Real Time Automated Counterfeit Integrated Circuit Detection using X-ray Microscopy

Determining the authenticity of integrated circuits is paramount to preventing counterfeit and malicious hardware from being used in critical military, healthcare, aerospace, consumer, and industry applications. Existing techniques to distinguish between authentic and counterfeit integrated circuits (ICs) often include destructive testing requiring subject matter experts. We present a nondestructive technique to detect ICs using x-ray microscopy and advanced imaging analysis with different pattern recognition approaches. Our proposed method is completely automated, and runs in real time. In our approach, images of an integrated circuit are obtained from an x-ray microscope. Local binary pattern features are then extracted from the x-ray image, followed by dimensionality reduction through principal component analysis, and alternatively through a nonlinear principal component methodology using a stacked autoencoder embedded in a deep neural network. From the reduced dimension features, we train two types of learning machines, a support vector machine with a nonlinear kernel and a deep neural network. We present experiments using authentic and ICs to demonstrate that the proposed approach achieves an accuracy of 100% in distinguishing between the counterfeit and authentic samples.This work was supported by the NSF grant NSF/CISE Award #CNS–134427

Firmware Counterfeiting and Modification Attacks on Programmable Logic Controllers

Recent attacks on industrial control systems (ICSs), like the highly publicized Stuxnet malware, have perpetuated a race to the bottom where lower level attacks have a tactical advantage. Programmable logic controller (PLC) firmware, which provides a software-driven interface between system inputs and physically manifested outputs, is readily open to modification at the user level. Current efforts to protect against firmware attacks are hindered by a lack of prerequisite research regarding details of attack development and implementation. In order to obtain a more complete understanding of the threats posed by PLC firmware counterfeiting and the feasibility of such attacks, this research explores the vulnerability of common controllers to intentional firmware modifications. After presenting a general analysis process that takes advantage of various techniques and methodologies applied to similar scenarios, this work derives the firmware update validation method used for the Allen-Bradley ControlLogix PLC. A proof of concept demonstrates how to alter a legitimate firmware update and successfully upload it to a ControlLogix L61. Possible mitigation strategies discussed include digitally signed and encrypted firmware as well as preemptive and post-mortem analysis methods to provide protection. Results of this effort facilitate future research in PLC firmware security through direct example of firmware counterfeiting

Digital supply chain surveillance using artificial intelligence: definitions, opportunities and risks

Digital Supply Chain Surveillance (DSCS) is the proactive monitoring and analysis of digital data that allows firms to extract information related to a supply network, without the explicit consent of firms involved in the supply chain. AI has made DSCS to become easier and larger-scale, posing significant opportunities for automated detection of actors and dependencies involved in a supply chain, which in turn, can help firms to detect risky, unethical and environmentally unsustainable practices. Here, we define DSCS, review priority areas using a survey conducted in the UK. Visibility, sustainability, resilience are significant areas that DSCS can support, through a number of machine-learning approaches and predictive algorithms. Despite anecdotal narrative on the importance of explainability of algorithmic results, practitioners often prefer accuracy over explainability; however, there are significant differences between industrial sectors and application areas. Using a case study, we highlight a number of concerns on the unchecked use of AI in DSCS, such as bias or misinterpretation resulting in erroneous conclusions, which may lead to suboptimal decisions or relationship damage. Building on this, we develop and discuss a number of illustrative cases to highlight risks that practitioners should be aware of, proposing key areas of further research

ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN

Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously