Physical Unclonability Framework for the Internet of Things

Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading secrets among several parties also expands the attack surface. This conflict is in part due to the difficulty in differentiating between instances of the same hardware, which leads to treating physically distinct devices as identical. Harnessing the uniqueness of each connected device and injecting it into security protocols can provide solutions to several common issues of the IoT. Secrets can be generated directly from this uniqueness without the need to manually embed them into devices, reducing both the risk of exposure and the cost of managing great numbers of devices. Uniqueness can then lead to the primitive of unclonability. Unclonability refers to ensuring the difficulty of producing an exact duplicate of an entity via observing and measuring the entity’s features and behaviour. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions that extract the inherent unclonable features of objects and compound them into a usable form, often that of binary data. PUFs are also exceptionally useful in IoT applications since they are low-cost, easy to integrate into existing designs, and have the potential to replace expensive cryptographic operations. Thus, a great number of solutions have been developed to integrate PUFs in various security scenarios. However, methods to expand unclonability into a complete security framework have not been thoroughly studied. In this work, the foundations are set for the development of such a framework through the formulation of an unclonability stack, in the paradigm of the OSI reference model. The stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices, network links and eventually unclonable systems. Those layers are introduced, and work towards the design of protocols and methods for several of the layers is presented. A collection of protocols based on one or more unclonable tokens or authority devices is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods. The role of the authority devices is that of a consolidated, observable root of ownership, whose physical state can be verified. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships, without the need of continued interaction with the authority device. Building on this introduction scheme, methods for establishing and maintaining unclonable links between pairs of nodes are introduced. These pairwise links are essential for the construction of relationships among multiple network nodes, in a variety of topologies. Those topologies and the resulting relationships are formulated and discussed. While the framework does not depend on specific PUF hardware, SRAM PUFs are chosen as a case study since they are commonly used and based on components that are already present in the majority of IoT devices. In the context of SRAM PUFs and with a view to the proposed framework, practical issues affecting the adoption of PUFs in security protocols are discussed. Methods of improving the capabilities of SRAM PUFs are also proposed, based on experimental data.School of Engineering Newcastle Universit

Passphrase and keystroke dynamics authentication: security and usability

It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation

The Relationship Between Technology Adoption Determinants and the Intention to Use Software-Defined Networking

AbstractThe advent of distributed cloud computing and the exponential growth and demands of the internet of things and big data have strained traditional network technologies\u27 capabilities and have given rise to software-defined networking\u27s (SDN\u27s) revolutionary approach. Some information technology (IT) cloud services leaders who do not intend to adopt SDN technology may be unable to meet increasing performance and flexibility demands and may risk financial loss compared to those who adopt SDN technology. Grounded in the unified theory of acceptance and use of technology (UTAUT), the purpose of this quantitative correlational study was to examine the relationship between IT cloud system integrators\u27 perceptions of performance expectancy, effort expectancy, social influence, facilitating conditions, and their intention to use SDN technology. The participants (n = 167) were cloud system integrators who were at least 18 years old with a minimum of three months\u27 experience and used SDN technology in the United States. Data were collected using the UTAUT authors\u27 validated survey instrument. The multiple regression findings were significant, F(4, 162) = 40.44, p \u3c .001, R2 = .50. In the final model, social influence (ß = .236, t = 2.662, p \u3c .01) and facilitating conditions (ß = .327, t = 5.018, p \u3c .001) were statistically significant; performance expectancy and effort expectancy were not statistically significant. A recommendation is for IT managers to champion SDN adoption by ensuring the availability of support resources and promoting its use in the organization\u27s goals. The implications for positive social change include the potential to enhance cloud security, quality of experience, and improved reliability, strengthening safety control systems

Measuring Behavior 2018 Conference Proceedings

These proceedings contain the papers presented at Measuring Behavior 2018, the 11th International Conference on Methods and Techniques in Behavioral Research. The conference was organised by Manchester Metropolitan University, in collaboration with Noldus Information Technology. The conference was held during June 5th – 8th, 2018 in Manchester, UK. Building on the format that has emerged from previous meetings, we hosted a fascinating program about a wide variety of methodological aspects of the behavioral sciences. We had scientific presentations scheduled into seven general oral sessions and fifteen symposia, which covered a topical spread from rodent to human behavior. We had fourteen demonstrations, in which academics and companies demonstrated their latest prototypes. The scientific program also contained three workshops, one tutorial and a number of scientific discussion sessions. We also had scientific tours of our facilities at Manchester Metropolitan Univeristy, and the nearby British Cycling Velodrome. We hope this proceedings caters for many of your interests and we look forward to seeing and hearing more of your contributions

Strategic Latency Unleashed: The Role of Technology in a Revisionist Global Order and the Implications for Special Operations Forces

The article of record may be found at https://cgsr.llnl.govThis work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory in part under Contract W-7405-Eng-48 and in part under Contract DE-AC52-07NA27344. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. ISBN-978-1-952565-07-6 LCCN-2021901137 LLNL-BOOK-818513 TID-59693This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory in part under Contract W-7405-Eng-48 and in part under Contract DE-AC52-07NA27344. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. ISBN-978-1-952565-07-6 LCCN-2021901137 LLNL-BOOK-818513 TID-5969

Intelligent technologies for the aging brain: opportunities and challenges

Intelligent computing is rapidly reshaping healthcare. In light of the global burden of population aging and neurological disorders, dementia and elderly care are among the healthcare sectors that are most likely to benefit from this technological revolution. Trends in artificial intelligence, robotics, ubiquitous computing, neurotechnology and other branches of biomedical engineering are progressively enabling novel opportunities for technology-enhanced care. These Intelligent Assistive Technologies (IATs) open the prospects of supporting older adults with neurocognitive disabilities, maintain their independence, reduce the burden on caregivers and delay the need for long-term care (1, 2). While technology develops fast, yet little knowledge is available to patients and health professionals about the current availability, applicability, and capability of existing IATs. This thesis proposes a state-of-the-art analysis of IATs in dementia and elderly care. Our findings indicate that advances in intelligent technology are resulting in a rapidly expanding number and variety of assistive solutions for older adults and people with neurocognitive disabilities. However, our analysis identifies a number of challenges that negatively affect the optimal deployment and uptake of IATs among target users and care institutions. These include design issues, sub-optimal approaches to product development, translational barriers between lab and clinics, lack of adequate validation and implementation, as well as data security and cyber-risk weaknesses. Additionally, in virtue of their technological novelty, intelligent technologies raise a number of Ethical, Legal and Social Implications (ELSI). Therefore, a significant portion of this thesis is devoted to providing an early ethical Technology Assessment (eTA) of intelligent technology, hence contributing to preparing the terrain for its safe and ethically responsible adoption. This assessment is primarily focused on intelligent technologies at the human-machine interface, as these applications enable an unprecedented exposure of the intimate dimension of individuals to the digital infosphere. Issues of privacy, integrity, equality, and dual-use were addressed at the level of stakeholder analysis, normative ethics and human-rights law. Finally, this thesis is aimed at providing evidence-based recommendations for guiding participatory and responsible development in intelligent technology, and delineating governance strategies that maximize the clinical benefits of IATs for the aging world, while minimizing unintended risks

Data and the city – accessibility and openness. a cybersalon paper on open data

This paper showcases examples of bottom–up open data and smart city applications and identifies lessons for future such efforts. Examples include Changify, a neighbourhood-based platform for residents, businesses, and companies; Open Sensors, which provides APIs to help businesses, startups, and individuals develop applications for the Internet of Things; and Cybersalon’s Hackney Treasures. a location-based mobile app that uses Wikipedia entries geolocated in Hackney borough to map notable local residents. Other experiments with sensors and open data by Cybersalon members include Ilze Black and Nanda Khaorapapong's The Breather, a "breathing" balloon that uses high-end, sophisticated sensors to make air quality visible; and James Moulding's AirPublic, which measures pollution levels. Based on Cybersalon's experience to date, getting data to the people is difficult, circuitous, and slow, requiring an intricate process of leadership, public relations, and perseverance. Although there are myriad tools and initiatives, there is no one solution for the actual transfer of that data