449 research outputs found
Integration of Hardware Security Modules and Permissioned Blockchain in Industrial IoT Networks
Hardware Security Modules (HSM) serve as a hardware based root of trust that offers physical
protection while adding a new security layer in the system architecture. When combined with decentralized
access technologies as Blockchain, HSM offers robustness and complete reliability enabling secured end-toend
mechanisms for authenticity, authorization and integrity. This work proposes an ef cient integration of
HSM and Blockchain technologies focusing on, mainly, public-key cryptography algorithms and standards,
that result crucial in order to achieve a successful combination of the mentioned technologies to improve the
overall security in Industrial IoT systems. To prove the suitability of the proposal and the interaction of an
IoT node and a Blockchain network using HSM a proof of concept is developed. Results of time performance
analysis of the prototype reveal how promising the combination of HSMs in Blockchain environments is.Infineon Technologies AGEuropean Union's Horizon 2020 Research and Innovation Program through the Cyber Security 4.0: Protecting the Industrial Internet of Things (C4IIoT) 833828FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades B-TIC-588-UGR2
Design of programmable hardware security modules for enhancing blockchain based security framework
Globalization of the chip design and manufacturing industry has imposed significant threats to the hardware security of integrated circuits (ICs). It has made ICs more susceptible to various hardware attacks. Blockchain provides a trustworthy and distributed platform to store immutable records related to the evidence of intellectual property (IP) creation, authentication of provenance, and confidential data storage. However, blockchain encounters major security challenges due to its decentralized nature of ledgers that contain sensitive data. The research objective is to design a dedicated programmable hardware security modules scheme to safeguard and maintain sensitive information contained in the blockchain networks in the context of the IC supply chain. Thus, the blockchain framework could rely on the proposed hardware security modules and separate the entire cryptographic operations within the system as stand-alone hardware units. This work put forth a novel approach that could be considered and utilized to enhance blockchain security in real-time. The critical cryptographic components in blockchain secure hash algorithm-256 (SHA-256) and the elliptic curve digital signature algorithm are designed as separate entities to enhance the security of the blockchain framework. Physical unclonable functions are adopted to perform authentication of transactions in the blockchain. Relative comparison of designed modules with existing works clearly depicts the upper hand of the former in terms of performance parameters
Towards a Formally Verified Security Monitor for VM-based Confidential Computing
Confidential computing is a key technology for isolating high-assurance
applications from the large amounts of untrusted code typical in modern
systems. Existing confidential computing systems cannot be certified for use in
critical applications, like systems controlling critical infrastructure,
hardware security modules, or aircraft, as they lack formal verification.
This paper presents an approach to formally modeling and proving a security
monitor. It introduces a canonical architecture for virtual machine (VM)-based
confidential computing systems. It abstracts processor-specific components and
identifies a minimal set of hardware primitives required by a trusted security
monitor to enforce security guarantees. We demonstrate our methodology and
proposed approach with an example from our Rust implementation of the security
monitor for RISC-V
A Cpu-Instruction-Based Asymmetric Signing/Decryption Mechanism For Secure Handling Of Asymmetric Keys
A method and system are disclosed for allowing a central processing unit (CPU) to perform signing/decryption operations securely. The system includes the CPU, which embeds an asymmetric private decryption key called CPU Decryption Key (CDK). A public key corresponding to the CDK, known as CPU Encryption Key (CEK) is published by the CPU vendor, and comes with a vendor-signed certificate. The CPU exposes two instructions - IMPORT_KEY and USE_KEY, which point to memory locations for storing decrypted keys, wrapped keys, and data. The disclosed mechanism provides a high level of security in cloud environments by providing a secure key delivery to the signer and protecting the signer. In addition, it involves low cost when compared to hardware security modules(HSM)
Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case
The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be
addressed immediately, as the increasing use of new communication paradigms and the abundant
use of sensors opens up new opportunities to compromise these types of systems. In this sense,
technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules
(HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes
that incorporate sensors and perform continuous measurements. These technologies, coupled with
new communication paradigms such as Blockchain, offer a high reliability, robustness and good
interoperability between them. This paper proposes the design of a secure sensor incorporating
the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core
architecture. Through this combination of technologies, one of the cores collects the data extracted by
the sensors and implements the security mechanisms to guarantee the integrity of these data, while
the remaining core is responsible for sending these data through the appropriate communication
protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally,
to illustrate the application of this concept, a use case applied to wine logistics is described, where
this secure sensor is integrated into a Blockchain that collects data from the storage and transport of
barrels, and a performance evaluation of the implemented prototype is providedEuropean Union’s Horizon Europe research and innovation program through the funding project
“Cognitive edge-cloud with serverless computing” (EDGELESS) under grant agreement number
101092950FEDER/Junta de Andalucia-Consejeria de Transformacion
Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR2
Fine-Grained Access Control with User Revocation in Smart Manufacturing
This research has been founded by the European Union’s Horizon 2020 Research and
Innovation program under grant agreement No. 871518, a project named COLLABS [19].Collaborative manufacturing is a key enabler of Industry 4.0 that requires secure data sharing among multiple parties. However, intercompany data-sharing raises important privacy and security concerns, particularly given intellectual property and business-sensitive information collected by many devices. In this paper, we propose a solution that combines four technologies to address these challenges: Attribute-Based Encryption for data access control, blockchain for data integrity and non-repudiation, Hardware Security Modules for authenticity, and the Interplanetary File System for data scalability. We also use OpenID for dynamic client identification and propose a new method for user revocation in Attribute-Based Encryption. Our evaluation shows that the solution can scale up to 2,000,000 clients while maintaining all security guarantees.European Union’s Horizon 2020, 87151
True random number generator based on the variability of the high resistance state of RRAMs
Hardware-based security primitives like True Random Number Generators (TRNG) have become a crucial part in protecting data over communication channels. With the growth of internet and cloud storage, TRNGs are required in numerous cryptographic operations. On the other hand, the inherently dense structure and low power characteristics of emerging nanoelectronic technologies such as resistive-switching memories (RRAM) make them suitable elements in designing hardware security modules integrated in CMOS ICs. In this paper, a memristor based TRNG is presented by leveraging the high stochasticity of RRAM resistance value in OFF (High Resistive) state. In the proposal, one or two devices can be used depending on whether the objective is focused on saving area or obtaining a higher random bit frequency generation. The generated bits, based on a combination of experimental measurements and SPICE simulations, passed all 15 National Institute of Standards and Technology (NIST) tests and achieved a throughput of tens of MHz.Postprint (published version
Heartland Payment Systems: lessons learned from a data breach
On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments. The center invited the chairman and CEO of Heartland Payment Systems (HPS or Heartland), Robert (Bob) Carr, to lead this discussion and to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event. The former director of the Payment Cards Center, Peter Burns, who is acting as a senior payments advisor to HPS, also joined the discussion to outline Heartland's post-breach efforts aimed at improving information sharing and data security within the consumer payments industry. In conclusion, Carr introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization, and chip technology. While HPS has been very supportive of end-to-end encryption, each of these alternatives offers its own set of advantages and disadvantages.Payment systems ; Data protection ; Electronic commerce
- …