerabilities, including several found in commercial processors.

Published

2017

2. Eliminating the Hardware-Software Boundary: A Proof-Carrying Approach for Trust Evaluation on Computer Systems

Author

Xiaolong Guo, Yier Jin, and Raj Gautam Dutta

Subjects

Hardware architecture, medicine.medical_specialty, Computer Networks and Communications, business.industry, Computer science, Distributed computing, Computer security compromised by hardware failure, 02 engineering and technology, Formal methods, 020202 computer hardware & architecture, System requirements, Software, Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, 020201 artificial intelligence & image processing, Software system, Safety, Risk, Reliability and Quality, Software engineering, business, Formal verification, Monolithic system

Abstract

The wide usage of hardware intellectual property (IP) cores and software programs from untrusted third-party vendors has raised security concerns for computer system designers. The existing approaches, designed to ensure the trustworthiness of either the hardware IP cores or to verify software programs, rarely secure the entire computer system. The semantic gap between the hardware and the software lends to the challenge of securing computer systems. In this paper, we propose a new unified framework to represent both the hardware infrastructure and the software program in the same formal language. As a result, the semantic gap between the hardware and the software is bridged, enabling the development of system-level security properties for the entire computer system. Our unified framework uses a cross-domain formal verification method to protect the entire computer system within the scope of proof-carrying hardware. The working procedure of the unified framework is demonstrated with a sample embedded system which includes an 8051 microprocessor and an RC5 encryption program. In our demonstration, we show that the embedded system is trusted if the system level security properties are provable. Supported by the unified framework , the system designers/integrators will be able to formally verify the trustworthiness of the computer system integrated with hardware and software both from untrusted third-party vendors.

Published

2017

3. A Retrospective and a Look Forward: Fifteen Years of Physical Unclonable Function Advancement

Author

Yue Zheng, Chip-Hong Chang, and Le Zhang

Subjects

Engineering, medicine.medical_specialty, Hardware security module, Process (engineering), business.industry, 020208 electrical & electronic engineering, Physical unclonable function, Computer security compromised by hardware failure, Cryptography, 02 engineering and technology, Cryptographic protocol, Computer security, computer.software_genre, Field (computer science), 020202 computer hardware & architecture, Computer Science Applications, 0202 electrical engineering, electronic engineering, information engineering, medicine, State (computer science), Electrical and Electronic Engineering, business, computer

Abstract

Severe security threats and alerts associated with the use of smart devices have drawn increasing public attentions since the inception of Internet of Things (IoT) in late 1990s. IoT devices pose a unique and challenging scenario for hardware security because of their ubiquity and area-power cost constraints. Traditional software techniques and established cryptographic methods are either inadequate or impractical due to the computational capacity and permanent storage required to process and maintain the privacy of the secret key. In this light, Physical Unclonable Function (PUF), a burgeoning technology rooted in 2002, comes in handy as an inexpensive and yet effective security primitive to overcome the forgery tagging problem by its radically different way of generating and processing secret keys in security hardware. PUFs are hardware structures or functions designed to utilize the physical disorder of random nanoscale phenomena for the derivation of keys without having to keep any security-critical information explicitly in hardware. As we usher PUF into its 15th anniversary in 2017, it is timely to review the advancements of PUF over the past decade. Specifically, this survey addresses three fundamental questions which are at all times relevant in the security arms race. These questions are: how secure can a PUF be? what differences have PUFs brought to security applications and how do these differences impact existing security protocols? how is hardware implementation research influenced by the opportunities of nanotechnologies and new discoveries of disorder-based physical phenomena? It is hoped that this retrospective study of problems and solutions encountered in the journey of developing PUF to its current state will foreshadow the challenges and opportunities for future sustainable activities in the field.

Published

2017

4. The Design and Implementation of Embedded Security CPU Based on Multi‐strategy

Author

Zhenglin Liu, Xin Zhan, Qiaoling Tong, Dongfang Li, and Xuecheng Zou

Subjects

Hardware architecture, medicine.medical_specialty, business.industry, Computer science, Applied Mathematics, Computer security compromised by hardware failure, 0102 computer and information sciences, 02 engineering and technology, Computer security model, 01 natural sciences, law.invention, Microprocessor, Distributed System Security Architecture, 010201 computation theory & mathematics, Software security assurance, law, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, medicine, 020201 artificial intelligence & image processing, Information flow (information theory), Electrical and Electronic Engineering, business, Field-programmable gate array

Abstract

Control flow monitoring, information flow tracking and memory monitoring are the three main solutions to enhance the security of embedded system at the hardware architecture level. However, most of the current studies about the security of embedded system consider the above solutions in separate dimensions rather than a combined effort. We start from the operation model at the instruction level, and propose a security multi-strategy which combines information flow tracking and memory monitoring by studying the security operating mechanism of embedded system. As a hardware approach this strategy extends the embedded processor architecture with additional security defense control. The experimental results show this multi-strategy is more effective and can detect more malicious attacks than a single solution. The effectiveness of our proposed security multi-strategy has been verified in a Field programmable gate array (FPGA) prototype platform based on a customized Leon3 microprocessor.

Published

2016

5. Computer security is broken

Author

Paul C. Kocher

Subjects

medicine.medical_specialty, General Computer Science, Computer science, 05 social sciences, medicine, Computer security compromised by hardware failure, 0501 psychology and cognitive sciences, Computer security, computer.software_genre, computer, 050105 experimental psychology

Abstract

Computer security problems have far exceeded the limits of the human brain. What can we do about it?

Published

2016

6. State-of-the-art research on electromagnetic information security

Author

Yu-ichi Hayashi

Subjects

Hardware security module, medicine.medical_specialty, Cloud computing security, Computer science, business.industry, Computer security compromised by hardware failure, 020206 networking & telecommunications, 02 engineering and technology, Information security, Condensed Matter Physics, Computer security, computer.software_genre, Security testing, Security information and event management, Software security assurance, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, medicine, General Earth and Planetary Sciences, Electrical and Electronic Engineering, Telecommunications, business, computer

Abstract

As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

Published

2016

7. A Trusted IaaS Environment with Hardware Security Module

Author

Seongwook Jin, Jaehyuk Huh, Seungryoul Maeng, Jinho Seol, and Daewoo Lee

Subjects

medicine.medical_specialty, Information Systems and Management, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Computer security compromised by hardware failure, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Trusted computing base, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, medicine, 021110 strategic, defence & security studies, Cloud computing security, business.industry, Computer security model, Computer Science Applications, Security service, Hardware and Architecture, Operating system, business, computer

Abstract

With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentially malicious privileged domains or cloud administrators. Within a securely isolated execution environment, the hardware security module provides essential security functionality with only restricted interfaces exposed to vulnerable management systems or cloud administrators. Such restriction prevents cloud administrators from affecting the security of guest VMs. The proposed architecture not only defends against wide attack vectors but also achieves a small TCB. This paper discusses our hardware and software implementation of the proposed cloud architecture, analyzes its security, and presents its performance results.

Published

2016

8. Hardware attacks: an algebraic approach

Author

T. Aaron Gulliver, Samer Moein, and Fayez Gebali

Subjects

Very-large-scale integration, medicine.medical_specialty, Hardware security module, Computer Networks and Communications, Computer science, business.industry, Computer security compromised by hardware failure, 020206 networking & telecommunications, Cryptography, Denial-of-service attack, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Attack model, Pre-play attack, 0202 electrical engineering, electronic engineering, information engineering, medicine, 020201 artificial intelligence & image processing, business, computer, Software, Computer hardware

Abstract

Many VLSI chips now contain cryptographic processors to secure their data and external communications. Attackers target the hardware to imitate or understand the system design, to gain access to the system or to obtain encryption keys. They may also try to initiate attacks such as denial of service to disable the services supported by a chip, or reduce system reliability. In this paper, an algebraic methodology is proposed to examine hardware attacks based on the attack properties and associated risks. This methodology is employed to construct algorithms to develop hardware attack and defence strategies. It can also be used to predict system vulnerabilities and assess the security of a system.

Published

2016

9. Hardware Level Security in e-Wallet: Today’s Need

Author

Jatinder Singh

Subjects

Password, medicine.medical_specialty, Multidisciplinary, Cloud computing security, business.industry, Computer science, Internet privacy, Computer security compromised by hardware failure, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security service, Software security assurance, medicine, Security through obscurity, business, computer, Computer hardware

Abstract

After demonetization in INDIA, eWallets are very actively participating for financial transactions in Indian economy. Very huge population in INDIA, today,is using eWallets. In one side, eWallets are providing very convenience in shopping and online transactions and on another side people are fearing for any online frauds because some eWallets are not following fraud proof security practices, they are using Software security practices like password only. Passwords can sometime be easy breakable or can be stolen online. Hardware level security in various e-Wallets, which are active in INDIA, can reduce these types of frauds. Through hardware level security the e-Wallet would be more secure and can be used freely without worry of fraud. To implement hardware level security measure, application developers have to code applications from scratch. Developers need to find a way so that recoding of application can be avoided.

Published

2017

10. Introduction to Hardware Security

Author

Yier Jin

Subjects

Engineering, medicine.medical_specialty, Computer Networks and Communications, lcsh:TK7800-8360, Computer security compromised by hardware failure, 02 engineering and technology, Computer security, computer.software_genre, Security information and event management, hardware trojan, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, Electrical and Electronic Engineering, trusted hardware platform, Cloud computing security, business.industry, lcsh:Electronics, 020207 software engineering, Computer security model, 020202 computer hardware & architecture, Open source hardware, proof-carrying hardware, Security service, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Security through obscurity, hardware security, business, computer

Abstract

Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

Published

2015

11. Rethinking Computers for Cybersecurity

Author

Ruby B. Lee

Subjects

Hardware security module, medicine.medical_specialty, General Computer Science, business.industry, Computer science, Software as a service, Computer security compromised by hardware failure, Access control, Cloud computing, Cryptography, Encryption, Computer security, computer.software_genre, Software, Software security assurance, medicine, business, Cyberspace, Software engineering, computer, Hacker

Abstract

Cyberattacks are growing at an alarming rate, even as our dependence on cyberspace transactions increases. Our software security solutions may no longer be sufficient. It is time to rethink computer design from the foundations. Can hardware security be enlisted to improve cybersecurity? The author discusses two classes of hardware security: hardware-enhanced security architectures for improving software and system security, and secure hardware. The Web extra at https://youtu.be/z-c9ACviGNo is a video of a 2006 invited seminar at the Naval Postgraduate School, in which author Ruby B. Lee presents the Secret-Protected (SP) architecture, which is a minimalist set of hardware features that can be added to any microprocessor or embedded processor that protects the "master secrets" that in turn protect other keys and encrypted information, programs and data.

Published

2015

12. A Hardware Design Language for Timing-Sensitive Information-Flow Security

Author

Yao Wang, Danfeng Zhang, G. Edward Suh, and Andrew C. Myers

Subjects

medicine.medical_specialty, business.industry, Computer science, Hardware description language, Computer security compromised by hardware failure, Information security, General Medicine, Computer Graphics and Computer-Aided Design, Information sensitivity, Embedded system, medicine, Verilog, Hardware design languages, Cache, business, computer, Software, computer.programming_language

Abstract

Information security can be compromised by leakage via low-level hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. With SecVerilog, systems can be built with verifiable control of timing channels and other information channels. SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. It also comes with rigorous formal assurance: we prove that SecVerilog enforces timing-sensitive noninterference and thus ensures secure information flow. By building a secure MIPS processor and its caches, we demonstrate that SecVerilog makes it possible to build complex hardware designs with verified security, yet with low overhead in time, space, and HW designer effort.

Published

2015

13. Analyzing security breaches of countermeasures throughout the refinement process in hardware design flow

Author

Sylvain Guilley, Jean-Luc Danger, Robert Nguyen, Youssef Souissi, Philippe Nguyen, Secure and Safe Hardware (SSH), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Département Communications & Electronique (COMELEC), and Télécom ParisTech

Subjects

medicine.medical_specialty, Engineering, Source code, business.industry, media_common.quotation_subject, Design flow, Process (computing), Computer security compromised by hardware failure, 02 engineering and technology, Fault injection, computer.software_genre, 020202 computer hardware & architecture, Information sensitivity, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, medicine, Computer Aided Design, 020201 artificial intelligence & image processing, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, business, computer, ComputingMilieux_MISCELLANEOUS, Register-transfer level, media_common

Abstract

Side-channel and fault injection attacks are two threats on devices carrying sensitive information. Protections are thus implemented at design time. However, CAD (Computer Aided Design) tools can compromise them, in ways we detail pedagogically in this paper. Then, we explain how a simulation-based methodology allows to check for non-regression, and find problems in case some are introduced while refining the design description from RTL (Register Transfer Level) source code to GDS (Graphic Display System) stream format.

Published

2017

14. Hardware-Assisted Security

Author

Ahmad-Reza Sadeghi

Subjects

Guard (information security), medicine.medical_specialty, Engineering, Hardware security module, business.industry, Legacy system, Computer security compromised by hardware failure, Information technology, Computer security, computer.software_genre, Security information and event management, Information leakage, medicine, Trusted Platform Module, business, computer, Computer hardware

Abstract

Hardware security architectures and primitives are becoming increasingly important in practice providing trust anchors and trusted execution environment to protect modern IT systems, and particularly secure the insecure legacy software. Emerging applications, for instance in IoT area, increasingly involve large numbers of connected and heterogeneous device swarms and pose crucial security and privacy challenges on the underlying devices. Over the past two decades we have seen various hardware security solutions and trends in practice from Trusted Platform Modules (TPM), ARM's TrustZone, and Physically Unclonable Functions (PUFs), to very recent advances such as Intel's Software Guard Extension (SGX) and Control-Flow Enforcement technology (CET). However, despite their advantages these solutions are rarely used by third party developers, make strong trust assumptions about manufacturers, are too expensive for small constrained devices, do not easily scale, or suffer from information leakage. In this talk we will discuss the real-world impact of hardware-based security solutions, their strengths and shortcomings as well as new research directions.

Published

2017

15. Exploiting hardware obfuscation methods to prevent and detect hardware Trojans

Author

Zhiming Zhang, Qiaoyan Yu, and Jaya Dofe

Subjects

Hardware security module, Engineering, medicine.medical_specialty, Supply chain, 0211 other engineering and technologies, Computer security compromised by hardware failure, 02 engineering and technology, Integrated circuit, Computer security, computer.software_genre, law.invention, Hardware Trojan, law, 0202 electrical engineering, electronic engineering, information engineering, medicine, 021110 strategic, defence & security studies, business.industry, Adversary, 020202 computer hardware & architecture, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Embedded system, Logic gate, Hardware obfuscation, business, computer, Computer hardware

Abstract

Due to the globalized semiconductor supply chain, integrated circuits suffer from hardware security attacks. Among various attacks, hardware Trojan insertions have emerged as a major security concern. An adversary modifies the original circuit to accomplish the malicious intentions through the hardware Trojan. Hardware obfuscation has been demonstrated as a promising technique to strengthen hardware implementation against hardware Trojan insertion in the late stage of the supply chain. This work reviews the state-of-the-art hardware obfuscation methods, with the special emphasis on the corresponding efforts made for hardware Trojan prevention and detection. Furthermore, we summarize the evaluation metrics utilized in literature to assess the effectiveness of hardware obfuscation methods. Future directions for hardware obfuscation against hardware Trojans are discussed in this work, as well.

Published

2017

16. Secure Information Flow Verification with Mutable Dependent Types

Author

G. Edward Suh, Andrew Ferraiuolo, Weizhe Hua, and Andrew C. Myers

Subjects

medicine.medical_specialty, business.industry, Computer science, Hardware description language, Computer security compromised by hardware failure, 02 engineering and technology, 020202 computer hardware & architecture, Hardware register, 020204 information systems, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, Hardware design languages, Information flow (information theory), business, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, computer, computer.programming_language

Abstract

This paper presents a novel secure hardware description language (HDL) that uses an information flow type system to ensure that hardware is secure at design time. The novelty of this HDL lies in its ability to securely share hardware modules and storage elements across multiple security levels. Unlike previous secure HDLs, the new HDL enables secure sharing at a fine granularity and without implicitly adding hardware for security enforcement; this is important because the implicitly added hardware can break functionality and harm efficiency. The new HDL enables practical hardware designs that are secure, correct, and efficient. We demonstrate the practicality of the new HDL by using it to design and type-check a synthesizable pipelined processor implementation that support protection rings and instructions that change modes.

Published

2017

17. Methods for Safeguarding Client Data

Author

Jelon L. Anderson

Subjects

medicine.medical_specialty, Security analysis, Cloud computing security, Client data, business.industry, Computer science, Internet privacy, Data security, Computer security compromised by hardware failure, Safeguarding, Computer security model, Computer security, computer.software_genre, medicine, Data Protection Act 1998, business, computer

Published

2017

18. Security Threats and Countermeasures in Three-Dimensional Integrated Circuits

Author

Jaya Dofe, Qiaoyan Yu, Peng Gu, Yuan Xie, Eren Kursun, and Dylan Stow

Subjects

medicine.medical_specialty, Engineering, Hardware security module, business.industry, Supply chain, 020208 electrical & electronic engineering, SIGNAL (programming language), Computer security compromised by hardware failure, 02 engineering and technology, Integrated circuit, Computer security, computer.software_genre, 020202 computer hardware & architecture, law.invention, Attack model, law, Hardware Trojan, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, medicine, Side channel attack, business, computer

Abstract

Existing works on Three-dimensional (3D) hardware security focus on leveraging the unique 3D characteristics to address the supply chain attacks that exist in 2D design. However, 3D ICs introduce specific and unexplored challenges as well as new opportunities for managing hardware security. In this paper, we analyze new security threats unique to 3D ICs. The corresponding attack models are summarized for future research. Furthermore, existing representative countermeasures, including split manufacturing, camouflaging, transistor locking, techniques against thermal signal based side-channel attacks, and network-on-chip based shielding plane (NoCSIP) for different hardware threats are reviewed and categorized. Moreover, preliminary countermeasures are proposed to thwart TSV-based hardware Trojan insertion attacks.

Published

2017

19. The information security system synthesis using the graphs theory

Author

T. L. Stankevich, V. V. Yakovlev, and Vladimir Kustov

Subjects

Authentication, medicine.medical_specialty, Cloud computing security, Computer science, business.industry, Computer security compromised by hardware failure, Information security, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Information protection policy, Software, Software security assurance, medicine, business, computer

Abstract

Timely prevention information security threats, provided by specialized software and hardware, is the effective business foundation, allowing to reduce reputational and financial risks for the company. At the same time, protection must be implemented in all detractors' possible attacks areas. If we turn to the Russian Federation leISSlation, then the FSTEC order №31 of March 14, 2014 may be adopted as the basis for “isolating” the protection vectors, according to which the basic measures for protection should be provided at the following levels: access subjects identification and authentication, access delineation, software restriction, computer storage media protection, etc. (There are 21 of them). On the hardware and software complex basis that implement protection at each of these levels, an enterprise information security system is created. To select the most appropriate software and hardware information security, and, therefore, to build an optimal enterprise information protection system, one can turn to graph theory. In this case, the problem is reduced to the ranked descending graph construction and the optimality problem solution, i.e. critical (maximal) path of this graph calculation. Each graph level corresponds to a specific subsystem of the information security system, while the subsystems are located in the alleged overcoming order protection by the attacker; tops - the considered information security tools; the graph is weighted, the each its arcs weight corresponds to the expert evaluation of the preference for using a particular tool.

Published

2017

20. Using computational game theory to guide verification and security in hardware designs

Author

A. Smith, Robert C. Armstrong, Jackson R. Mayo, Vivian G. Kammler, and Yevgeniy Vorobeychik

Subjects

medicine.medical_specialty, Computer science, business.industry, Computer security compromised by hardware failure, 02 engineering and technology, Adversary, Computer security, computer.software_genre, Formal methods, 020202 computer hardware & architecture, Intelligent verification, Best response, 0202 electrical engineering, electronic engineering, information engineering, Stackelberg competition, medicine, State space, 020201 artificial intelligence & image processing, business, Implementation, computer, Computer hardware

Abstract

Verifying that hardware design implementations adhere to specifications is a time intensive and sometimes intractable problem due to the massive size of the system's state space. Formal methods techniques can be used to prove certain tractable specification properties; however, they are expensive, and often require subject matter experts to develop and solve. Nonetheless, hardware verification is a critical process to ensure security and safety properties are met, and encapsulates problems associated with trust and reliability. For complex designs where coverage of the entire state space is unattainable, prioritizing regions most vulnerable to security or reliability threats would allow efficient allocation of valuable verification resources. Stackelberg security games model interactions between a defender, whose goal is to assign resources to protect a set of targets, and an attacker, who aims to inflict maximum damage on the targets after first observing the defender's strategy. In equilibrium, the defender has an optimal security deployment strategy, given the attacker's best response. We apply this Stackelberg security framework to synthesized hardware implementations using the design's network structure and logic to inform defender valuations and verification costs. The defender's strategy in equilibrium is thus interpreted as a prioritization of the allocation of verification resources in the presence of an adversary. We demonstrate this technique on several open-source synthesized hardware designs.

Published

2017

21. Proposal of hardware device model for IoT endpoint security and its implementation

Author

Ismail Arai, Ryota Jinnai, Kazutoshi Fujikawa, and Atsuo Inomata

Subjects

Hardware security module, medicine.medical_specialty, Cost efficiency, business.industry, Computer science, Computer security compromised by hardware failure, Denial-of-service attack, Endpoint security, Computer security, computer.software_genre, Countermeasure, medicine, Hardware compatibility list, The Internet, business, computer, Computer hardware, Computer network

Abstract

Recently, various devices begin to connect the Internet owing to the spread of IoT (Internet of Things). Introduction of IoT technology is progressing also for industrial systems such as plants for the purpose of improving cost efficiency. So, it has become an urgent matter to establish new security countermeasures. But it is not able to respond to some new incidents due to differences in performance or operation between IoT and conventional ICT systems. In some cases, device's stability is more important than the data it self. Therefore, we consider that the security measure from a new viewpoint becomes important. In this paper, we describe the scope of preceding study and hardware security problem that has never been studied. Furthermore, we show the result of load test and impact on output signals under DoS attack. And we propose and implement a new hardware device that can detect DoS attack by only observing electrical signals in the circuit as the countermeasure. Lastly, we explain the contents of the demonstration that implements our proposed method.

Published

2017

22. A Primer on Hardware Security: Models, Methods, and Metrics

Author

Masoud Rostami, Farinaz Koushanfar, and Ramesh Karri

Subjects

Hardware security module, Engineering, medicine.medical_specialty, business.industry, Supply chain, Computer security compromised by hardware failure, Computer security model, Computer security, computer.software_genre, Security information and event management, Security service, Threat model, Hardware obfuscation, medicine, Electrical and Electronic Engineering, business, computer

Abstract

The multinational, distributed, and multistep nature of integrated circuit (IC) production supply chain has introduced hardware-based vulnerabilities. Existing literature in hardware security assumes ad hoc threat models, defenses, and metrics for evaluation, making it difficult to analyze and compare alternate solutions. This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.

Published

2014

23. Hardware security and test: Friends or enemies?

Author

Ilia Polian

Subjects

Hardware security module, medicine.medical_specialty, General Computer Science, Computer science, Design for testing, medicine, Computer security compromised by hardware failure, Computer security, computer.software_genre, computer, Reliability (statistics), Test (assessment)

Abstract

Hardware security is a relatively new scientific discipline which focuses on adversarial threats to hardware components of complex systems and infrastructures, including manipulation, unauthorized access to confidential data, and intellectual property theft. State-of-the-art test methods can contribute to detection and elimination of security threats but also may introduce new vulnerabilities. This article will explain this dichotomy and outline current research challenges.

Published

2014

24. Trojan Vulnerability Map: An Efficient Metric for Modeling and Improving the Security Level of Hardware

Author

Ali Jahanian and Mahmoud Bakhshizadeh

Subjects

Hardware security module, medicine.medical_specialty, business.industry, Computer science, Applied Mathematics, Computer security compromised by hardware failure, Computer security, computer.software_genre, Computer Graphics and Computer-Aided Design, Trojan, Hardware Trojan, Embedded system, Signal Processing, Metric (mathematics), medicine, Electrical and Electronic Engineering, Physical design, business, Security level, computer, Vulnerability (computing)

Published

2014

25. Discussion on the Computer Security Technology and E-Commerce Transaction Security

Author

Qing Yun Shang

Subjects

medicine.medical_specialty, Authentication, Cloud computing security, Network security, business.industry, Computer science, Computer security compromised by hardware failure, Covert channel, General Medicine, Information security, Computer security model, Computer security, computer.software_genre, Asset (computer security), Logical security, Security testing, Security information and event management, Security service, Network Access Control, Security through obscurity, Security convergence, medicine, Network security policy, business, computer

Abstract

A notable feature of the modern society is the producing, processing and more and more frequent alternating of information. As its hardware supporter, computer is deepening into every corner of the society. At the same time, the wide application also brings a major and practical problem-- computer security. So how to guarantee the smooth process of electronic commerce on the premise of computer network security, i.e. the implementation of e-commerce confidentiality, integrity, authentication, unforgeability and non-dependence becomes even more important.

Published

2013

26. Inspection-Resistant Memory Architectures

Author

Seny Kamara, Vinod Vaikuntanathan, Andrew Putnam, Jonathan Valamehr, Daniel Shumow, Melissa Chase, and Timothy Sherwood

Subjects

Distributed shared memory, medicine.medical_specialty, Flat memory model, Computer science, Cache-only memory architecture, Computer security compromised by hardware failure, Uniform memory access, Semiconductor memory, Overlay, Computer security, computer.software_genre, Memory map, Extended memory, Memory address, Physical address, Memory management, Shared memory, Hardware and Architecture, Memory architecture, medicine, Distributed memory, Electrical and Electronic Engineering, computer, Software, Memory protection

Abstract

The ability to safely keep a secret in memory is central to the vast majority of security schemes, but storing and erasing these secrets is a difficult problem in the face of an attacker who can obtain unrestricted physical access to the underlying hardware. Depending on the memory technology, the very act of storing a 1 instead of a 0 can have physical side effects measurable even after the power has been cut. These effects can't be hidden easily, and if the secret stored on chip is of sufficient value, an attacker might go to extraordinary means to learn even a few bits of that information. The architecture has an interesting role to play here. Just as one uses architectural techniques to detect and correct errors, so too can one create efficient methods to hide critical bits from physical inspection. The authors present a first step toward this goal by focusing on a backbone of any hardware system: on-chip memory. They examine the relationship between security, area, and efficiency in these architectures and quantitatively examine the resulting systems through cryptographic analysis and microarchitectural impact. In the end, they find an efficient scheme in which, even if an adversary is able to inspect the value of a stored bit with a probabilistic error of only 5 percent, the system will be able to prevent that adversary from learning any information about the original uncoded bits with 99.9999999999 percent probability.

Published

2013

27. Analysis of a hardware security module's high-availability setting

Author

S. Neuhaus and B. Koppel

Subjects

Hardware security module, medicine.medical_specialty, Cloud computing security, Computer Networks and Communications, Computer science, business.industry, Computer security compromised by hardware failure, Data security, Cryptography, Information security, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Information security audit, Security service, Software security assurance, Security through obscurity, medicine, Electrical and Electronic Engineering, business, Law, computer

Abstract

Analysis of a hardware security module (HSM) revealed two flaws that could lead to security problems. The first involved key deletion; the second involved unauthorized members of a group of HSMs. Neither flaw is probably fatal, if organizations develop organizational ways to work around it. However, for organizations to apply the solutions, they must be aware of the flaws.

Published

2013

28. Design of FPGA Hardware Accelerator for Information Security System

Author

Jeong Woo Cha and Chang Hoon Kim

Subjects

medicine.medical_specialty, Computer science, business.industry, Interface (computing), Computer security compromised by hardware failure, Information security, Application-specific integrated circuit, Software security assurance, Embedded system, medicine, Hardware acceleration, Field-programmable gate array, business, FPGA prototype

Abstract

Information Security System is implemented in software, hardware and FPGA device. Implementation of S/W provides high flexibility about various information security algorithm, but it has very vulnerable aspect of speed, power, safety, and performing ASIC is really excellent aspect of speed and power but don`t support various security platform because of feature`s realization. To improve conflict of these problems, implementation of recent FPGA device is really performed. The goal of this thesis is to design and develop a FPGA hardware accelerator for information security system. It performs as AES, SHA-256 and ECC and is controlled by the Integrated Interface. Furthermore, since the proposed Security Information System can satisfy various requirements and some constraints, it can be applied to numerous information security applications from low-cost applications and high-speed communication systems.

Published

2013

29. Hardware Support for Authentication in Cyber Physical Systems

Author

Oliver Sander, Jürgen Becker, and Alexander Klimm

Subjects

Control system security, medicine.medical_specialty, Authentication, General Computer Science, Computer science, Cyber-physical system, Computer security compromised by hardware failure, Information security, Computer security model, Computer security, computer.software_genre, Security information and event management, Software security assurance, medicine, computer

Abstract

The efficiency and benefit of Cyber Physical Systems (CPS) depend heavily on interconnection of individual devices or nodes. Exchange of data, information relevant to an overall task or functionality is the key to many applications such as smart grids, smart cities, and many others. Trustworthiness of data is needed to make such systems successful. To be able to fulfill policies to guarantee the safety of all entities within a CPS and to provide security measures to enforce these cryptographic solutions have to be embedded. As we show in this paper it is possible to integrate security building blocks in ultra-small devices to provide essential properties for secure embedded systems. With proper policies, high cryptographic standards, rising acceptance by users, and provable security and safety measures, CPS will open countless possibilities to increase efficiency in many aspects of our everyday lives.

Published

2013

30. An abstraction model and a comparative analysis of Intel and ARM hardware isolation mechanisms

Author

Benoît Morgan, Vincent Nicomette, Eric Alata, Mohamed Kaaniche, Guillaume Averlant, Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique (LAAS-TSF), Laboratoire d'analyse et d'architecture des systèmes (LAAS), Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées, Université Toulouse Capitole (UT Capitole), Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse), Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J), Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3), Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université de Toulouse (UT)-Université Toulouse Capitole (UT Capitole), and Université de Toulouse (UT)

Subjects

Hardware architecture, [INFO.INFO-AR]Computer Science [cs]/Hardware Architecture [cs.AR], medicine.medical_specialty, business.industry, Computer science, Computer security compromised by hardware failure, 020206 networking & telecommunications, 02 engineering and technology, ARM architecture, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-PF]Computer Science [cs]/Performance [cs.PF], Software, Computer architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, Hardware acceleration, Isolation (database systems), Software engineering, business, Computer hardware, Abstraction (linguistics)

Abstract

International audience; Computer systems software and hardware architec-tures have become increasingly complex today. Meanwhile, cyber-attacks are becoming more and more sophisticated and targetany software or hardware components of these systems. Severalisolation mechanisms, at the software and the hardware layers,are now available to provide the best protection against thesewidespread attacks. This paper is aimed at reviewing especiallyhardware segregation mechanisms available in today’s CPU inorder to provide better insights about the intended scope of theprotection and the different threats that could be addressedby such mechanisms. An abstraction model presenting themain components of current architectures and their interactionsthrough different communication channels is proposed to supportsuch analysis. The study focuses on Intel and ARM architectures,and outlines various hardware isolation resources that providea security layer to the software running on these architectures.A comparative analysis of these architectures is also presentedtogether with a discussion of open issues and future challenges.

Published

2017

31. Security Down to the Hardware Level

Author

Anastacia B. Alvarez and Massimo Alioto

Subjects

010302 applied physics, Hardware security module, medicine.medical_specialty, Computer science, business.industry, Computer security compromised by hardware failure, Cryptography, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Power analysis, Security service, Software security assurance, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, business, computer

Abstract

This chapter introduces the concept of Physically Unclonable Functions (PUFs), their prospects for hardware security in IoT devices, and their interaction with traditional cryptography. Section 8.1 summarizes the background on PUFs, whereas Sect. 8.2 covers the metrics that are commonly used to evaluate PUF performance. Such metrics are used to comparatively review the state of the art on PUFs in Sect. 8.3. Section 8.4 covers vulnerabilities to malicious attacks attempting to clone or mimic a PUF. In the last section, we introduce the novel concept of PUF-enhanced cryptography as a promising direction aiming to merge PUFs and cryptography in a cohesive framework for IoT hardware-level security.

Published

2017

32. Hardware Security for Critical Infrastructures - The CIPSEC Project Approach

Author

Odysseas Koufopavlou, Apostolos P. Fournaris, and Konstantinos Lampropoulos

Subjects

020203 distributed computing, Engineering, Hardware security module, medicine.medical_specialty, business.industry, Information technology, Computer security compromised by hardware failure, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Critical infrastructure, Strong cryptography, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, medicine, media_common.cataloged_instance, The Internet, European union, business, computer, Computer network, media_common

Abstract

As the new trend for smart devices becomes a reality, critical infrastructure (CI) systems are equipped with new toolsets from the information technology domain and move from secluded, closed systems to interconnected infrastructures that communicate directly or indirectly with highly insecure networks (eg. Internet). This transition enables a wide range of cyber-security attacks that can harm both CI Operation Technology (OT) and Information Technology (IT) systems. CIPSEC project consolidates European Union's continuous effort to mitigate the problem by bringing together different security/cyber-security solutions from various providers and integrating them into a unified framework that can be installed on top of a CIS to enhance its security. In this paper, we describe that CIPSEC framework concept, focusing on the CIPSEC hardware component by proposing a CIS Hardware security module (HSM) capable of providing strong cryptography and security services to CI devices. The proposed design approach is described and the mechanisms of mitigating hardware and software attacks on the HSM are sketched so as to achieve a high trust level on the proposed design.

Published

2017

33. Hardware Security and Trust

Author

Nicolas Sklavos, Francesco Regazzoni, Ricardo Chaves, and Giorgio Di Natale

Subjects

medicine.medical_specialty, Hardware security module, Computer science, Computer security compromised by hardware failure, Asset (computer security), Computer security, computer.software_genre, Chain of trust, Software security assurance, Security through obscurity, medicine, Network security policy, Computational trust, computer

Abstract

Since the invention of the first integrated circuit (IC) in 1958 and introduction of first standalone Central Processing Unit (CPU) in 1971, we witnessed and continue to observe the breathtaking advances in IC manufacturing, transistor density and architectural solutions. These advances fueled the imagination of developers so that we now have diverse application fields for integrated circuits. Till recently, we have intuitively trusted the chips to control our lives and processes, so we have huge amount of sensitive information processed in chips. However, nowadays, attacks are being launched increasingly for economic reasons by well-funded criminal organizations or for intelligence purposes to get access to secret and sensitive information. Moreover, the emergence of globalized and horizontal IC and semiconductor business model, mainly driven by cost savings, is requiring both designs and users re-asses their trust in hardware and even in the supply chain. In recent years many reports have appointed to these attacks on the electronic components and their supply chain. The semiconductor industry is today loosing over $4 billion a year due to these kind of attacks.  Hardware attacks and trust issues can be classified into the following classes:  IC data (assets) attacks: These are attacks that aim at retrieving the secret data of the IC; e.g., hacking a smart cart to get the secret key;  IC design (IP) attacks: These are attacks that aim at getting more information on the IC design in order to counterfeit it; e.g., perform reverse engineering on an IC or IP, steal and/or even claim the ownership;  IC functionality (tampering) attacks: these are attacks that target the alternation of the original function of the chip/system. For example, a chip ceases functioning or continues to operate but then in an impaired manner, a chip introducing corruption in the data, etc.  IC piracy: in these cases, fraudulent practices are used to illegally sell circuits to make "easy money". This class includes for example over-building of integrated circuit and re-packaging of used old circuits to re-sell as new ones. This seminar will present a survey of known attacks and practices in these 4 categories, as well as relevant research works and solutions. ** Presenter: Giorgio Di Natale received the PhD in Computer Engineering from Politecnico di Torino in Italy in 2003. He is currently a researcher (CR1) for the National Council of Scientific Research (CNRS). He has published articles spanning a broad range of diverse disciplines, including memory testing, fault tolerance, software implemented hardware fault tolerance and secure circuits. He is the action chair of the COST Action IC1204 (TRUDEVICE), senior member of the IEEE and chair of the European group of the Test Technology Technical Council (TTTC) of IEEE Computer Society.

Published

2017

34. Towards Property Driven Hardware Security

Author

Wei Hu, Alric Althoff, Armaiti Ardeshiricham, and Ryan Kastner

Subjects

021110 strategic, defence & security studies, medicine.medical_specialty, Hardware security module, business.industry, Computer science, 0211 other engineering and technologies, Computer security compromised by hardware failure, 02 engineering and technology, Computer security model, Security testing, 020202 computer hardware & architecture, Security engineering, Trusted computing base, Software security assurance, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, medicine, Concrete security, business

Abstract

Secure hardware design is a challenging task due to the fact that security properties are difficult or impossible to model and subsequently verify using traditional hardware design tools. The "state of the art" for hardware design security relies heavily on functional verification, manual inspection, and code review to identify security vulnerabilities. This labor intensive process significantly reduces productivity while proving no guarantee that a security flaw will be identified. In this paper, we describe a property driven approach to hardware security, which allows automatic synthesis and verification of both qualitative and quantitative security properties. We address hardware security by enforcing information flow and statistical security properties. By incorporating a new security property specification language, such security properties can be specified, translated and verified using hardware design tools. We present design examples to demonstrate our property driven hardware security solution for proving isolation, detecting timing channel, eliminating hardware Trojan, and enforcing security related statistical properties.

Published

2016

35. Private Circuits III

Author

Dziembowski, Stefan, Faust, Sebastian, Standaert, François-Xavier, 23rd ACM Conference on Computer and Communications Security, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

021110 strategic, defence & security studies, medicine.medical_specialty, Cryptographic primitive, Computer science, Distributed computing, 0211 other engineering and technologies, Computer security compromised by hardware failure, 02 engineering and technology, Adversary, computer.software_genre, 020202 computer hardware & architecture, Countermeasure, Trojan, Hardware Trojan, Threat model, 0202 electrical engineering, electronic engineering, information engineering, medicine, Concrete security, Compiler, State (computer science), computer

Abstract

Security against hardware trojans is currently becoming an essential ingredient to ensure trust in information systems. A variety of solutions have been introduced to reach this goal, ranging from reactive (i.e., detection-based) to preventive (i.e., trying to make the insertion of a trojan more difficult for the adversary). In this paper, we show how testing (which is a typical detection tool) can be used to state concrete security guarantees for preventive approaches to trojan-resilience. For this purpose, we build on and formalize two important previous works which introduced ``input scrambling" and ``split manufacturing" as countermeasures to hardware trojans. Using these ingredients, we present a generic compiler that can transform any circuit into a trojan-resilient one, for which we can state quantitative security guarantees on the number of correct executions of the circuit thanks to a new tool denoted as ``testing amplification". Compared to previous works, our threat model covers an extended range of hardware trojans while we stick with the goal of minimizing the number of honest elements in our transformed circuits. Since transformed circuits essentially correspond to redundant multiparty computations of the target functionality, they also allow reasonably efficient implementations, which can be further optimized if specialized to certain cryptographic primitives and security goals.

Published

2016

36. Detecting and thwarting hardware trojan attacks in cyber-physical systems

Author

Devu Manikantan Shila, Vivek Venugopalan, and Cameron D. Patterson

Subjects

medicine.medical_specialty, Hardware security module, Computer science, business.industry, Soft IP, Cyber-physical system, Computer security compromised by hardware failure, 02 engineering and technology, Computer security, computer.software_genre, 020202 computer hardware & architecture, Hardware Trojan, Software security assurance, 020204 information systems, Custom hardware attack, Embedded system, Component-based software engineering, 0202 electrical engineering, electronic engineering, information engineering, medicine, business, computer

Abstract

Cyber-physical system integrity requires both hardware and software security. Many of the cyber attacks are successful as they are designed to selectively target a specific hardware or software component in an embedded system and trigger its failure. Existing security measures also use attack vector models and isolate the malicious component as a counter-measure. Isolated security primitives do not provide the overall trust required in an embedded system. Trust enhancements are proposed to a hardware security platform, where the trust specifications are implemented in both software and hardware. This distribution of trust makes it difficult for a hardware-only or software-only attack to cripple the system. The proposed approach is applied to a smart grid application consisting of third-party soft IP cores, where an attack on this module can result in a blackout. System integrity is preserved in the event of an attack and the anomalous behavior of the IP core is recorded by a supervisory module. The IP core also provides a snapshot of its trust metric, which is logged for further diagnostics.

Published

2016

37. Exploration of the Computer Hardware Experiment teaching method based on the cloud platform

Author

Li Shanshan, Chen Yongqiang, Zhao Youjian, and Quan Chengbin

Subjects

Hardware architecture, medicine.medical_specialty, business.industry, Computer science, 05 social sciences, 050301 education, Computer security compromised by hardware failure, Cloud computing, 02 engineering and technology, computer.software_genre, Open source hardware, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, Operating system, medicine, Hardware acceleration, Hardware compatibility list, The Internet, business, 0503 education, computer, Computer hardware

Abstract

This paper presents a new method for Computer Hardware Experiment teaching. Previous hardware experiments of computer is built on a computer connected to a hardware equipment locally, and then student operate the hardware devices on the switches, buttons, etc. to carry out experiments and verify the developed hardware code is correct. Such experimental methods have lots of significant limitations. To solve the problems, we have developed a cloud-based real hardware experiment system platform. Students can use the experiment board anywhere internet available at any time. They can land at any place where they can access the cloud platform server, that will help them to get a hardware device, and then they can operate, and get results the same as local. We set up a cloud, and many sub-clouds in different cities. Each sub-clouds have a certain number of the special hardware experiment devices. The hardware device is assigned automatically, especially it can solve the problem of insufficient experiment hardware within a university. The platform has been set up with an experimental database, to analysis what is the difficult points for students and make a big data to help for improving computer hardware experiment educational methods. It provided a good experimental support for the online hardware experiment teaching content of MOOC.

Published

2016

38. Hardware Security Challenges Beyond CMOS: Attacks and Remedies

Author

Wujie Wen, Kaveh Shamsi, and Yier Jin

Subjects

010302 applied physics, Engineering, Hardware security module, medicine.medical_specialty, business.industry, Supply chain, Computer security compromised by hardware failure, 02 engineering and technology, Integrated circuit, Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, law.invention, Beyond CMOS, law, Software security assurance, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, business, computer, Register-transfer level

Abstract

The globalization of Integrated Circuits (ICs) supply chain has raised security concerns on how to ensure the integrity and the trustworthiness of fabricated circuits. While existing attack and protection methods are developed for CMOS based circuits, the introduction of emerging transistors acts as a double-sided sword. The usage of emerging devices introduces new security issues which the attackers can leverage to launch hardware attacks. On the other hand, the unique properties of emerging devices also provides a great opportunity for defenders to develop innovative hardware security primitives and to construct resilient hardware platforms for cybersecurity. In this paper, we will summarize the previous work in both directions, attacks and remedies with a focus on the authors' previous work in this domain. We will also discuss the research trends so that the emerging devices can better help secure our computing systems, besides their roles in extending the Moore's Law.

Published

2016

39. Invited - Who is the major threat to tomorrow's security?

Author

Onur Mutlu, Mohit Tiwari, and Wayne Burleson

Subjects

010302 applied physics, Engineering, medicine.medical_specialty, Memory errors, business.industry, Random number generation, Intersection (set theory), Computer security compromised by hardware failure, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, 0103 physical sciences, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, medicine, Isolation (database systems), business, computer, Computer hardware, Dram, Computer network

Abstract

More and more security attacks today are perpetrated by exploiting the hardware: memory errors can be exploited to take over systems, side-channel attacks leak secrets to the outside worlds, weak random number generators render cryptography ineffective, etc. At the same time, many of the tenets of efficient design are in tension with guaranteeing security. For instance, classic secure hardware does not allow to optimize common execution patterns, share resources, or provide deep introspection. We provide brief descriptions of three recently-exposed hardware vulnerabilities along with extensive references for background and to learn more about these areas. Specifically, we first discuss the Rowhammer problem in modern DRAM chips, which enables attackers to circumvent memory isolation, and other potential vulnerabilities due to aggressive memory technology scaling. We next describe hardware Trojans implemented below the gate level, which can resist most detection techniques, and other manufacturing vulnerabilities in security primitives. Finally, we explain side channels that can achieve very large information leakage capacities, and various potential defenses against them. We conclude by noting that the intersection of hardware design and security attacks and countermeasures will continue to present a rich area for research and development for many years to come.

Published

2016

40. Hardware Attacks and Security Education

Author

Wei Chen, Kai Qian, and Dan Chia-Tien Lo

Subjects

medicine.medical_specialty, Cloud computing security, Computer science, business.industry, Firmware, Vulnerability, Computer security compromised by hardware failure, Information security, Computer security model, computer.software_genre, Security service, Trusted computing base, Software security assurance, Operating system, medicine, Hardware compatibility list, Automated information system, business, Software engineering, computer, Computer hardware

Abstract

This paper aims to develop and evaluate information assurance and security learning materials on hardware/firmware attacks for undergraduate education. Topics include firmware worms, application programming interface, and operating systems. Computing devices are equipped with firmware that performs basic hardware testing and loads operating systems. According to hardware rooted security guidelines, the following fundamental security primitives are required: roots of trust, an application programming interface (API) to the platform, and a policy enforcement engine. We believe it is important to verify these primitives' integrity with hands-on experiments to educate next generation computer experts. The learning material has been implemented and evaluated in an undergraduate Computer Architecture course using Intel's Chipsec to validate PC BIOS in terms of known vulnerabilities.

Published

2016

41. Security of emerging non-volatile memories: Attacks and defenses

Author

Yier Jin and Kaveh Shamsi

Subjects

010302 applied physics, Random access memory, medicine.medical_specialty, Hardware security module, business.industry, Computer science, Computer security compromised by hardware failure, Cryptography, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Computing systems, 020202 computer hardware & architecture, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, medicine, Static random-access memory, business, Implementation, computer

Abstract

While the non-volatile memory (NVM) has often been discussed in the context of alternatives to SRAM and RRAM for performance improvements in modern computing systems, their unique properties which lead to security applications and security vulnerabilities have also raised interests. In this paper, we provide a comparative discussion on how the usage of NVMs in the context of security in terms of mitigating some of their vulnerabilities. Further, we discuss innovative implementations of NVMs in the creation of novel hardware security primitives. Through this survey, we expect to have more non-traditional security applications of NVMs in modern designs leveraging their unique properties.

Published

2016

42. Building trust in 3PIP using asset-based security property verification

Author

Eugene John, Seetharam Narasimhan, and Juan Portillo

Subjects

010302 applied physics, Security bug, medicine.medical_specialty, Computer science, Computer security compromised by hardware failure, 02 engineering and technology, Computer security model, Asset (computer security), Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, Intelligent verification, Security service, Software security assurance, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, medicine, computer, Formal verification

Abstract

Detecting vulnerabilities, including hardware Trojans, in third-party intellectual property (3PIP) is a rising security challenge for modern day System-on-Chips (SoCs). This work proposes a new approach for detecting security vulnerabilities in a SoC containing 3PIP by breaking complex security flows into fine-grained security properties which are subject to formal verification.

Published

2016

43. Hardware Covert Attacks and Countermeasures

Author

Fayez Gebali, Kin Fun Li, and Jahnabi Phukan

Subjects

medicine.medical_specialty, business.industry, Computer science, Computer security compromised by hardware failure, Covert channel, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 020202 computer hardware & architecture, Information sensitivity, Countermeasure, Pre-play attack, Covert, 0202 electrical engineering, electronic engineering, information engineering, medicine, Reflection attack, business, computer, Computer hardware, Computer network

Abstract

Computing platforms deployed in many critical infrastructures, such as smart grid, financial systems, governmental organizations etc., are subjected to security attacks and potentially devastating consequences. Computing platforms often get attacked 'physically' by an intruder accessing stored information, studying the internal structure of the hardware or injecting a fault. Even if the attackers fail to gain sensitive information stored in hardware, they may be able to disrupt the hardware or deny service leading to other kinds of security failures in the system. Hardware attacks could be covert or overt, based on the awareness of the intended system. This work classifies existing hardware attacks. Focusing mainly on covert attacks, they are quantified using a proposed schema. Different countermeasure techniques are proposed to prevent such attacks.

Published

2016

44. SPARCHS: Symbiotic, Polymorphic, Automatic, Resilient, Clean-Slate, Host Security

Author

Angelos D. Keromytis, David I. August, Salvatore J. Stolfo, Junfeng Yang, and Simha Sethumadhavan

Subjects

Engineering, medicine.medical_specialty, business.industry, Covert channel, Computer security compromised by hardware failure, Mindset, Computer security model, Computer security, computer.software_genre, Software, Software security assurance, medicine, Systems design, business, computer, Coding (social sciences)

Abstract

The SPARCHS project proposed a new computer systems design methodology that considers defensive security as a first-order design requirement at all levels in computer systems stack. A defensive mindset to system design means that each component, be it hardware, software or the security mechanism, should be designed assuming that it can be compromised, each component must individually have the ability to detect attacks, limit losses, recover from attacks and learn to prevent future attacks.

Published

2016

45. Hardware Cost Measurement of Lightweight Security Protocols

Author

Pekka Jäppinen and Mikko Lampi

Subjects

medicine.medical_specialty, SIMPLE (military communications protocol), business.industry, Computer science, Computer security compromised by hardware failure, Cryptography, Computer security model, Cryptographic protocol, Security testing, Computer Science Applications, Term (time), Security service, medicine, Electrical and Electronic Engineering, business, Computer hardware

Abstract

The feasibility of security solution for RFID tags relies heavily on its hardware cost and performance. In the literature the term lightweight solution is used liberally and causes problems when selecting a solution for e.g. RFID environment. Evaluating the actually feasibility of the solution requires electrical engineering skills that many security developers and decision makers may lack. In this paper we describe simple guidelines for approximating the feasibility of the security solution in terms of gates and clock cycles. These guidelines make it easier to evaluate the cryptographic solutions feasibility for targeted hardware and provide a basis for categorisation of lightweight security solutions.

Published

2012

46. High Performance Physical Environmental Security using Distributed Cooperative Sensor Nodes

Author

Hamid Reza Naji

Subjects

Event monitoring, Hardware architecture, medicine.medical_specialty, business.industry, Computer science, Hardware description language, Computer security compromised by hardware failure, Reconfigurable computing, Intelligent sensor, Embedded system, Component-based software engineering, medicine, Hardware compatibility list, business, computer, computer.programming_language

Abstract

Fusion of cooperative intelligent sensor nodes in a distributed environment can provide a high performance event monitoring system mainly for security issues. Partitioning the hardware design space into entities called agents, which are autonomous units of execution that have the capability of interacting with the environment and each other has been made much more attractive by the recent advances in the capabilities of reconfigurable hardware. In a reconfigurable embedded processing environment one possible benefit is use of multi-agent approach in a common design methodology for both the hardware and software components of the system to do parallel processing with high speed and flexibility. In this paper we will explore the arguments for applying multi-agent techniques to highlight how such techniques can be applied using current-generation hardware description languages in reconfigurable hardware to be suitable for physical environmental security.

Published

2010

47. Quantifying Hardware Security Using Joint Information Flow Analysis

Author

Wei Hu, Alric Althoff, and Ryan Kastner

Subjects

010302 applied physics, Hardware security module, medicine.medical_specialty, business.industry, Computer science, Distributed computing, Computer security compromised by hardware failure, Cryptography, 02 engineering and technology, Mutual information, Computer security model, 01 natural sciences, Security testing, 020202 computer hardware & architecture, Reliability engineering, Software security assurance, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, medicine, Information flow (information theory), business, Enforcement

Abstract

Existing hardware design methodologies provide limited methods to detect security flaws or derive a measure on how well a mitigation technique protects the system. Information flow analysis provides a powerful method to test and verify a design against security properties that are typically expressed using the notion of noninterference. While this is useful in many scenarios, it does have drawbacks primarily related to its strict enforcement of limiting all information flows - even those that could only occur in rare circumstances. Quantitative metrics based upon information theoretic measures provide an approach to loosen such restrictions. Furthermore, they are useful in understanding the effectiveness of security mitigations techniques. In this work, we discuss information flow analysis using noninterference and qualitative metrics. We describe how to use them in a synergistic manner to perform joint information flow analysis. And we use this novel technique to analyze security properties across several different hardware cryptographic cores.

Published

2016

48. F1: Designing secure systems: Manufacturing, circuits and architectures

Author

Takefumi Yoshikawa, Mahesh Mehendale, Kerry Bernstein, Vivek De, Marian Verhelst, Makoto Nagata, and Yusuf Leblebici

Subjects

Hardware architecture, Hardware security module, Engineering, medicine.medical_specialty, business.industry, Computer security compromised by hardware failure, Cloud computing, Cryptography, Integrated circuit design, Computer security, computer.software_genre, Pipeline (software), Embedded system, medicine, business, Operations security, computer

Abstract

Hardware security in server, client, mobile and embedded systems is becoming increasingly critical, especially with the rapid growth of the Internetof- Everything (IoE). Security threats and vulnerabilities for all hardware components must be addressed. This forum brings together chip designers and system architects to discuss: (1) design, hardware and logistics attack challenges, as well as advanced mitigation and prevention techniques across the entire chip design, validation, manufacturing and test pipeline including EDA for the foundry and fabless design ecosystem, and (2) data and operational security challenges and efficient cryptographic countermeasures for systems ranging from large cloud datacenters to compact lightweight embedded IoE devices. The first speaker provides an overview of hardware security challenges. The second speaker summarizes security attack challenges and solutions in the foundry and fabless manufacturing and design ecosystem. Two speakers then discuss key security circuit building blocks and cryptographic hardware accelerators. An overview of protections against IC counterfeiting and cloning, as well as hardware Trojans, is provided by the fifth speaker. Circuit techniques for detection, mitigation and preemptive countermeasures against passive and active side-channel attacks are discussed by the sixth speaker. The last two speakers present security hardware architectures for IoE platforms and cloud data centers.

Published

2016

49. SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

Author

Pierre Chifflier, Pierre Néron, Benjamin Morin, Guillaume Hiet, and Thomas Letan

Subjects

medicine.medical_specialty, Computer science, 0211 other engineering and technologies, Vulnerability, Computer security compromised by hardware failure, 02 engineering and technology, Security policy, Computer security, computer.software_genre, Security information and event management, Software, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, medicine, Hardware compatibility list, Vulnerability (computing), Hardware architecture, 021110 strategic, defence & security studies, business.industry, Computer security model, Formal methods, Software security assurance, Component-based software engineering, Software engineering, business, computer, Computer hardware

Abstract

Over time, hardware designs have constantly grown in complexity and modern platforms involve multiple interconnected hardware components. During the last decade, several vulnerability disclosures have proven that trust in hardware can be misplaced. In this article, we give a formal definition of Hardware-based Security Enforcement (HSE) mechanisms, a class of security enforcement mechanisms such that a software component relies on the underlying hardware platform to enforce a security policy. We then model a subset of a x86-based hardware platform specifications and we prove the soundness of a realistic HSE mechanism within this model using Coq, a proof assistant system.

Published

2016

50. Toward Application-Aware Security and Reliability

Author

Reza Farivar, William Healey, Ravishankar K. Iyer, Karthik Pattabiraman, Zbigniew Kalbarczyk, Peter Klemperer, and Wen-mei W. Hwu

Subjects

medicine.medical_specialty, Computer Networks and Communications, Computer science, Covert channel, Computer security compromised by hardware failure, Computer security, computer.software_genre, Asset (computer security), Internet security, Security information and event management, Logical security, Security testing, Security engineering, Application security, medicine, Electrical and Electronic Engineering, Security bug, Cloud computing security, business.industry, Information security, Computer security model, Web application security, Security service, Software deployment, Software security assurance, Security through obscurity, The Internet, business, Law, computer

Abstract

Two trends - the increasing complexity of computer systems and their deployment in mission- and life-critical applications - are driving the need to provide applications with security and reliability support. Compounding the situation, the Internet's ubiquity has made systems much more vulnerable to malicious attacks that can have far-reaching implications on our daily lives. Clearly, the traditional one-size-fits-all approach to security and reliability is no longer sufficient or acceptable from the user perspective. In this article, we introduce the concept of application-aware checking as an alternative. By extracting application via recent breakthroughs in compiler analysis and enforcing the characteristics at runtime with the hardware modules embedded in the reliability and security engine (RSE), it's possible to achieve security and reliability with low overheads and false-positive rates

Published

2007