Design of Discrete-time Chaos-Based Systems for Hardware Security Applications

Security of systems has become a major concern with the advent of technology. Researchers are proposing new security solutions every day in order to meet the area, power and performance specifications of the systems. The additional circuit required for security purposes can consume significant area and power. This work proposes a solution which utilizes discrete-time chaos-based logic gates to build a system which addresses multiple hardware security issues. The nonlinear dynamics of chaotic maps is leveraged to build a system that mitigates IC counterfeiting, IP piracy, overbuilding, disables hardware Trojan insertion and enables authentication of connecting devices (such as IoT and mobile). Chaos-based systems are also used to generate pseudo-random numbers for cryptographic applications.The chaotic map is the building block for the design of discrete-time chaos-based oscillator. The analog output of the oscillator is converted to digital value using a comparator in order to build logic gates. The logic gate is reconfigurable since different parameters in the circuit topology can be altered to implement multiple Boolean functions using the same system. The tuning parameters are control input, bifurcation parameter, iteration number and threshold voltage of the comparator. The proposed system is a hybrid between standard CMOS logic gates and reconfigurable chaos-based logic gates where original gates are replaced by chaos-based gates. The system works in two modes: logic locking and authentication. In logic locking mode, the goal is to ensure that the system achieves logic obfuscation in order to mitigate IC counterfeiting. The secret key for logic locking is made up of the tuning parameters of the chaotic oscillator. Each gate has 10-bit key which ensures that the key space is large which exponentially increases the computational complexity of any attack. In authentication mode, the aim of the system is to provide authentication of devices so that adversaries cannot connect to devices to learn confidential information. Chaos-based computing system is susceptible to process variation which can be leveraged to build a chaos-based PUF. The proposed system demonstrates near ideal PUF characteristics which means systems with large number of primary outputs can be used for authenticating devices

Multi-shape symmetric encryption mechanism for nongeneric attacks mitigation

Static cyphers use static transformations for encryption and decryption. Therefore, the attacker will have some knowledge that can be exploited to construct assaults since the transformations are static. The class of attacks which target a specific cypher design are called Non-Generic Attacks. Whereby, dynamic cyphers can be utilised to mitigate non-generic attacks. Dynamic cyphers aim at mitigating non-generic attacks by changing how the cyphers work according to the value of the encryption key. However, existing dynamic cyphers either degrade the performance or decrease the cypher’s actual security. Hence, this thesis introduces a Multi-Shape Symmetric Encryption Mechanism (MSSEM) which is capable of mitigating non-generic attacks by eliminating the opponents’ leverage of accessing the exact operation details. The base cyphers that have been applied in the proposed MSSEM are the Advanced Encryption Standard (AES) competition finalists, namely Rijndael, Serpent, MARS, Twofish, and RC6. These cyphers satisfy three essential criteria, such as security, performance, and expert input. Moreover, the modes of operation used by the MSSEM are the secure modes suggested by the National Institute of Standards and Technology, namely, Cipher Block Chaining (CBC), Cipher Feedback Mode (CFB), Output Feedback Mode (OFB), and Counter (CTR). For the proposed MSSEM implementation, the sender initially generates a random key using a pseudorandom number generator such as Blum Blum Shub (BBS) or a Linear Congruential Generator (LCG). Subsequently, the sender securely shares the key with the legitimate receiver. Besides that, the proposed MSSEM has an entity called the operation table that includes sixty different cypher suites. Each cypher suite has a specific cypher and mode of operation. During the run-time, one cypher suite is randomly selected from the operation table, and a new key is extracted from the master key with the assistance of SHA-256. The suite, as well as the new key, is allowed to encrypt one message. While each of the messages produces a new key and cypher suite. Thus, no one except communicating parties can access the encryption keys or the cypher suites. Furthermore, the security of MSSEM has been evaluated and mathematically proven to resist known and unknown attacks. As a result, the proposed MSSEM successfully mitigates unknown non-generic attacks by a factor of 2−6. In addition, the proposed MSSEM performance is better than MODEM since MODEM generates 4650 milliseconds to encrypt approximately 1000 bytes, whereas MSSEM needs only 0.14 milliseconds. Finally, a banking system simulation has been tested with the proposed MSSEM in order to secure inbound and outbound system traffic

Crowdfunding Non-fungible Tokens on the Blockchain

Non-fungible tokens (NFTs) have been used as a way of rewarding content creators. Artists publish their works on the blockchain as NFTs, which they can then sell. The buyer of an NFT then holds ownership of a unique digital asset, which can be resold in much the same way that real-world art collectors might trade paintings. However, while a deal of effort has been spent on selling works of art on the blockchain, very little attention has been paid to using the blockchain as a means of fundraising to help finance the artist’s work in the first place. Additionally, while blockchains like Ethereum are ideal for smaller works of art, additional support is needed when the artwork is larger than is feasible to store on the blockchain. In this paper, we propose a fundraising mechanism that will help artists to gain financial support for their initiatives, and where the backers can receive a share of the profits in exchange for their support. We discuss our prototype implementation using the SpartanGold framework. We then discuss how this system could be expanded to support large NFTs with the 0Chain blockchain, and describe how we could provide support for ongoing storage of these NFTs

Fake Malware Generation Using HMM and GAN

In the past decade, the number of malware attacks have grown considerably and, more importantly, evolved. Many researchers have successfully integrated state-of-the-art machine learning techniques to combat this ever present and rising threat to information security. However, the lack of enough data to appropriately train these machine learning models is one big challenge that is still present. Generative modelling has proven to be very efficient at generating image-like synthesized data that can match the actual data distribution. In this paper, we aim to generate malware samples as opcode sequences and attempt to differentiate them from the real ones with the goal to build fake malware data that can be used to effectively train the machine learning models. We use and compare different Generative Adversarial Networks (GAN) algorithms and Hidden Markov Models (HMM) to generate such fake samples obtaining promising results

SoK: Acoustic Side Channels

We provide a state-of-the-art analysis of acoustic side channels, cover all the significant academic research in the area, discuss their security implications and countermeasures, and identify areas for future research. We also make an attempt to bridge side channels and inverse problems, two fields that appear to be completely isolated from each other but have deep connections.Comment: 16 page

Threats and Defenses in SDN Control Plane

abstract: Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like Simple Network Management Protocol (SNMP) appear inadequate and newer techniques like Network Management Datastore Architecture (NMDA) design and Network Configuration (NETCONF) have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws. In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.Dissertation/ThesisMasters Thesis Computer Science 201