A Hardware Security Solution against Scan-Based Attacks

Scan based Design for Test (DfT) schemes have been widely used to achieve high fault coverage for integrated circuits. The scan technique provides full access to the internal nodes of the device-under-test to control them or observe their response to input test vectors. While such comprehensive access is highly desirable for testing, it is not acceptable for secure chips as it is subject to exploitation by various attacks. In this work, new methods are presented to protect the security of critical information against scan-based attacks. In the proposed methods, access to the circuit containing secret information via the scan chain has been severely limited in order to reduce the risk of a security breach. To ensure the testability of the circuit, a built-in self-test which utilizes an LFSR as the test pattern generator (TPG) is proposed. The proposed schemes can be used as a countermeasure against side channel attacks with a low area overhead as compared to the existing solutions in literature

Analysis and optimisation through mathematical modelling: Muresk farm photovoltaic reverse osmosis water treatment plant

Photovoltaic reverse osmosis water treatment units can be deployed into remote regions to provide remote communities with a clean water source without the need for on site electricity supply to operate. Optimisation of these units has the potential to maximise the output of purified water and to improve the overall effectiveness of the PVRO unit once it has been deployed. The aim of this project is to develop a mathematical model for the optimisation of the Muresk PVRO unit. This is achieved using a local monitoring system that can log the operational data of the PVRO unit and utilising this data to validate and tune a Microsoft Excel based mathematical model of the Muresk PVRO unit. In this project an ESP32 microcontroller running an Arduino program was used to log the electrical and water flow data from the PVRO unit to a ThingSpeak IOT portal and a local SD card. A mathematical model of the Muresk PVRO system was developed, and two months of data were compared with the data from the monitoring unit to tune and validate the model. With the model tuned the mathematical model was used to investigate optimising the PVRO output by adjusting the tilt angle of the solar array. By increasing the array tilt from 30 degrees to 45-degrees the daily minimum output improved by 9% with a marginal loss of 1% to the annual water output. This increases the suitability of the unit to applications where a consistent output of clean water is more desired than just maximising the annual output

Recent Advances in Embedded Computing, Intelligence and Applications

The latest proliferation of Internet of Things deployments and edge computing combined with artificial intelligence has led to new exciting application scenarios, where embedded digital devices are essential enablers. Moreover, new powerful and efficient devices are appearing to cope with workloads formerly reserved for the cloud, such as deep learning. These devices allow processing close to where data are generated, avoiding bottlenecks due to communication limitations. The efficient integration of hardware, software and artificial intelligence capabilities deployed in real sensing contexts empowers the edge intelligence paradigm, which will ultimately contribute to the fostering of the offloading processing functionalities to the edge. In this Special Issue, researchers have contributed nine peer-reviewed papers covering a wide range of topics in the area of edge intelligence. Among them are hardware-accelerated implementations of deep neural networks, IoT platforms for extreme edge computing, neuro-evolvable and neuromorphic machine learning, and embedded recommender systems

Authorisation Issues for Mobile Code in Mobile Systems

This thesis is concerned with authorisation issues for mobile code in mobile systems. It is divided into three main parts. Part I covers the development of a policy-based framework for the authorisation of mobile code and agents by host systems. Part II addresses the secure download, storage and execution of a conditional access application, used in the secure distribution of digital video broadcast content. Part III explores the way in which trusted computing technology may be used in the robust implementation of OMA DRM version 2. In part I of this thesis, we construct a policy-based mobile code and agent authorisation framework, with the objective of providing both mobile devices and service providers with the ability to assign appropriate privileges to incoming executables. Whilst mobile code and agent authorisation mechanisms have previously been considered in a general context, this thesis focuses on the special requirements resulting from mobile code and agent authorisation in a mobile environment, which restrict the types of solutions that may be viable. Following the description and analysis of a number of architectural models upon which a policy-based framework for mobile code and agent authorisation may be constructed, we outline a list of features desirable in the definitive underlying architecture. Specific implementation requirements for the capabilities of the policy and attribute certificate specification languages and the associated policy engine are then extracted. Candidate policy specification languages, namely KeyNote (and Nereus), Ponder (and (D)TPL) and SAML are then examined, and conclusions drawn regarding their suitability for framework expression. Finally, the definitive policy based framework for mobile code and agent authorisation is described. In the second part of this thesis, a flexible approach that allows consumer products to support a wide range of proprietary content protection systems, or more specifically digital video broadcast conditional access systems, is proposed. Two protocols for the secure download of content protection software to mobile devices are described. The protocols apply concepts from trusted computing to demonstrate that a platform is in a sufficiently trustworthy state before any application or associated keys are securely downloaded. The protocols are designed to allow mobile devices to receive broadcast content protected by proprietary conditional access applications. Generic protocols are first described, followed by an analysis of how well the downloaded code is protected in transmission. How the generic protocols may be implemented using specific trusted computing technologies is then investigated. For each of the selected trusted computing technologies, an analysis of how the conditional access application is protected while in storage and while executing on the mobile host is also presented. We then examine two previously proposed download protocols, which assume a mobile receiver compliant with the XOM and AEGIS system architectures. Both protocols are then analysed against the security requirements defined for secure application download, storage and execution. We subsequently give a series of proposed enhancements to the protocols which are designed to address the identified shortcomings. In the final section of this thesis, we examine OMA DRM version 2, which defines the messages, protocols and mechanisms necessary in order to control the use of digital content in a mobile environment. However, an organisation, such as the CMLA, must specify how robust implementations of the OMA DRM version 2 specification should be, so that content providers can be confident that their content will be safe on OMA DRM version 2 devices. We take the requirements extracted for the robust implementation of the OMA DRM version 2 specification and propose an implementation which meets these requirements using the TCG architecture and TPM/TSS version 1.2 commands