Resonant-Tunnelling Diodes as PUF building blocks

Resonant-Tunnelling Diodes (RTDs) have been proposed as building blocks for Physical Unclonable Functions (PUFs). In this paper we show how the unique RTD current-voltage (I-V) spectrum can be translated into a robust digital representation. We analyse 130 devices and show that RTDs are a viable PUF building block

Program Synthesis and Linear Operator Semantics

For deterministic and probabilistic programs we investigate the problem of program synthesis and program optimisation (with respect to non-functional properties) in the general setting of global optimisation. This approach is based on the representation of the semantics of programs and program fragments in terms of linear operators, i.e. as matrices. We exploit in particular the fact that we can automatically generate the representation of the semantics of elementary blocks. These can then can be used in order to compositionally assemble the semantics of a whole program, i.e. the generator of the corresponding Discrete Time Markov Chain (DTMC). We also utilise a generalised version of Abstract Interpretation suitable for this linear algebraic or functional analytical framework in order to formulate semantical constraints (invariants) and optimisation objectives (for example performance requirements).Comment: In Proceedings SYNT 2014, arXiv:1407.493

A static analysis framework for security properties in mobile and cryptographic systems

We introduce a static analysis framework for detecting instances of security breaches in infinite mobile and cryptographic systems specified using the languages of the 7r-calculus and its cryptographic extension, the spi calculus. The framework is composed from three components: First, standard denotational semantics of the 7r-calculus and the spi calculus are constructed based on domain theory. The resulting model is sound and adequate with respect to transitions in the operational semantics. The standard semantics is then extended correctly to non-uniformly capture the property of term substitution, which occurs as a result of communications and successful cryptographic operations. Finally, the non-standard semantics is abstracted to operate over finite domains so as to ensure the termination of the static analysis. The safety of the abstract semantics is proven with respect to the nonstandard semantics. The results of the abstract interpretation are then used to capture breaches of the secrecy and authenticity properties in the analysed systems. Two initial prototype implementations of the security analysis for the 7r-calculus and the spi calculus are also included in the thesis. The main contributions of this thesis are summarised by the following. In the area of denotational semantics, the thesis introduces a domain-theoretic model for the spi calculus that is sound and adequate with respect to transitions in the structural operational semantics. In the area of static program analysis, the thesis utilises the denotational approach as the basis for the construction of abstract interpretations for infinite systems modelled by the 7r-calculus and the spi calculus. This facilitates the use of computationally significant mathematical concepts like least fixed points and results in an analysis that is fully compositional. Also, the thesis demonstrates that the choice of the term-substitution property in mobile and cryptographic programs is rich enough to capture breaches of security properties, like process secrecy and authenticity. These properties are used to analyse a number of mobile and cryptographic protocols, like the file transfer protocol and the Needham-Schroeder, SPLICE/AS, Otway-Rees, Kerberos, Yahalom and Woo Lam authentication protocols

Resonant-Tunnelling Diodes as PUF Building Blocks

Resonant-Tunnelling Diodes (RTDs) have been proposed as building blocks for Physical Unclonable Functions (PUFs). In this paper we show how the unique RTD current-voltage (I-V) spectrum can be translated into a robust digital representation. We analyse 130 devices and show that RTDs are a viable PUF building block

Development and study of a high performance protective solution against blast loads

The increasing use of improvised explosive devices in terrorist attacks against civil targets has challenged the scientific community to find new strengthening or protective solutions able to mitigate the effects of the blast loads. As a response to this demand, the main purpose of the present thesis is the development and study of a high performance protective solution based on the concept of sacrificial claddings. Due to the high flexibility, precision and relatively low costs, additive manufacturing has been increasingly used in the search of new material disposition patterns that improve the mitigation capabilities of crushable cores. The presentwork assesses the performance of a PLA crushable core manufactured through fused deposition modelling 3D printing. An experimental campaign is conducted to determine the mechanical behaviour of the PLA. These results allow the selection and calibration of an adequate numerical constitutive model, which considers the anisotropy and compressive/tensile asymmetry exhibited in additively manufactured materials. Once the constitutive material calibrated, the results of a second experimental campaign resorting to an explosive driven shock tube are used to validate a numerical model that allows the deterministic design of a sacrificial cladding which successfully improves the blast resistant capabilities of a given structural element. However, when verified taking into account the model’s uncertainties and the probabilistic distribution of the structural element’s properties, the cladding solution might, for certain blast scenarios, negatively impact the performance of the structural element it intends to protect. Therefore, one may conclude that the use of a probabilistic approach in the design of such protective solutions is recommended, as the deterministic approach might yields results against safety

Cyber-security protection techniques to mitigate memory errors exploitation

Tesis por compendio[EN] Practical experience in software engineering has demonstrated that the goal of building totally fault-free software systems, although desirable, is impossible to achieve. Therefore, it is necessary to incorporate mitigation techniques in the deployed software, in order to reduce the impact of latent faults. This thesis makes contributions to three memory corruption mitigation techniques: the stack smashing protector (SSP), address space layout randomisation (ASLR) and automatic software diversification. The SSP is a very effective protection technique used against stack buffer overflows, but it is prone to brute force attacks, particularly the dangerous byte-for-byte attack. A novel modification, named RenewSSP, has been proposed which eliminates brute force attacks, can be used in a completely transparent way with existing software and has negligible overheads. There are two different kinds of application for which RenewSSP is especially beneficial: networking servers (tested in Apache) and application launchers (tested on Android). ASLR is a generic concept with multiple designs and implementations. In this thesis, the two most relevant ASLR implementations of Linux have been analysed (Vanilla Linux and PaX patch), and several weaknesses have been found. Taking into account technological improvements in execution support (compilers and libraries), a new ASLR design has been proposed, named ASLR-NG, which maximises entropy, effectively addresses the fragmentation issue and removes a number of identified weaknesses. Furthermore, ASLR-NG is transparent to applications, in that it preserves binary code compatibility and does not add overheads. ASLR-NG has been implemented as a patch to the Linux kernel 4.1. Software diversification is a technique that covers a wide range of faults, including memory errors. The main problem is how to create variants, i.e. programs which have identical behaviours on normal inputs but where faults manifest differently. A novel form of automatic variant generation has been proposed, using multiple cross-compiler suites and processor emulators. One of the main goals of this thesis is to create applicable results. Therefore, I have placed particular emphasis on the development of real prototypes in parallel with the theoretical study. The results of this thesis are directly applicable to real systems; in fact, some of the results have already been included in real-world products.[ES] La creación de software supone uno de los retos más complejos para el ser humano ya que requiere un alto grado de abstracción. Aunque se ha avanzado mucho en las metodologías para la prevención de los fallos software, es patente que el software resultante dista mucho de ser confiable, y debemos asumir que el software que se produce no está libre de fallos. Dada la imposibilidad de diseñar o implementar sistemas libres de fallos, es necesario incorporar técnicas de mitigación de errores para mejorar la seguridad. La presente tesis realiza aportaciones en tres de las principales técnicas de mitigación de errores de corrupción de memoria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) y Automatic Software Diversification. SSP es una técnica de protección muy efectiva contra ataques de desbordamiento de buffer en pila, pero es sensible a ataques de fuerza bruta, en particular al peligroso ataque denominado byte-for-byte. Se ha propuesto una novedosa modificación del SSP, llamada RenewSSP, la cual elimina los ataques de fuerza bruta. Puede ser usada de manera completamente transparente con los programas existentes sin introducir sobrecarga. El RenewSSP es especialmente beneficioso en dos áreas de aplicación: Servidores de red (probado en Apache) y lanzadores de aplicaciones eficientes (probado en Android). ASLR es un concepto genérico, del cual hay multitud de diseños e implementaciones. Se han analizado las dos implementaciones más relevantes de Linux (Vanilla Linux y PaX patch), encontrándose en ambas tanto debilidades como elementos mejorables. Teniendo en cuenta las mejoras tecnológicas en el soporte a la ejecución (compiladores y librerías), se ha propuesto un nuevo diseño del ASLR, llamado ASLR-NG, el cual: maximiza la entropía, soluciona el problema de la fragmentación y elimina las debilidades encontradas. Al igual que la solución propuesta para el SSP, la nueva propuesta de ASLR es transparente para las aplicaciones y compatible a nivel binario sin introducir sobrecarga. ASLR-NG ha sido implementado como un parche del núcleo de Linux para la versión 4.1. La diversificación software es una técnica que cubre una amplia gama de fallos, incluidos los errores de memoria. La principal dificultad para aplicar esta técnica radica en la generación de las "variantes", que son programas que tienen un comportamiento idéntico entre ellos ante entradas normales, pero tienen un comportamiento diferenciado en presencia de entradas anormales. Se ha propuesto una novedosa forma de generar variantes de forma automática a partir de un mismo código fuente, empleando la emulación de sistemas. Una de las máximas de esta investigación ha sido la aplicabilidad de los resultados, por lo que se ha hecho especial hincapié en el desarrollo de prototipos sobre sistemas reales a la par que se llevaba a cabo el estudio teórico. Como resultado, las propuestas de esta tesis son directamente aplicables a sistemas reales, algunas de ellas ya están siendo explotadas en la práctica.[CA] La creació de programari suposa un dels reptes més complexos per al ser humà ja que requerix un alt grau d'abstracció. Encara que s'ha avançat molt en les metodologies per a la prevenció de les fallades de programari, és palès que el programari resultant dista molt de ser confiable, i hem d'assumir que el programari que es produïx no està lliure de fallades. Donada la impossibilitat de dissenyar o implementar sistemes lliures de fallades, és necessari incorporar tècniques de mitigació d'errors per a millorar la seguretat. La present tesi realitza aportacions en tres de les principals tècniques de mitigació d'errors de corrupció de memòria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) i Automatic Software Diversification. SSP és una tècnica de protecció molt efectiva contra atacs de desbordament de buffer en pila, però és sensible a atacs de força bruta, en particular al perillós atac denominat byte-for-byte. S'ha proposat una nova modificació del SSP, RenewSSP, la qual elimina els atacs de força bruta. Pot ser usada de manera completament transparent amb els programes existents sense introduir sobrecàrrega. El RenewSSP és especialment beneficiós en dos àrees d'aplicació: servidors de xarxa (provat en Apache) i llançadors d'aplicacions eficients (provat en Android). ASLR és un concepte genèric, del qual hi ha multitud de dissenys i implementacions. S'han analitzat les dos implementacions més rellevants de Linux (Vanilla Linux i PaX patch), trobant-se en ambdues tant debilitats com elements millorables. Tenint en compte les millores tecnològiques en el suport a l'execució (compiladors i llibreries), s'ha proposat un nou disseny de l'ASLR: ASLR-NG, el qual, maximitza l'entropia, soluciona el problema de la fragmentació i elimina les debilitats trobades. Igual que la solució proposada per al SSP, la nova proposta d'ASLR és transparent per a les aplicacions i compatible a nivell binari sense introduir sobrecàrrega. ASLR-NG ha sigut implementat com un pedaç del nucli de Linux per a la versió 4.1. La diversificació de programari és una tècnica que cobrix una àmplia gamma de fa\-llades, inclosos els errors de memòria. La principal dificultat per a aplicar esta tècnica radica en la generació de les "variants", que són programes que tenen un comportament idèntic entre ells davant d'entrades normals, però tenen un comportament diferenciat en presència d'entrades anormals. S'ha proposat una nova forma de generar variants de forma automàtica a partir d'un mateix codi font, emprant l'emulació de sistemes. Una de les màximes d'esta investigació ha sigut l'aplicabilitat dels resultats, per la qual cosa s'ha fet especial insistència en el desenrotllament de prototips sobre sistemes reals al mateix temps que es duia a terme l'estudi teòric. Com a resultat, les propostes d'esta tesi són directament aplicables a sistemes reals, algunes d'elles ja estan sent explotades en la pràctica.Marco Gisbert, H. (2015). Cyber-security protection techniques to mitigate memory errors exploitation [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/57806TESISCompendi

Finite element characterisation of photonic crystal fibres

Rigorous numerical simulations have been carried out by using the Finite Element Method (FEM) in order to calculate bending and leakage losses of Photonic Crystal Fibres (PCF). A modal solution approach including the implementations of the conformal transformation and the Perfectly Matched Layer (PML) were undertaken to determine the bending and leakage losses of several designs of Photonic Crystal Fibres. This was carried out by varying key parameters such as the pitch (Λ), diameter (d) and air-filling fraction (d/Λ). Output modal parameters including the effective indices, spot sizes, leakage and bending losses as well as the mode field profiles were obtained. These output parameters were obtained by varying the bending radius (R) from very large values to very low values for different dimensions of the PCF, with results being obtained for Transverse Magnetic and Transverse Electric (quasi-TM and quasi-TE) polarizations. These parameters were calculated by solving the Maxwell’s equations using the H-field vector formulation and with the inclusion of PML to solve complex eigenvalue equations. Generally, it was observed that for all Λ, d/Λ and the polarization considered, as R is reduced from a very high value to lower values, the bending losses increase and there is a sharp increase at some lower values of R. At some very low values of R, some oscillatory behaviour was observed in the curves obtained for the fibre losses, where further investigations were carried out. These oscillations appeared due to degeneration of the fundamental mode with the cladding modes. In most of the cases investigated, there was a correlation in the variation of effective indices the loss values and also in the variation of spot sizes. PCFs with non-identical air-holes were also investigated in which case the d ≠ d2 (diameter of 4 larger air-holes in the first ring) and knowing the values for TM and TE polarizations, it was possible to determine the birefringence, which is the difference between the effective indices for the TM and TE modes and also the loss ratio, which is the ratio of TM loss to that of the TE loss. All the input and output parameters that were considered with the symmetric air-holes were also considered in the case with fibre with asymmetric air-holes study. The results obtained are very important in the design of Single Mode Single Polarization PCF. Results have also been obtained from the studies done of asymmetric arrangement of air-holes which lead to the design of Single Mode Single Polarization PCF. Work was carried out on the design of a tapered PCF that could be efficiently coupled to a single mode fibre, SMF. This was achieved by increasing the number rings up to 10 rings of air-holes in the cladding and having the outermost ring with larger air-holes, the inner rings were near cutoff. This fibre was coupled to a conventional SMF to allow for better tolerance to fabrication errors. There has also been work carried out in polymer fibre namely Teflon and TOPAS in the terahertz regime. The conventional hexagonal arrangement of PCF was simulated and compared to spiral PCF in THz. An improved PCF design having a porous core with hexagonal arrangement and cladding was designed and analysed and low-loss guidance in THz was achieved. Thus overall a number of different PCF designs were considered and their properties evaluated and detailed knowledge has been obtained on potential performance of such fibres

The failure of a tungsten carbide-cobalt cored projectile penetrating a hard target

Experimental results are presented from an investigation of the parameters of a ceramic-faced armour system that are required to induce damage in a tungsten carbide - cobalt (WC-Co) penetrator. A WC-Co material model has been successfully developed and implemented within the numerical hydrocode AUTODYN 2D. The understanding of penetration mechanisms was used to guide a parametric investigation, validating the WC-Co material failure model with experimental results. A series of experiments has been conducted firing the Russian 14.5 mm BS41 WC-Co cored projectile into various thicknesses and types of alumina (Al2O3) and silicon carbide (SiC), backed by aluminium alloy or mild steel semi-infinite witness blocks. Results demonstrated that SiC B out-performed standard monolithic armours and a selection of other armour ceramics including PS 5000 SiC and Sintox-CL. After comminution, the SiC B consisted of particles of closely interlocked grains. These appeared to provide considerable resistance to deviatoric stresses. Results suggest that it is not only increased hardness but also the nature of the fracture of the ceramic ahead of the penetrator that improves the armour’s ballistic performance at defeating WC-Co penetrators. If such superior ballistic response can be controlled and incorporated into practical armour systems, it will provide the basis for an advance in armour protective capability against WC-Co penetrators. In addition, a numerical material model derived from experimental data was developed to provide a preliminary tool to study the WC-Co failure. It was demonstrated that the numerical estimation of WC-Co behaviour using a shock Equation Of State (EOS), a piecewise linear strength model and a principle stress failure model provides a good method to estimate spall behaviour under dynamic loading in AUTODYN 2D. Successful numerical simulation of the material model used demonstrated the future potential of the technique

Grazing among carnivores: Managing cattle depredation across the Western-world

Large carnivores such as wolves and bears may prey on cattle. With the recent recovery of large carnivore populations in the Western world, cattle depredation is expected to increase. To mitigate potential conflicts, it is therefore important to find best practice for cattle grazing in carnivore-exposed areas. In my thesis I examined depredation rates of cattle by carnivores in different regions of Europe and North America and performed a survey and an interview study on cattle farming practices, losses to carnivores and other causes of mortality, and mitigation techniques to reduce depredation. My objectives were (1) to examine cattle depredation over time in carnivore-exposed areas across different countries; (2) to understand the possible geographical variation in cattle depredation in relation to carnivore species present, cattle and carnivore densities, grazing system and preventive measure(s) applied; and (3) subsequently, make recommendations. I hypothesised that predator density influences cattle depredation. Further, I hypothesised higher depredation rates for herds in extensive and free-ranging systems than in systems where cattle grazes in close vicinity to the farm. I expected to see differences between continents and areas both in depredation rates and commonness and effectiveness of measures applied, due to differences in habitat, farming practices, carnivore densities and carnivore management. Depredation statistics, cattle- and carnivore densities were collected from 25 areas in Europe and North America. The survey was carried out in 18 areas and the interview with eight of the survey participants. I mapped depredation trends over time and modelled depredation of cattle as a function of carnivore presence and density, year, and forest cover. To analyse the social data, I performed a descriptive and inferential analysis, using non-parametric tests. Cattle depredation increased over time in 70% of the areas in Europe and 60% of the study areas in North America. Cattle depredation was positively related to wolf density in Europe, but only weakly in North America. The social study results aligned with this finding and also showed that depredation occurred more often in extensive and free-grazing systems. Lastly, measures to prevent cattle depredation differed greatly between the continents. While electric fencing was most common in Europe, Americans used lethal control, avoidance and herding to a larger extent. In general, a higher number of preventive measures are commonly used in North America than in Europe. There is urgent need of a standardised, uniform method to monitor livestock depredation. Especially throughout Europe, where cattle depredation has increased the most and, according to the interviewees, the problem of cattle depredation has become more urgent. I wrote recommendations about: I) the carnivore species, II) replacement of electric fencing and avoiding carnivores, III) carnivores avoiding cattle, IV) lethal control of carnivores