A Novel and Robust Security Approach for Authentication, Integrity, and Confidentiality of Lithium-ion Battery Management Systems

Battery management systems (BMSs) play a critical and crucial role in ensuring the safety and the efficiency of the batteries. The increasing BMS complexity, the expanding interconnections between batteries and applications, and the introduction of cloud-based energy storage system structures have led to growing concerns about battery cybersecurity. For instance, the data exchange between the local and remote BMS parts can be exposed to cybersecurity attacks. Classic BMSs are not equipped with security mechanisms that are instead essential to protect their integrity and reliability and prevent serious consequences such as loss of data, equipment damage, and counterfeiting of battery components. This work highlights the importance of securing BMSs against cyber threats and discusses the current state of the art of cybersecurity in BMSs. The main outcome is the proposal of a novel and robust security approach to design a BMS able to prevent misuse and undesired manipulation of battery equipment and data. The proposed design approach can be used as enabling technology to support the application to the BMSs of the most diffused security mechanisms adopted by the state of the art as cybersecurity protections

Energy efficient mining on a quantum-enabled blockchain using light

We outline a quantum-enabled blockchain architecture based on a consortium of quantum servers. The network is hybridised, utilising digital systems for sharing and processing classical information combined with a fibre--optic infrastructure and quantum devices for transmitting and processing quantum information. We deliver an energy efficient interactive mining protocol enacted between clients and servers which uses quantum information encoded in light and removes the need for trust in network infrastructure. Instead, clients on the network need only trust the transparent network code, and that their devices adhere to the rules of quantum physics. To demonstrate the energy efficiency of the mining protocol, we elaborate upon the results of two previous experiments (one performed over 1km of optical fibre) as applied to this work. Finally, we address some key vulnerabilities, explore open questions, and observe forward--compatibility with the quantum internet and quantum computing technologies.Comment: 25 pages, 5 figure

Lightweight Protocols and Applications for Memory-Based Intrinsic Physically Unclonable Functions on Commercial Off-The-Shelve Devices

We are currently living in the era in which through the ever-increasing dissemination of inter-connected embedded devices, the Internet-of-Things manifests. Although such end-point devices are commonly labeled as ``smart gadgets'' and hence they suggest to implement some sort of intelligence, from a cyber-security point of view, more then often the opposite holds. The market force in the branch of commercial embedded devices leads to minimizing production costs and time-to-market. This widespread trend has a direct, disastrous impact on the security properties of such devices. The majority of currently used devices or those that will be produced in the future do not implement any or insufficient security mechanisms. Foremost the lack of secure hardware components often mitigates the application of secure protocols and applications. This work is dedicated to a fundamental solution statement, which allows to retroactively secure commercial off-the-shelf devices, which otherwise are exposed to various attacks due to the lack of secure hardware components. In particular, we leverage the concept of Physically Unclonable Functions (PUFs), to create hardware-based security anchors in standard hardware components. For this purpose, we exploit manufacturing variations in Static Random-Access Memory (SRAM) and Dynamic Random-Access Memory modules to extract intrinsic memory-based PUF instances and building on that, to develop secure and lightweight protocols and applications. For this purpose, we empirically evaluate selected and representative device types towards their PUF characteristics. In a further step, we use those device types, which qualify due to the existence of desired PUF instances for subsequent development of security applications and protocols. Subsequently, we present various software-based security solutions which are specially tailored towards to the characteristic properties of embedded devices. More precisely, the proposed solutions comprise a secure boot architecture as well as an approach to protect the integrity of the firmware by binding it to the underlying hardware. Furthermore, we present a lightweight authentication protocol which leverages a novel DRAM-based PUF type. Finally, we propose a protocol, which allows to securely verify the software state of remote embedded devices

State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

Design, implementation, and analysis of efficient tools based on PUFs for hardware security applications

A Physical Unclonable Function (PUF) is a physical system that leverages manufacturing process variations to generate unclonable and inherent instance-specific measurements of physical objects. PUF is equivalent to human biometrics in many ways where each human has a unique fingerprint. PUF can securely generate unique and unclonable signatures that allow PUF to bootstrap the implementation of various physical security issues. In this thesis, we discuss PUFs, extend it to a novel SW-PUF, and explore some techniques to utilize it in security applications. We first present the SW-PUF - basic building block of this thesis, a novel PUF design that measures processor chip ALU silicon biometrics in a manner similar to all PUFs. Additionally, it composes the silicon measurement with the data-dependent delay of a particular program instruction in a way that is difficult to decompose through a mathematical model. We then implement the proposed PUF to solve various security issues for applications such as Software Protection and Trusted Computing. We prove that the SW-PUF can provide a more robust root of trust for measurement than the existing trusted platform module (TPM). Second, we present the Reversible SW-PUF , a novel PUF design based on the SW-PUF that is capable of computing partial inputs given its outputs. Given the random output signature of specific instruction in a specific basic block of the program, only the computing platform that originally computed the instruction can accurately regenerate the inputs of the instruction correctly within a certain number of bits. We then implement the Reversible SW-PUF to provide a verifiable computation method. Our scheme links the outsourced software with the cloud-node hardware to provide proof of the computational integrity and the resultant correctness of the results with high probability. Finally, we employ the SW-PUF and the Reversible SW-PUF to provide a trust attribute for data on the Internet of Thing (IoT) systems by combining data provenance and privacy-preserving methods. In our scheme, an IoT server can ensure that the received data comes from the IoT device that owns it. In addition, the server can verify the integrity of the data by validating the provenance metadata for data creation and modification

Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case

The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be addressed immediately, as the increasing use of new communication paradigms and the abundant use of sensors opens up new opportunities to compromise these types of systems. In this sense, technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes that incorporate sensors and perform continuous measurements. These technologies, coupled with new communication paradigms such as Blockchain, offer a high reliability, robustness and good interoperability between them. This paper proposes the design of a secure sensor incorporating the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core architecture. Through this combination of technologies, one of the cores collects the data extracted by the sensors and implements the security mechanisms to guarantee the integrity of these data, while the remaining core is responsible for sending these data through the appropriate communication protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally, to illustrate the application of this concept, a use case applied to wine logistics is described, where this secure sensor is integrated into a Blockchain that collects data from the storage and transport of barrels, and a performance evaluation of the implemented prototype is providedEuropean Union’s Horizon Europe research and innovation program through the funding project “Cognitive edge-cloud with serverless computing” (EDGELESS) under grant agreement number 101092950FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR2