Unified Description for Network Information Hiding Methods

Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie

Side-channel based intrusion detection for industrial control systems

Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. We propose a system that uses electromagnetic side-channel measurements to detect behavioural changes of the software running on industrial control systems. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see https://polvanaubel.com/research/em-ics/code

An optofluidic router in a low-cost (PDMS) platform for rapid parallel sample analysis

En col·laboració amb la Universitat de Barcelona (UB), la Universitat Autònoma de Barcelona (UAB) i l'Institut de Ciències Fotòniques (ICFO)Optofluidic system for (bio)chemical applications are becoming more demanding in terms of num- ber of control points, number of light sources and readout equipment. So far, most of these sys- tems require several light sources/detectors for suitable performance, increasing their complexity and cost. In this work, we present an easily integrated, fluidically controlled optical router that fa- cilitates coupling of several light sources or detectors. By using PDMS mirrors and phaseguides, the switching liquid is guided and pinned in desired angles, so that the incident light undergoes total internal reflection and can be reflected towards the output channels without any movable parts. The developed router presents ideal performance for lab on a chip applications, achieving switching frequencies between 0.07 ± 0.025 and 4 ± 2 Hz, depending on the flow rate of the switching liquid. The cross-talk levels are at 20 dB from channel output power to static noise level. With the use of parabolic mirrors, channel coupling efficiencies decrease just 2.38 dBm over four channels. The dynamic switching noise reduces the cross-talk levels by 2-5 dB, depending on the incorporation of ink-apertures. The insertion loss of these devices ranges from 17.34 to 25.42 dB. These results prove the viability of the fluidically controlled router in the low-cost PDMS platform. The intended goal of this work has been to simplify and speed up parallel sample analysis with the router integrated into a multiple path photonic component on a single chip. Development on this front is ongoing to rapidly measure methadone concentrations on chip

Reusing Logic Masking to Facilitate Hardware Trojan Detection

Hardware Trojan (HT) and Integrated Circuit (IC)/ Intellectual Property (IP) piracy are important threats which may happen in untrusted fabrication foundries. Modifying structurally the ICs/IPs design to counter the HT threats has been proposed, and it is known as Design-For-Hardware-Trust (DFHT). DFHT methods are used in order to facilitate HT detection methods. In addition, logic masking methods modify the IPs/ICs design to harden them against the IP/IC piracy. These methods modify a circuit such that it does not work correctly without applying the correct key. In this paper, we propose DFHT methods leveraging logic masking approach

Creation and detection of hardware trojans using non-invasive off-the-shelf technologies

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware

Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults

In the relatively young field of fault-tolerant cryptography, the main research effort has focused exclusively on the protection of the data path of cryptographic circuits. To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remains the proverbial Achilles’ heel. Motivated by a hypothetical yet realistic fault analysis attack that, in principle, could be mounted against any modular exponentiation engine, even one with appropriate data path protection, we set out to close this remaining gap. In this paper, we present guidelines for the design of multifault-resilient sequential control logic based on standard Error-Detecting Codes (EDCs) with large minimum distance. We introduce a metric that measures the effectiveness of the error detection technique in terms of the effort the attacker has to make in relation to the area overhead spent in implementing the EDC. Our comparison shows that the proposed EDC-based technique provides superior performance when compared against regular N-modular redundancy techniques. Furthermore, our technique scales well and does not affect the critical path delay

Media-Based MIMO: A New Frontier in Wireless Communications

The idea of Media-based Modulation (MBM), is based on embedding information in the variations of the transmission media (channel state). This is in contrast to legacy wireless systems where data is embedded in a Radio Frequency (RF) source prior to the transmit antenna. MBM offers several advantages vs. legacy systems, including "additivity of information over multiple receive antennas", and "inherent diversity over a static fading channel". MBM is particularly suitable for transmitting high data rates using a single transmit and multiple receive antennas (Single Input-Multiple Output Media-Based Modulation, or SIMO-MBM). However, complexity issues limit the amount of data that can be embedded in the channel state using a single transmit unit. To address this shortcoming, the current article introduces the idea of Layered Multiple Input-Multiple Output Media-Based Modulation (LMIMO-MBM). Relying on a layered structure, LMIMO-MBM can significantly reduce both hardware and algorithmic complexities, as well as the training overhead, vs. SIMO-MBM. Simulation results show excellent performance in terms of Symbol Error Rate (SER) vs. Signal-to-Noise Ratio (SNR). For example, a $4\times 16$ LMIMO-MBM is capable of transmitting $32$ bits of information per (complex) channel-use, with SER $\simeq 10^{-5}$ at $E_b/N_0\simeq -3.5$dB (or SER $\simeq 10^{-4}$ at $E_b/N_0=-4.5$dB). This performance is achieved using a single transmission and without adding any redundancy for Forward-Error-Correction (FEC). This means, in addition to its excellent SER vs. energy/rate performance, MBM relaxes the need for complex FEC structures, and thereby minimizes the transmission delay. Overall, LMIMO-MBM provides a promising alternative to MIMO and Massive MIMO for the realization of 5G wireless networks.Comment: 26 pages, 11 figures, additional examples are given to further explain the idea of Media-Based Modulation. Capacity figure adde