An ICMetrics Based Lightweight Security Architecture Using Lattice Signcryption

The advent of embedded systems has completely transformed the information landscape. With the explosive growth in the use of interactive real-time technologies, this internet landscape aims to support an even broader range of application domains. The large amount of data that is exchanged by these applications has made them an attractive target for attacks. Thus it is important to employ security mechanisms to protect these systems from attackers. A major challenge facing researchers is the resource constrained nature of these systems, which renders most of the traditional security mechanisms almost useless. In this paper we propose a lightweight ICmetrics based security architecture using lattices. The features of the proposed architecture fulfill both the requirements of security as well as energy efficiency. The proposed architecture provides authentication, confidentiality, non-repudiation and integrity of data. Using the identity information derived from ICmetrics of the device, we further construct a sign cryption scheme based on lattices that makes use of certificate less PKC to achieve the security requirements of the design. This scheme is targeted on resource constrained environments, and can be used widely in applications that require sufficient levels of security with limited resources

Multi-dimensional key generation of ICMetrics for cloud computing

Despite the rapid expansion and uptake of cloud based services, lack of trust in the provenance of such services represents a significant inhibiting factor in the further expansion of such service. This paper explores an approach to assure trust and provenance in cloud based services via the generation of digital signatures using properties or features derived from their own construction and software behaviour. The resulting system removes the need for a server to store a private key in a typical Public/Private-Key Infrastructure for data sources. Rather, keys are generated at run-time by features obtained as service execution proceeds. In this paper we investigate several potential software features for suitability during the employment of a cloud service identification system. The generation of stable and unique digital identity from features in Cloud computing is challenging because of the unstable operation environments that implies the features employed are likely to vary under normal operating conditions. To address this, we introduce a multi-dimensional key generation technology which maps from multi-dimensional feature space directly to a key space. Subsequently, a smooth entropy algorithm is developed to evaluate the entropy of key space

Exploring ICMetrics to detect abnormal program behaviour on embedded devices

Execution of unknown or malicious software on an embedded system may trigger harmful system behaviour targeted at stealing sensitive data and/or causing damage to the system. It is thus considered a potential and significant threat to the security of embedded systems. Generally, the resource constrained nature of Commercial off-the-shelf (COTS) embedded devices, such as embedded medical equipment, does not allow computationally expensive protection solutions to be deployed on these devices, rendering them vulnerable. A Self-Organising Map (SOM) based and Fuzzy C-means based approaches are proposed in this paper for detecting abnormal program behaviour to boost embedded system security. The presented technique extracts features derived from processor's Program Counter (PC) and Cycles per Instruction (CPI), and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed SOM based and Fuzzy C-means based methods can identify unknown program behaviours not included in the training set with 90.9% and 98.7% accuracy

A Method for Detecting Abnormal Program Behavior on Embedded Devices

A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy

ICMetrics based industrial internet of things (IIoT) security in the post quantum world

We are moving into an era of autonomous Industrial Internet of Things world; its security must be considered a crucial element. To maintain the current growth rate in Industrial Internet of Things, future threats related to quantum computing era need utmost attention. This research, in its preliminary stages is a major step in this direction and aims to design an ICMetrics based Industrial Internet of Things security framework for the post quantum era

On Secure Group Admission Control Using ICMetrics

The security of a system cannot be certified unless there are formal methods of admission control. Many techniques and protocol have been proposed that try to provide security yet do not focus on the most important question about who has access to the system. When considering group communications it is more important to understand this problem as the security of the system is dependent upon having authorized entities in the group communicating securely. Admission control has previously been studied in distributed systems but repeatedly overlooked in security. In this paper we provide a polling centred admission control system based on ICMetrics. We choose the polling based system as it considers the opinion of current group members when giving access to members wishing to join the group. Our proposed protocol is based on the use of the secure ring signature along with the latest ICMetrics technology

Secure device identification using multidimensional mapping

In this paper we investigate several potential hardware features from multiple devices for suitability during the employment of a device identification. The generation of stable and unique digital identity from features is challenging in device identification because of the unstable operation environments that implies the features employed are likely to vary under normal operating conditions. To address this, we introduce a novel multi-dimensional key generation technology which maps from multi-dimensional feature space directly to a key space. Furthermore, normalized distributions of features give the necessary data to model the characteristics, from which we derive intra-sample device feature distributions, and correlate the distinct features to generate a secure key to identify the device. Furthermore, to evaluate our experiment, we considerably carried out measurement using the mathematical & statistical modelling

A Machine Learning Method For Sensor Authentication Using Hidden Markov Models

A machine learning method for sensor based authentication is presented. It exploits hidden markov models to generate stable and synthetic probability density functions from variant sensor data. The principle, and novelty, of the new method are presented in detail together with a statistical evaluation. The results show a marked improvement in stability through the use of hidden markov models

On the Incorporation of Secure Filter in ICMetrics Group Communications

Secure group communications present a unique environment where there can be multiple clients and hosts are trying to communicate securely within the group. As the number of clients and hosts increases the complexity of the communication security also increases. Group communications are based on a dynamic environment where the clients may join or leave the group at any moment. Hence it is important to ensure that only permitted entities have access to the group and those that have left the group or are not part of the group have no access to the group communications. This paper explores the delineation of a secure communication filter function that is applicable to group communications and is based on the latest Integrated Circuits Metrics (ICMetrics). The proposed scheme is based on the use of hash functions. To test the scalability of the scheme it has been implemented using SHA1 and SHA2

On the security of consumer wearable devices in the Internet of Things

Miniaturization of computer hardware and the demand for network capable devices has resulted in the emergence of a new class of technology called wearable computing. Wearable devices have many purposes like lifestyle support, health monitoring, fitness monitoring, entertainment, industrial uses, and gaming. Wearable devices are hurriedly being marketed in an attempt to capture an emerging market. Owing to this, some devices do not adequately address the need for security. To enable virtualization and connectivity wearable devices sense and transmit data, therefore it is essential that the device, its data and the user are protected. In this paper the use of novel Integrated Circuit Metric (ICMetric) technology for the provision of security in wearable devices has been suggested. ICMetric technology uses the features of a device to generate an identification which is then used for the provision of cryptographic services. This paper explores how a device ICMetric can be generated by using the accelerometer and gyroscope sensor. Since wearable devices often operate in a group setting the work also focuses on generating a group identification which is then used to deliver services like authentication, confidentiality, secure admission and symmetric key generation. Experiment and simulation results prove that the scheme offers high levels of security without compromising on resource demands