23 research outputs found
Unlocking Hardware Security Assurance: The Potential of LLMs
System-on-Chips (SoCs) form the crux of modern computing systems. SoCs enable
high-level integration through the utilization of multiple Intellectual
Property (IP) cores. However, the integration of multiple IP cores also
presents unique challenges owing to their inherent vulnerabilities, thereby
compromising the security of the entire system. Hence, it is imperative to
perform hardware security validation to address these concerns. The efficiency
of this validation procedure is contingent on the quality of the SoC security
properties provided. However, generating security properties with traditional
approaches often requires expert intervention and is limited to a few IPs,
thereby resulting in a time-consuming and non-robust process. To address this
issue, we, for the first time, propose a novel and automated Natural Language
Processing (NLP)-based Security Property Generator (NSPG). Specifically, our
approach utilizes hardware documentation in order to propose the first hardware
security-specific language model, HS-BERT, for extracting security properties
dedicated to hardware design. To evaluate our proposed technique, we trained
the HS-BERT model using sentences from RISC-V, OpenRISC, MIPS, OpenSPARC, and
OpenTitan SoC documentation. When assessedb on five untrained OpenTitan
hardware IP documents, NSPG was able to extract 326 security properties from
1723 sentences. This, in turn, aided in identifying eight security bugs in the
OpenTitan SoC design presented in the hardware hacking competition, Hack@DAC
2022
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
Delay Performance and Cybersecurity of Smart Grid Infrastructure
To address major challenges to conventional electric grids (e.g., generation diversification and optimal deployment of expensive assets), full visibility and pervasive control over utilities\u27 assets and services are being realized through the integratio
LLM for SoC Security: A Paradigm Shift
As the ubiquity and complexity of system-on-chip (SoC) designs increase
across electronic devices, the task of incorporating security into an SoC
design flow poses significant challenges. Existing security solutions are
inadequate to provide effective verification of modern SoC designs due to their
limitations in scalability, comprehensiveness, and adaptability. On the other
hand, Large Language Models (LLMs) are celebrated for their remarkable success
in natural language understanding, advanced reasoning, and program synthesis
tasks. Recognizing an opportunity, our research delves into leveraging the
emergent capabilities of Generative Pre-trained Transformers (GPTs) to address
the existing gaps in SoC security, aiming for a more efficient, scalable, and
adaptable methodology. By integrating LLMs into the SoC security verification
paradigm, we open a new frontier of possibilities and challenges to ensure the
security of increasingly complex SoCs. This paper offers an in-depth analysis
of existing works, showcases practical case studies, demonstrates comprehensive
experiments, and provides useful promoting guidelines. We also present the
achievements, prospects, and challenges of employing LLM in different SoC
security verification tasks.Comment: 42 page
Investigation into Detection of Hardware Trojans on Printed Circuit Boards
The modern semiconductor device manufacturing flow is becoming increasingly vulnerable to malicious implants called Hardware Trojans (HT). With HTs becoming stealthier, a need for more accurate and efficient detection methods is becoming increasingly crucial at both Integrated Circuit (IC) and Printed Circuit Board (PCB) levels. While HT detection at an IC level has been widely studied, there is still very limited research on detecting and preventing HTs implanted on PCBs. In recent years the rise of outsourcing design and fabrication of electronics, including PCBs, to third parties has dramatically increased the possibility of malicious alteration and consequently the security risk for systems incorporating PCBs. Providing mechanical support for the electrical interconnections between different components, PCBs are an important part of electronic systems. Modern, complex and highly integrated designs may contain up to thirty layers, with concealed micro-vias and embedded passive components. An adversary can aim to modify the PCB design by tampering the copper interconnections or inserting extra components in an internal layer of a multi-layer board. Similar to its IC counterpart, a PCB HT can, among other things, cause system failure or leakage of private information. The disruptive actions of a carefully designed HT attack can have catastrophic implications and should therefore be taken seriously by industry, academia and the government.
This thesis gives an account of work carried out in three projects concerned with HT detection on a PCB. In the first contribution a power analysis method is proposed for detecting HT components, implanted on the surface or otherwise, consuming power from the power distribution network. The assumption is that any HT device actively tampering or eavesdropping on the signals in the PCB circuit will consume electrical power. Harvesting this side-channel effect and observing the fluctuations of power consumption on the PCB power distribution network enables evincing the HT. Using a purpose-built PCB prototype, an experimental setup is developed for verification of the methodology. The results confirm the ability to detect alien components on a PCB without interference with its main functionality.
In the second contribution the monitoring methodology is further developed by applying machine learning (ML) techniques to detect stealthier HTs, consuming power from I/O ports of legitimate ICs on the PCB. Two algorithms, One-Class Support Vector Machine (SVM) and Local Outlier Factor (LOF), are implemented on the legitimate power consumption data harvested experimentally from the PCB prototype. Simulation results are validated through real-life measurements and experiments are carried out on the prototype PCB. For validation of the ML classification models, one hundred categories of HTs are modelled and inserted into the datasets. Simulation results show that using the proposed methodology an HT can be detected with high prediction accuracy (F1-score at 99% for a 15 mW HT). Further, the developed ML model is uploaded to the prototype PCB for experimental validation. The results show consistency between simulations and experiments, with an average discrepancy of ±5.9% observed between One-Class SVM simulations and real-life experiments. The machine learning models developed for HT detection are low-cost in terms of memory (around 27 KB).
In the third contribution an automated visual inspection methodology is proposed for detecting HTs on the surface of a PCB. It is based on a combination of conventional computer vision techniques and a dual tower Siamese Neural Network (SNN), modelled in a three stage pipeline. In the interest of making the proposed methodology broadly applicable a particular emphasis is made on the imaging modality of choice, whereby a regular digital optical camera is chosen. The dataset of PCB images is developed in a controlled environment of a photographic tent. The novelty in this work is that, instead of a generic production fault detection, the algorithm is optimised and trained specifically for implanted HT component detection on a PCB, be it active or passive. The proposed HT detection methodology is trained and tested with three groups of HTs, categorised based on their surface area, ranging from 4 mm² to 280 mm² and above. The results show that it is possible to reach effective detection accuracy of 95.1% for HTs as small as 4 mm². In case of HTs with surface area larger than 280 mm² the detection accuracy is around 96.1%, while the average performance across all HT groups is 95.6%
Towards a Secure and Resilient Vehicle Design: Methodologies, Principles and Guidelines
The advent of autonomous and connected vehicles has brought new cyber security challenges to the automotive industry. It requires vehicles to be designed to remain dependable in the occurrence of cyber-attacks. A modern vehicle can contain over 150 computers, over 100 million lines of code, and various connection interfaces such as USB ports, WiFi, Bluetooth, and 4G/5G. The continuous technological advancements within the automotive industry allow safety enhancements due to increased control of, e.g., brakes, steering, and the engine. Although the technology is beneficial, its complexity has the side-effect to give rise to a multitude of vulnerabilities that might leverage the potential for cyber-attacks. Consequently, there is an increase in regulations that demand compliance with vehicle cyber security and resilience requirements that state vehicles should be designed to be resilient to cyber-attacks with the capability to detect and appropriately respond to these attacks. Moreover, increasing requirements for automotive digital forensic capabilities are beginning to emerge. Failures in automated driving functions can be caused by hardware and software failures as well as cyber security issues. It is imperative to investigate the cause of these failures. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.In this thesis, we propose a methodology to predict and mitigate vulnerabilities in vehicles using a systematic approach for security analysis; a methodology further used to develop a framework ensuring a resilient and secure vehicle design concerning a multitude of analyzed vehicle cyber-attacks. Moreover, we review and analyze scientific literature on resilience techniques, fault tolerance, and dependability for attack detection, mitigation, recovery, and resilience endurance. These techniques are then further incorporated into the above-mentioned framework. Finally, to meet requirements to hastily and securely patch the increasing number of bugs in vehicle software, we propose a versatile framework for vehicle software updates
Detecting and defending against cyber attacks in a smart home Internet of Things ecosystem
The proliferation in Internet of Things (IoT) devices is demonstrated by their prominence
in our daily lives. Although such devices simplify and automate everyday tasks,
they also introduce tremendous security flaws. Current security measures are insufficient,
making IoT one of the weakest links to breaking into a secure infrastructure
which can have serious consequences. Subsequently, this thesis is motivated by the
need to develop and further enhance novel mechanisms tailored towards strengthening
the overall security infrastructures of IoT ecosystems.
To estimate the degree to which a hub can improve the overall security of the ecosystem,
this thesis presents a design and prototype implementation of a novel secure
IoT hub, consisting of various built-in security mechanisms that satisfy key security
properties (e.g. authentication, confidentiality, access control) applicable to a range of
devices. The effectiveness of the hub was evaluated within a smart home IoT network
upon which popular cyber attacks were deployed.
To further enhance the security of the IoT environment, the initial experiments towards
the development of a three-layered Intrusion Detection System (IDS) is proposed. The
IDS aims to: 1) classify IoT devices, 2) identify malicious or benign network packets,
and 3) identify the type of attack which has occurred. To support the classification
experiments, real network data was collected from a smart home testbed, where a range
of cyber attacks from four main attack types were targeted towards the devices.
Lastly, the robustness of the IDS was further evaluated against Adversarial Machine
Learning (AML) attacks. Such attacks may target models by generating adversarial
samples which aim to exploit the weaknesses of the pre-trained model, consequently
bypassing the detector. This thesis presents a first approach towards automatically
generating adversarial malicious DoS IoT network packets. The analysis further explores how
adversarial training can enhance the robustness of the IDS
Anomaly diagnosis in industrial control systems for digital forensics
Over several decades, Industrial Control Systems (ICS) have become more interconnected and highly programmable. An increasing number of sophisticated cyber-attacks have targeted ICS with a view to cause tangible damage. Despite the stringent functional safety requirements mandated within ICS environments, critical national infrastructure (CNI) sectors and ICS vendors have been slow to address the growing cyber threat. In contrast with the design of information technology (IT) systems, security of controls systems have not typically been an intrinsic design principle for ICS components, such as Programmable Logic Controllers (PLCs). These factors have motivated substantial research addressing anomaly detection in the context of ICS. However, detecting incidents alone does not assist with the response and recovery activities that are necessary for ICS operators to resume normal service. Understanding the provenance of anomalies has the potential to enable the proactive implementation of security controls, and reduce the risk of future attacks. Digital forensics provides solutions by dissecting and reconstructing evidence from an incident. However, this has typically been positioned from a post-incident perspective, which inhibits rapid triaging, and effective response and recovery, an essential requirement in critical ICS.
This thesis focuses on anomaly diagnosis, which involves the analysis of and discrimination between different types of anomalous event, positioned at the intersection between anomaly detection and digital forensics. An anomaly diagnosis framework is proposed that includes mechanisms to aid ICS operators in the context of anomaly triaging and incident response. PLCs have a fundamental focus within this thesis due to their critical role and ubiquitous application in ICS. An examination of generalisable PLC data artefacts produced a taxonomy of artefact data types that focus on the device data generated and stored in PLC memory. Using the artefacts defined in this first stage, an anomaly contextualisation model is presented that differentiates between cyber-attack and system fault anomalies. Subsequently, an attack fingerprinting approach (PLCPrint) generates near real-time compositions of memory fingerprints within 200ms, by correlating the static and dynamic behaviour of PLC registers. This establishes attack type and technique provenance, and maintains the chain-of-evidence for digital forensic investigations. To evaluate the efficacy of the framework, a physical ICS testbed modelled on a water treatment system is implemented. Multiple PLC models are evaluated to demonstrate vendor neutrality of the framework. Furthermore, several generalised attack scenarios are conducted based on techniques identified from real PLC malware. The results indicate that PLC device artefacts are particularly powerful at detecting and contextualising an anomaly. In general, we achieve high F1 scores of at least 0.98 and 0.97 for anomaly detection and contextualisation, respectively, which are highly competitive with existing state-of-the-art literature. The performance of PLCPrint emphasises how PLC memory snapshots can precisely and rapidly provide provenance by classifying cyber-attacks with an accuracy of 0.97 in less than 400ms. The proposed framework offers a much needed novel approach through which ICS components can be rapidly triaged for effective response