A Survey on Integrated Circuit Trojans

Traditionally, computer security has been associated with the software security, or the information-data security. Surprisingly, the hardware on which the software executes or the information stored-processed-transmitted has been assumed to be a trusted base of security. The main building blocks of any electronic device are Integrated circuits (ICs) which form the fabric of a computer system. Lately, the use of ICs has expanded from handheld calculators and personal computers (PCs) to smartphones, servers, and Internet-of-Things (IoT) devices. However, this significant growth in the IC market created intense competition among IC vendors, leading to new trends in IC manufacturing. System-on-chip (SoC) design based on intellectual property (IP), a globally spread supply chain of production and distribution of ICs are the foremost of these trends. The emerging trends have resulted in many security and trust weaknesses and vulnerabilities, in computer systems. This includes Hardware Trojans attacks, side-channel attacks, Reverse-engineering, IP piracy, IC counterfeiting, micro probing, physical tampering, and acquisition of private or valuable assets by debugging and testing. IC security and trust vulnerabilities may cause loss of private information, modified/altered functions, which may cause a great economical hazard and big damage to society. Thus, it is crucial to examine the security and trust threats existing in the IC lifecycle and build defense mechanisms against IC Trojan threats. In this article, we examine the IC supply chain and define the possible IC Trojan threats for the parties involved. Then we survey the latest progress of research in the area of countermeasures against the IC Trojan attacks and discuss the challenges and expectations in this area. Keywords: IC supply chain, IC security, IP privacy, hardware trojans, IC trojans DOI: 10.7176/CEIS/12-2-01 Publication date: April 30th 202

A gap analysis of Internet-of-Things platforms

We are experiencing an abundance of Internet-of-Things (IoT) middleware solutions that provide connectivity for sensors and actuators to the Internet. To gain a widespread adoption, these middleware solutions, referred to as platforms, have to meet the expectations of different players in the IoT ecosystem, including device providers, application developers, and end-users, among others. In this article, we evaluate a representative sample of these platforms, both proprietary and open-source, on the basis of their ability to meet the expectations of different IoT users. The evaluation is thus more focused on how ready and usable these platforms are for IoT ecosystem players, rather than on the peculiarities of the underlying technological layers. The evaluation is carried out as a gap analysis of the current IoT landscape with respect to (i) the support for heterogeneous sensing and actuating technologies, (ii) the data ownership and its implications for security and privacy, (iii) data processing and data sharing capabilities, (iv) the support offered to application developers, (v) the completeness of an IoT ecosystem, and (vi) the availability of dedicated IoT marketplaces. The gap analysis aims to highlight the deficiencies of today's solutions to improve their integration to tomorrow's ecosystems. In order to strengthen the finding of our analysis, we conducted a survey among the partners of the Finnish IoT program, counting over 350 experts, to evaluate the most critical issues for the development of future IoT platforms. Based on the results of our analysis and our survey, we conclude this article with a list of recommendations for extending these IoT platforms in order to fill in the gaps.Comment: 15 pages, 4 figures, 3 tables, Accepted for publication in Computer Communications, special issue on the Internet of Things: Research challenges and solution

Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

A survey on subjecting electronic product code and non-ID objects to IP identification

Over the last decade, both research on the Internet of Things (IoT) and real-world IoT applications have grown exponentially. The IoT provides us with smarter cities, intelligent homes, and generally more comfortable lives. However, the introduction of these devices has led to several new challenges that must be addressed. One of the critical challenges facing interacting with IoT devices is to address billions of devices (things) around the world, including computers, tablets, smartphones, wearable devices, sensors, and embedded computers, and so on. This article provides a survey on subjecting Electronic Product Code and non-ID objects to IP identification for IoT devices, including their advantages and disadvantages thereof. Different metrics are here proposed and used for evaluating these methods. In particular, the main methods are evaluated in terms of their: (i) computational overhead, (ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether applicable to already ID-based objects and presented in tabular format. Finally, the article proves that this field of research will still be ongoing, but any new technique must favorably offer the mentioned five evaluative parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports, Wiley, 2020 (Open Access