Search

Your search keyword '"Sigl, Georg"' showing total 405 results
Start Over Author "Sigl, Georg"
405 results on '"Sigl, Georg"'

2. Hardware Honeypot: Setting Sequential Reverse Engineering on a Wrong Track

Author

Brunner, Michaela, Lee, Hye Hyun, Hepp, Alexander, Baehr, Johanna, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security
Abstract

Reverse engineering (RE) of finite state machines (FSMs) is a serious threat when protecting designs against RE attacks. While most recent protection techniques rely on the security of a secret key, this work presents a new approach: hardware FSM honeypots. These honeypots lead the RE tools to a wrong but, for the tools, very attractive FSM, while making the original FSM less attractive. The results show that state-of-the-art RE methods favor the highly attractive honeypot as FSM candidate or do no longer detect the correct, original FSM.

Published
2023
Full Text
View/download PDF

4. A Pragmatic Methodology for Blind Hardware Trojan Insertion in Finalized Layouts

Author

Hepp, Alexander, Perez, Tiago, Pagliarini, Samuel, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security, B.7.2, J.6
Abstract

A potential vulnerability for integrated circuits (ICs) is the insertion of hardware trojans (HTs) during manufacturing. Understanding the practicability of such an attack can lead to appropriate measures for mitigating it. In this paper, we demonstrate a pragmatic framework for analyzing HT susceptibility of finalized layouts. Our framework is representative of a fabrication-time attack, where the adversary is assumed to have access only to a layout representation of the circuit. The framework inserts trojans into tapeout-ready layouts utilizing an Engineering Change Order (ECO) flow. The attacked security nodes are blindly searched utilizing reverse-engineering techniques. For our experimental investigation, we utilized three crypto-cores (AES-128, SHA-256, and RSA) and a microcontroller (RISC-V) as targets. We explored 96 combinations of triggers, payloads and targets for our framework. Our findings demonstrate that even in high-density designs, the covert insertion of sophisticated trojans is possible. All this while maintaining the original target logic, with minimal impact on power and performance. Furthermore, from our exploration, we conclude that it is too naive to only utilize placement resources as a metric for HT vulnerability. This work highlights that the HT insertion success is a complex function of the placement, routing resources, the position of the attacked nodes, and further design-specific characteristics. As a result, our framework goes beyond just an attack, we present the most advanced analysis tool to assess the vulnerability of HT insertion into finalized layouts., Comment: 9 pages, 6 figures, 3 tables, to be published in ICCAD 2022

Published
2022
Full Text
View/download PDF

6. The Cost of OSCORE and EDHOC for Constrained Devices

Author

Hristozov, Stefan, Huber, Manuel, Xu, Lei, Fietz, Jaro, Liess, Marco, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, Computer Science - Performance
Abstract

Many modern IoT applications rely on the Constrained Application Protocol (CoAP) because of its efficiency and seamless integrability in the existing Internet infrastructure. One of the strategies that CoAP leverages to achieve these characteristics is the usage of proxies. Unfortunately, in order for a proxy to operate, it needs to terminate the (D)TLS channels between clients and servers. Therefore, end-to-end confidentiality, integrity and authenticity of the exchanged data cannot be achieved. In order to overcome this problem, an alternative to (D)TLS was recently proposed by the Internet Engineering Task Force (IETF). This alternative consists of two novel protocols: 1) Object Security for Constrained RESTful Environments (OSCORE) providing authenticated encryption for the payload data and 2) Ephemeral Diffie-Hellman Over COSE (EDHOC) providing the symmetric session keys required for OSCORE. In this paper, we present the design of four firmware libraries for these protocols especially targeted for constrained microcontrollers and their detailed evaluation. More precisely, we present the design of uOSCORE and uEDHOC libraries for regular microcontrollers and uOSCORE-TEE and uEDHOC-TEE libraries for microcontrollers with a Trusted Execution Environment (TEE), such as microcontrollers featuring ARM TrustZone-M. Our firmware design for the later class of devices concerns the fact that attackers may exploit common software vulnerabilities, e.g., buffer overflows in the protocol logic, OS or application to compromise the protocol security. uOSCORE-TEE and uEDHOC-TEE achieve separation of the cryptographic operations and keys from the remainder of the firmware, which could be vulnerable. We present an evaluation of our implementations in terms of RAM/FLASH requirements, execution speed and energy on a broad range of microcontrollers., Comment: A short version of this paper will appear on CODASPY 2021

Published
2021

7. Secure and User-Friendly Over-the-Air Firmware Distribution in a Portable Faraday Cage

Author

Striegel, Martin, Jakobsmeier, Florian, Matveev, Yacov, Heyszl, Johann, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security
Abstract

Setting up a large-scale wireless sensor network is challenging, as firmware must be distributed and trust between sensor nodes and a backend needs to be established. To perform this task efficiently, we propose an approach named Box, which utilizes an intelligent Faraday cage (FC). The FC acquires firmware images and secret keys from a backend, patches the firmware with the keys and deploys those customized images over the air to sensor nodes placed in the FC. Electromagnetic shielding protects this exchange against passive attackers. We place few demands on the sensor node, not requiring additional hardware components or firmware customized by the manufacturer. We describe this novel workflow, implement the Box and a backend system and demonstrate the feasibility of our approach by batch-deploying firmware to multiple commercial off-the-shelf sensor nodes. We conduct a user-study with 31 participants with diverse backgrounds and find, that our approach is both faster and more user-friendly than firmware distribution over a wired connection., Comment: 11 pages, 5 figures. Accepted at 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '20), July 8--10, 2020, Linz (Virtual Event), Austria

Published
2020
Full Text
View/download PDF

8. TimingCamouflage+: Netlist Security Enhancement with Unconventional Timing (with Appendix)

Author

Zhang, Grace Li, Li, Bing, Li, Meng, Yu, Bei, Pan, David Z., Brunner, Michaela, Sigl, Georg, and Schlichtmann, Ulf

Subjects
Computer Science - Cryptography and Security, Computer Science - Hardware Architecture
Abstract

With recent advances in reverse engineering, attackers can reconstruct a netlist to counterfeit chips by opening the die and scanning all layers of authentic chips. This relatively easy counterfeiting is made possible by the use of the standard simple clocking scheme, where all combinational blocks function within one clock period, so that a netlist of combinational logic gates and flip-flops is sufficient to duplicate a design. In this paper, we propose to invalidate the assumption that a netlist completely represents the function of a circuit with unconventional timing. With the introduced wave-pipelining paths, attackers have to capture gate and interconnect delays during reverse engineering, or to test a huge number of combinational paths to identify the wave-pipelining paths. To hinder the test-based attack, we construct false paths with wave-pipelining to increase the counterfeiting challenge. Experimental results confirm that wave-pipelining true paths and false paths can be constructed in benchmark circuits successfully with only a negligible cost, thus thwarting the potential attack techniques.

Published
2020
Full Text
View/download PDF

9. Protecting RESTful IoT Devices from Battery Exhaustion DoS Attacks

Author

Hristozov, Stefan, Huber, Manuel, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security
Abstract

Many IoT use cases involve constrained battery-powered devices offering services in a RESTful manner to their communication partners. Such services may involve, e.g., costly computations or actuator/sensor usage, which may have significant influence on the power consumption of the service Providers. Remote attackers may excessively use those services in order to exhaust the Providers' batteries, which is a form of a Denial of Service (DoS) attack. Previous work proposed solutions based on lightweight symmetric authentication. These solutions scale poorly due to requiring pre-shared keys and do not provide protection against compromised service Requesters. In contrast, we consider more powerful attackers even capable of compromising legit Requesters. We propose a method that combines attacker detection and throttling, conducted by a third trusted Backend, with a lightweight authentication protocol. For attacker detection and throttling, we propose a novel approach using rate limitation algorithms. In addition, we propose and formally verify two authentication protocols suitable for different, widely used IoT network topologies. Our protocols ensure service availability for benign Requesters even if Providers are under a battery exhaustion attack. The protocols do neither require pre-shared keys between Requesters and Providers, nor the usage of asymmetric cryptography and public key infrastructures on the Provider. This makes our protocols suitable for a variety of IoT deployments involving constrained devices and constrained networks. We demonstrate the feasibility of our method through a simulation and a proof of concept implementation.

Published
2019

10. Network Scanning and Mapping for IIoT Edge Node Device Security

Author

Niedermaier, Matthias, Fischer, Florian, Merli, Dominik, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security
Abstract

The amount of connected devices in the industrial environment is growing continuously, due to the ongoing demands of new features like predictive maintenance. New business models require more data, collected by IIoT edge node sensors based on inexpensive and low performance Microcontroller Units (MCUs). A negative side effect of this rise of interconnections is the increased attack surface, enabled by a larger network with more network services. Attaching badly documented and cheap devices to industrial networks often without permission of the administrator even further increases the security risk. A decent method to monitor the network and detect "unwanted" devices is network scanning. Typically, this scanning procedure is executed by a computer or server in each sub-network. In this paper, we introduce network scanning and mapping as a building block to scan directly from the Industrial Internet of Things (IIoT) edge node devices. This module scans the network in a pseudo-random periodic manner to discover devices and detect changes in the network structure. Furthermore, we validate our approach in an industrial testbed to show the feasibility of this approach.

Published
2019
Full Text
View/download PDF

11. A Secure Dual-MCU Architecture for Robust Communication of IIoT Devices

Author

Niedermaier, Matthias, Merli, Dominik, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security
Abstract

The Industrial Internet of Things (IIoT) has already become a part of our everyday life be it water supply, smart grid, or production, IIoT is everywhere. For example, factory operators want to know the current state of the production line. These new demands for data acquisition in modern plants require industrial components to be able to communicate. Nowadays, network communication in Industrial Control Systems (ICSs) is often implemented via an IP-based protocol. This intercommunication also brings a larger attack surface for hackers. If an IIoT device is influenced by attackers, the physical process could be affected. For example, a high network load could cause a high Central Processing Unit (CPU) load and influence the reaction time on the physical control side. In this paper, we introduce a dual Microcontroller Unit (MCU) setup to ensure a resilient controlling for IIoT devices like Programmable Logic Controllers (PLCs). We introduce a possible solution for the demand of secure architectures in the IIoT. Moreover, we provide a Proof of Concept (PoC) implementation with a benchmark and a comparison with a standard PLC.

Published
2019
Full Text
View/download PDF

12. Efficient Intrusion Detection on Low-Performance Industrial IoT Edge Node Devices

Author

Niedermaier, Matthias, Striegel, Martin, Sauer, Felix, Merli, Dominik, and Sigl, Georg

Subjects
Computer Science - Cryptography and Security
Abstract

Communication between sensors, actors and Programmable Logic Controllers (PLCs) in industrial systems moves from two-wire field buses to IP-based protocols such as Modbus/TCP. This increases the attack surface because the IP-based network is often reachable from everywhere within the company. Thus, centralized defenses, e.g. at the perimeter of the network do not offer sufficient protection. Rather, decentralized defenses, where each part of the network protects itself, are needed. Network Intrusion Detection Systems (IDSs) monitor the network and report suspicious activity. They usually run on a single host and are not able to capture all events in the network and they are associated with a great integration effort. To bridge this gap, we introduce a method for intrusion detection that combines distributed agents on Industrial Internet of Things (IIoT) edge devices with a centralized logging. In contrast to existing IDSs, the distributed approach is suitable for industrial low performance microcontrollers. We demonstrate a Proof of Concept (PoC) implementation on a MCU running FreeRTOS with LwIP and show the feasibility of our approach in an IIoT application.

Published
2019

13. EyeSec: A Retrofittable Augmented Reality Tool for Troubleshooting Wireless Sensor Networks in the Field

Author

Striegel, Martin, Rolfes, Carsten, Heyszl, Johann, Helfert, Fabian, Hornung, Maximilian, and Sigl, Georg

Subjects
Computer Science - Networking and Internet Architecture, Computer Science - Cryptography and Security, Computer Science - Human-Computer Interaction, H.4.m, H.5.2, C.2.3, C.2.4
Abstract

Wireless Sensor Networks (WSNs) often lack interfaces for remote debugging. Thus, fault diagnosis and troubleshooting are conducted at the deployment site. Currently, WSN operators lack dedicated tools that aid them in this process. Therefore, we introduce EyeSec, a tool for WSN monitoring and maintenance in the field. An Augmented Reality Device (AR Device) identifies sensor nodes using optical markers. Portable Sniffer Units capture network traffic and extract information. With those data, the AR Device network topology and data flows between sensor nodes are visualized. Unlike previous tools, EyeSec is fully portable, independent of any given infrastructure and does not require dedicated and expensive AR hardware. Using passive inspection only, it can be retrofitted to already deployed WSNs. We implemented a proof of concept on low-cost embedded hardware and commodity smart phones and demonstrate the usage of EyeSec within a WSN test bed using the 6LoWPAN transmission protocol., Comment: Published at the International Conference on Embedded Wireless Systems and Networks (EWSN) 2019

Published
2019

14. Sensors for Data Bus Protection

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Brederlow, Ralf (Prof. Dr.), Moghadas Tabatabaei Zavareh, Seyed Hamidreza, Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Brederlow, Ralf (Prof. Dr.), and Moghadas Tabatabaei Zavareh, Seyed Hamidreza

Abstract

This study focuses on enhancing security against invasive attacks on on-chip systems through innovative detector circuitry, even for deep submicron technologies. The introduction of ROPAD has significantly improved detection for regular data buses. Furthermore, ROPAD+ introduces protection for non-equal length bus lines, a novel development. The overarching goal is to fortify security against invasive attacks, simultaneously addressing aging and noise concerns, while preserving data integrity., Diese Studie konzentriert sich auf die Verbesserung der Sicherheit gegen invasive Angriffe auf On-Chip-Systeme durch innovative Detektorschaltungen, auch für tiefe Submikrometer-Technologien. Die Einführung von ROPAD hat die Erkennung für reguläre Datenbusse erheblich verbessert. Darüber hinaus führt ROPAD+ Schutz für Busleitungen unterschiedlicher Länge ein, eine neuartige Entwicklung. Das übergreifende Ziel ist es, die Sicherheit gegen invasive Angriffe zu stärken, gleichzeitig Alterungs- und Rauschprobleme anzugehen und die Datenintegrität zu bewahren.

Published
2024

15. Tamper-Sensitive Design of PUF-Based Security Enclosures

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Wachter-Zeh, Antonia (Prof. Dr.), Garb, Kathrin A., Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Wachter-Zeh, Antonia (Prof. Dr.), and Garb, Kathrin A.

Abstract

Capacitive enclosures based on Physical Unclonable Functions (PUFs) aim at protecting against the physical manipulation of embedded devices. This thesis further develops enclosure systems and introduces novel post-processing algorithms, physical attacks, and corresponding countermeasures, thus, taking the subsequent steps toward the future operative deployment of capacitive PUF-based enclosures., Kapazitive Physical Unclonable Function (PUF)-basierte Sicherheitsgehäuse verfolgen das Ziel eingebettete Systeme gegen physische Manipulation zu schützen. Diese Arbeit entwickelt Sicherheitsgehäusesysteme weiter und stellt neue Algorithmen zur Nachverarbeitung, physische Angriffe und entsprechende Gegenmaßnahmen vor. Hiermit werden die nächsten Schritte in Richtung des zukünftigen operativen Einsatzes PUF-basierter kapazitiver Sicherheitsgehäuse unternommen.

Published
2024

16. A Power Side-Channel Attack on the Reed-Muller Reed-Solomon Version of the HQC Cryptosystem

Author

Schamberger, Thomas, Holzbaur, Lukas, Renner, Julian, Wachter-Zeh, Antonia, Sigl, Georg, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cheon, Jung Hee, editor, and Johansson, Thomas, editor

Published
2022
Full Text
View/download PDF

17. A Second Look at the ASCAD Databases

Author

Egger, Maximilian, Schamberger, Thomas, Tebelmann, Lars, Lippert, Florian, Sigl, Georg, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Balasch, Josep, editor, and O’Flynn, Colin, editor

Published
2022
Full Text
View/download PDF

19. A Power Side-Channel Attack on the CCA2-Secure HQC KEM

Author

Schamberger, Thomas, Renner, Julian, Sigl, Georg, Wachter-Zeh, Antonia, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liardet, Pierre-Yvan, editor, and Mentens, Nele, editor

Published
2021
Full Text
View/download PDF

20. DOMREP II

Author

Probst, Matthias, primary, Brosch, Manuel, additional, Gruber, Michael, additional, and Sigl, Georg, additional

Published
2024
Full Text
View/download PDF

25. HW-Acceleration for Edge-AI

Author

Ecker, Wolfgang (Prof. Dr.), Ecker, Wolfgang (Prof. Dr.);Sigl, Georg (Prof. Dr.), Prebeck, Sebastian Siegfried, Ecker, Wolfgang (Prof. Dr.), Ecker, Wolfgang (Prof. Dr.);Sigl, Georg (Prof. Dr.), and Prebeck, Sebastian Siegfried

Abstract

This thesis addresses the platform gap between embedded microcontroller and cloud computing for neural network inferences on the Edge with a combined HW-SW-AI solution. A RISC-V processor is used as a baseline for exploring custom hardware extensions. For this thesis a streaming engine is developed as a plugin, which accelerates the inference computation by deploying common properties of NN-models. Additionally, an optimized vector dot-product unit is developed to enable appropriate compute bandwidth. The software flow completes the solution and automates the NN mapping onto the accelerated RISC-V., Diese Arbeit adressiert die Plattformlücke zwischen eingebettetem Mikrocontroller und Cloud Computing für neuronale Netzwerkinferenzen auf dem Edge mit einer kombinierten HW-SW-AI-Lösung. Ein RISC-V-Prozessor wird als Basis für die Erforschung spezialisierter Hardware-Erweiterungen verwendet. Für diese Arbeit wurde eine Streaming-Einheit als Plugin entwickelt, die die Inferenzberechnung durch Ausnutzung häufiger Eigenschaften von NN-Modellen beschleunigt. Zusätzlich wird eine optimierte Vektor Skalar-Produkt-Einheit entwickelt, um eine angemessene Rechenbandbreite zu ermöglichen. Der Softwareflow vervollständigt die Lösung und automatisiert die NN-Abbildung auf dem beschleunigten RISC-V.

Published
2024

26. On Error Correction for Physical Unclonable Functions

Author

Puchinger, Sven, Müelich, Sven, Bossert, Martin, Hiller, Matthias, and Sigl, Georg

Subjects
Computer Science - Information Theory
Abstract

Physical Unclonable Functions evaluate manufacturing variations to generate secure cryptographic keys for embedded systems without secure key storage. It is explained how methods from coding theory are applied in order to ensure reliable key reproduction. We show how better results can be obtained using code classes and decoding principles not used for this scenario before. These methods are exemplified by specific code constructions which improve existing codes with respect to error probability, decoding complexity and codeword length., Comment: 6 pages, accepted at 10th International ITG Conference on Systems, Communications and Coding, Hamburg, Germany, February 2015

Published
2015

27. Pushing the Limits Further: Sub-Atomic AES

Author

Wamser, Markus Stefan, Sigl, Georg, Rannenberg, Kai, Editor-in-Chief, Sakarovitch, Jacques, Editorial Board Member, Goedicke, Michael, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Pras, Aiko, Editorial Board Member, Tröltzsch, Fredi, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Reis, Ricardo, Editorial Board Member, Furnell, Steven, Editorial Board Member, Furbach, Ulrich, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, Maniatakos, Michail, editor, Elfadel, Ibrahim (Abe) M., editor, Sonza Reorda, Matteo, editor, Ugurdag, H. Fatih, editor, and Monteiro, José, editor

Published
2019
Full Text
View/download PDF

29. Error Correction for Physical Unclonable Functions Using Generalized Concatenated Codes

Author

Müelich, Sven, Puchinger, Sven, Bossert, Martin, Hiller, Matthias, and Sigl, Georg

Subjects
Computer Science - Information Theory
Abstract

Physical Unclonable Functions can be used for secure key generation in cryptographic applications. It is explained how methods from coding theory must be applied in order to ensure reliable key regeneration. Based on previous work, we show ways how to obtain better results with respect to error probability and codeword length. Also, an example based on Generalized Concatenated codes is given, which improves upon used coding schemes for PUFs., Comment: Accepted for: Fourteenth International Workshop on Algebraic and Combinatorial Coding Theory ACCT2014, Svetlogorsk (Kaliningrad region), Russia

Published
2014

30. Side-Channel Analysis and Countermeasures for Physical Unclonable Functions

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Danger, Jean-Luc (Prof.), Tebelmann, Lars, Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Danger, Jean-Luc (Prof.), and Tebelmann, Lars

Abstract

This thesis explores Side-Channel Analysis (SCA) of ring-based Physical Unclonable Functions (PUFs), and BCH codes used to correct errors in the PUF response. SCA of the TERO PUF and Loop PUF is conducted. Countermeasures for the Loop PUF are proposed that protect sign- and amplitude-based bit derivation, and can partially be transferred to other PUFs. Differential SCA of BCH codes is extended and the possibility, and limitations of horizontal SCA are analyzed., Diese Arbeit untersucht die Seitenkanalanalyse (SCA) von Ring-basierten Physical Unclonable Functions (PUFs) und dabei zur Fehlerkorrektur verwendeter BCH Codes. Eine SCA von der TERO PUF und Loop PUF wird durchgeführt. Gegenmaßnahmen für die Loop PUF werden vorgestellt, die Bit- und Amplituden-basierte Bitableitung schützen und teilweise auf andere PUFs übertragen werden können. Differentielle SCA von BCH Codes wird erweitert und die Möglichkeit und Beschränkungen von horizontaler SCA werden analysiert.

Published
2023

31. Remote Security Threats and Protection of Modern FPGA-SoC Architectures

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Stechele, Walter (Prof. Dr.), Gross, Mathieu Etienne André, Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Stechele, Walter (Prof. Dr.), and Gross, Mathieu Etienne André

Abstract

With the advent of the internet-of-things, understanding the remote security threats faced by embedded devices and their protection is crucial. This thesis tackles these two issues for FPGA-SoCs. A review of existing attacks and new FPGA enabled attacks are presented and evaluated . To mitigate the possibility of performing such attacks, the FPGA-SoC is protected with a Trusted Execution Environment and a hybrid-TPM that enhance secure boot and enable a secure FPGA reconfiguration framework., Im Internet der Dinge sind das Verständnis der Sicherheitsbedrohungen, denen eingebettete Geräte ausgesetzt sind, und deren Schutz äußerst wichtig. Diese Arbeit befasst sich mit beiden Themen für FPGA-SoCs, gibt einen Überblick über bestehende und neue Angriffe und bewertet diese. Um Fernangriffe zu verhindern, wird ein FPGA-SoC mit einer vertrauenswürdigen Laufzeitumgebung und einem Hybrid-TPM geschützt, die das sichere Booten verbessern und eine sichere FPGA Rekonfiguration ermöglichen.

Published
2023

32. Secure Lightweight Authenticated Encryption for Critical Infrastructures in the Internet of Things

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Mottok, Jürgen (Prof. Dr.), Renner, Sebastian, Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Mottok, Jürgen (Prof. Dr.), and Renner, Sebastian

Abstract

The cryptographic protection of transmitted data on resource-constraint IoT devices presents a difficult challenge. In this thesis, a benchmarking framework for the performance evaluation of lightweight encryption algorithms is introduced. It is analyzed, if and when novel encryption algorithms are more suitable for IoT use cases than the current standard. Besides comparing the sole performance, the cost for hardening the algorithms against side-channel analysis is discussed., Die kryptographische Absicherung der von ressourcenschwachen IoT-Geräten übertragenen Daten stellt eine schwierige Herausforderung dar. In dieser Arbeit wird eine Plattform zur Evaluierung der Performanz leichtgewichtiger Verschlüsselungsalgorithmen eingeführt. Es wird analysiert, ob und unter welchen Umständen neuartige Algorithmen für den IoT-Bereich passender sind als der aktuelle Standard. Außerdem werden effiziente Härtungsmaßnahmen der Algorithmen gegenüber Seitenkanalangriffen untersucht.

Published
2023

33. Secure and User-Friendly Setup and Maintenance of Wirelessly Interconnected Embedded Systems

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Kranzlmüller, Dieter (Prof. Dr.), Striegel, Martin Matthias, Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Kranzlmüller, Dieter (Prof. Dr.), and Striegel, Martin Matthias

Abstract

This thesis introduces and evaluates two novel user-friendly appliances and workflows to aid non-technical users to set up and run networks of interconnected embedded systems (ICE). It addresses the simultaneous distribution of firmware and cryptographic secrets to a large number of ICE and the supervision of the network status on-site in realistic application scenarios. Those approaches permit even non-technical users to manage a network of ICEs over its lifetime securely., Diese Dissertation führt zwei Vorrichtungen und Vorgehensweisen ein, welche Nutzer bei der Interaktion mit funkvernetzten eingebetteten Systemen mit geringer Rechenleistung (ICE) unterstützen. Behandelt wird die simultane Verteilung von Firmware und kryptografischen Geheimnissen an viele Geräte sowie die Überwachung des Netzwerkstatus im Feld in realistischen Szenarien. Dies ermöglicht auch nicht-technischen Nutzern, ein Netzwerk aus ICEs über dessen gesamten Lebenszyklus sicher zu betreiben.

Published
2023

34. Malware Detection and Countermeasures for Constrained Internet of Things Devices

Author

Sigl, Georg (Prof. Dr.-Ing.), Sigl, Georg (Prof. Dr.-Ing.);Toutain, Laurent (Prof.), Hristozov, Stefan Angelov, Sigl, Georg (Prof. Dr.-Ing.), Sigl, Georg (Prof. Dr.-Ing.);Toutain, Laurent (Prof.), and Hristozov, Stefan Angelov

Abstract

Nowadays IoT devices are preferred target for hackers. One attack, which is often preferred by hackers because of its high scalability and impact, is the remote installation of malware. Therefore, proving that a device runs legitimate software free from malware is of critical importance. This thesis is focused on the security of IoT devices. It contributes to the state-of-the-art in two main directions: 1) it demonstrates shortcomings of standard malware detection primitives and proposes novel such primitives, 2) it proposes novel malware countermeasure techniques., Die Installation von Schadsoftware ist ein Angriff, der oft vom Angreifer aufgrund seiner hohen Skalierbarkeit und Wirkung bevorzugt wird. Deswegen ist es von entscheidender Bedeutung überprüfen zu können, ob auf einem Gerät nur legitime Software ausgeführt wird. Diese Arbeit konzentriert sich auf die Sicherheit von IoT-Geräten. Die Arbeit trägt zum Stand der Technik in zwei Hauptbereichen bei: 1) sie demonstriert Mängel in standardisierten Primitiven zu Erkennung von Schadsoftware und schlägt neuartige Primitiven vor, 2) sie schlägt neuartige Schadsoftwaregegenmaßnahmen vor.

Published
2023

35. Towards Secure Coprocessors and Instruction Set Extensions for Acceleration of Post-Quantum Cryptography

Author

Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Müller-Gritschneder, Daniel (Prof. Dr.), Fritzmann, Tim, Sigl, Georg (Prof. Dr.), Sigl, Georg (Prof. Dr.);Müller-Gritschneder, Daniel (Prof. Dr.), and Fritzmann, Tim

Abstract

The significant advances in the development of quantum computers lead to a severe threat for cryptographic applications. This dissertation focuses on efficient and secure implementations of cryptography resistant to quantum computer attacks. In this context, tailored hardware accelerators and system design strategies are investigated. The results show that even small embedded devices can integrate quantum-resistant cryptography when accelerators and instruction set extensions are used., Die Fortschritte im Bereich von Quantencomputern führen zu einer Bedrohung für kryptografische Anwendungen. Diese Dissertation analysiert die effiziente und sichere Implementierung von Kryptografie, die resistent gegen Quantencomputer-Angriffe ist. In diesem Zusammenhang werden Hardwarebeschleuniger und Designstrategien untersucht. Die Ergebnisse zeigen, dass durch Beschleuniger und Befehlssatzerweiterungen selbst kleinste eingebettete Geräte quantenresistente Kryptografie integrieren können.

Published
2023

36. High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained : And an Improved Construction

Author

Unterstein, Florian, Heyszl, Johann, De Santis, Fabrizio, Specht, Robert, Sigl, Georg, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, and Smart, Nigel P., editor

Published
2018
Full Text
View/download PDF

38. How to Break Secure Boot on FPGA SoCs Through Malicious Hardware

Author

Jacob, Nisha, Heyszl, Johann, Zankl, Andreas, Rolfes, Carsten, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Fischer, Wieland, editor, and Homma, Naofumi, editor

Published
2017
Full Text
View/download PDF

39. Squeezing Polynomial Masking in Tower Fields : A Higher-Order Masked AES S-Box

Author

De Santis, Fabrizio, Bauer, Tobias, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lemke-Rust, Kerstin, editor, and Tunstall, Michael, editor

Published
2017
Full Text
View/download PDF

40. Automated Detection of Instruction Cache Leaks in Modular Exponentiation Software

Author

Zankl, Andreas, Heyszl, Johann, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lemke-Rust, Kerstin, editor, and Tunstall, Michael, editor

Published
2017
Full Text
View/download PDF

41. Towards Side-Channel Secure Firmware Updates : A Minimalist Anomaly Detection Approach

Author

Guillen, Oscar M., De Santis, Fabrizio, Brederlow, Ralf, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Cuppens, Frédéric, editor, Wang, Lingyu, editor, Cuppens-Boulahia, Nora, editor, Tawbi, Nadia, editor, and Garcia-Alfaro, Joaquin, editor

Published
2017
Full Text
View/download PDF

43. Towards Efficient Evaluation of a Time-Driven Cache Attack on Modern Processors

Author

Zankl, Andreas, Miller, Katja, Heyszl, Johann, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Askoxylakis, Ioannis, editor, Ioannidis, Sotiris, editor, Katsikas, Sokratis, editor, and Meadows, Catherine, editor

Published
2016
Full Text
View/download PDF

44. Precise Laser Fault Injections into 90 nm and 45 nm SRAM-cells

Author

Selmke, Bodo, Brummer, Stefan, Heyszl, Johann, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Homma, Naofumi, editor, and Medwed, Marcel, editor

Published
2016
Full Text
View/download PDF

45. seTPM: Towards Flexible Trusted Computing on Mobile Devices Based on GlobalPlatform Secure Elements

Author

Proskurin, Sergej, Weiß, Michael, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Homma, Naofumi, editor, and Medwed, Marcel, editor

Published
2016
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results