Hardware-Based Authentication for the Internet of Things

Entity authentication is one of the most fundamental problems in computer security. Implementation of any authentication protocol requires the solution of several sub-problems, such as the problems regarding secret sharing, key generation, key storage and key verification. With the advent of the Internet-of-Things(IoT), authentication becomes a pivotal concern in the security of IoT systems. Interconnected components of IoT devices normally contains sensors, actuators, relays, and processing and control equipment that are designed with the limited budget on power, cost and area. As a result, incorporating security protocols in such resource constrained IoT components can be rather challenging. To address this issue, in this dissertation, we design and develop hardware oriented lightweight protocols for the authentication of users, devices and data. These protocols utilize physical properties of memory components, computing units, and hardware clocks on the IoT device. Recent works on device authentication using physically uncloneable functions can render the problem of entity authentication and verification based on the hardware properties tractable. Our studies reveal that non-linear characteristics of resistive memories can be useful in solving several problems regarding authentication. Therefore, in this dissertation, first we explore the ideas of secret sharing using threshold circuits and non-volatile memory components. Inspired by the concepts of visual cryptography, we identify the promises of resistive memory based circuits in lightweight secret sharing and multi-user authentication. Furthermore, the additive and monotonic properties of non-volatile memory components can be useful in addressing the challenges of key storage. Overall, in the first part of this dissertation, we present our research on design of low-cost, non-crypto based user authentication schemes using physical properties of a resistive memory based system. In the second part of the dissertation, we demonstrate that in computational units, the emerging voltage over-scaling (VOS)-based computing leaves a process variation dependent error signature in the approximate results. Current research works in VOS focus on reducing these errors to provide acceptable results from the computation point of view. Interestingly, with extreme VOS, these errors can also reveal significant information about the underlying physical system and random variations therein. As a result, these errors can be methodically profiled to extract information about the process variation in a computational unit. Therefore, in this dissertation, we also employ error profiling techniques along with the basic key-based authentication schemes to create lightweight device authentication protocols. Finally, intrinsic properties of hardware clocks can provide novel ways of device fingerprinting and authentication. The clock signatures can be used for real-time authentication of electromagnetic signals where some temporal properties of the signal are known. In the last part of this dissertation, we elaborate our studies on data authentication using hardware clocks. As an example, we propose a GPS signature authentication and spoofing detection technique using physical properties such as the frequency skew and drift of hardware clocks in GPS receivers

Reliability and Security of Compute-In-Memory Based Deep Neural Network Accelerators

Compute-In-Memory (CIM) is a promising solution for accelerating DNNs at edge devices, utilizing mixed-signal computations. However, it requires more cross-layer designs from algorithm levels to hardware implementations as it behaves differently from the pure digital system. On one side, the mixed-signal computations of CIM face unignorable variations, which could hamper the software performance. On the other side, there are potential software/hardware security vulnerabilities with CIM accelerators. This research aims to solve the reliability and security issues in CIM design for accelerating Deep Neural Network (DNN) algorithms as they prevent the real-life use of the CIM-based accelerators. Some non-ideal effects in CIM accelerators are explored, which could cause reliability issues, and solved by the software-hardware co-design methods. In addition, different security vulnerabilities for SRAM-based CIM and eNVM-based CIM inference engines are defined, and corresponding countermeasures are proposed.Ph.D

Improving Security and Reliability of Physical Unclonable Functions Using Machine Learning

Physical Unclonable Functions (PUFs) are promising security primitives for device authenti-cation and key generation. Due to the noise influence, reliability is an important performance metric of PUF-based authentication. In the literature, lots of efforts have been devoted to enhancing PUF reliability by using error correction methods such as error-correcting codes and fuzzy extractor. Ho-wever, one property that most of these prior works overlooked is the non-uniform distribution of PUF response across different bits. This wok proposes a two-step methodology to improve the reliability of PUF under noisy conditions. The first step involves acquiring the parameters of PUF models by using machine lear-ning algorithms. The second step then utilizes these obtained parameters to improve the reliability of PUFs by selectively choosing challenge-response pairs (CRPs) for authentication. Two distinct algorithms for improving the reliability of multiplexer (MUX) PUF, i.e., total delay difference thresholding and sensitive bits grouping, are presented. It is important to note that the methodology can be easily applied to other types of PUFs as well. Our experimental results show that the relia-bility of PUF-based authentication can be significantly improved by the proposed approaches. For example, in one experimental setting, the reliability of an MUX PUF is improved from 89.75% to 94.07% using total delay difference thresholding, while 89.30% of generated challenges are stored. As opposed to total delay difference thresholding, sensitive bits grouping possesses higher efficiency, as it can produce reliable CRPs directly. Our experimental results show that the reliability can be improved to 96.91% under the same setting, when we group 12 bits in the challenge vector of a 128-stage MUX PUF. Besides, because the actual noise varies greatly in different conditions, it is hard to predict the error of of each individual PUF response bit. This wok proposes a novel methodology to improve the efficiency of PUF response error correction based on error-rates. The proposed method first obtains the PUF model by using machine learning techniques, which is then used to predict the error-rates. Intuitively, we are inclined to tolerate errors in PUF response bits with relatively higher error-rates. Thus, we propose to treat different PUF response bits with different degrees of error tolerance, according to their estimated error-rates. Specifically, by assigning optimized weights, i.e., 0, 1, 2, 3, and infinity to PUF response bits, while a small portion of high error rates responses are truncated; the other responses are duplicated to a limited number of bits according to error-rates before error correction and a portion of low error-rates responses bypass the error correction as direct keys. The hardware cost for error correction can also be reduced by employing these methods. Response weighting is capable of reducing the false negative and false positive simultaneously. The entropy can also be controlled. Our experimental results show that the response weighting algorithm can reduce not only the false negative from 20.60% to 1.71%, but also the false positive rate from 1.26 × 10−21 to 5.38 × 10−22 for a PUF-based authentication with 127-bit response and 13-bit error correction. Besides, three case studies about the applications of the proposed algorithm are also discussed. Along with the rapid development of hardware security techniques, the revolutionary gro-wth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this wok presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly im-prove the learning efficiency of PUF modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our ex-perimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mis-labeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs. At last, it is critical to design secure PUF, which can mitigate the countermeasures or modeling attacking from intelligent and adaptive adversaries. Previously, researchers devoted to hiding PUF information by pre- or post processing of PUF challenge/response. However, these methods are still subject to side-channel analysis based hybrid attacks. Methods for increasing the non-linearity of PUF structure, such as feedforward PUF, cascade PUF and subthreshold current PUF, have also been proposed. However, these methods significantly degrade the reliability. Based on the previous work, this work proposes a novel concept, noisy PUF, which achieves modeling attack resistance while maintaining a high degree of reliability for selected CRPs. A possible design of noisy PUF along with the corresponding experimental results is also presented

Next Generation Technologies for Smart Healthcare: Challenges, Vision, Model, Trends and Future Directions

Modern industry employs technologies for automation that may include Internet of Things (IoT), Cloud and/or Fog Computing, 5G as well as Artificial Intelligence (AI), Machine Learning (ML), or Blockchain. Currently, a part of research for the new industrial era is in the direction of improving healthcare services. This work throws light on some of the major challenges in providing affordable, efficient, secure and reliable healthcare from the viewpoint of computer and medical sciences. We describe a vision of how a holistic model can fulfill the growing demands of healthcare industry, and explain a conceptual model that can provide a complete solution for these increasing demands. In our model, we elucidate the components and their interaction at different levels, leveraging state‐of‐the art technologies in IoT, Fog computing, AI, ML and Blockchain. We finally describe current trends in this field and propose future directions to explore emerging paradigms and technologies on evolution of healthcare leveraging next generation computing systems

Mitigating Differential Power Analysis Attacks on AES using NeuroMemristive Hardware

Cryptographic algorithms such as the Advanced Encryption Standard (AES) are vulnerable to side channel attacks. AES was once thought to be impervious to attacks, but this proved to be true only for a mathematical model of AES, not a physical realization. Hard- ware implementations leak side channel information such as power dissipation. One of the practical SCA attacks is the Differential power analysis (DPA) attack, which statistically analyzes power measurements to find data-dependent correlations. Several countermeasures against DPA have been proposed at the circuit and logic level in conventional technologies. These techniques generally include masking the data inside the algorithm or hiding the power profile. Next generation processors bring in additional challenges to mitigate DPA attacks, by way of heterogeneity of the devices used in the hardware realizations. Neuromemristive systems hold potential in this domain and also bring new challenges to the hardware security of cryptosystems. In this exploratory work, a neuromemristive architecture was designed to compute an AES transformation and mitigate DPA attacks. The random power profile of the neuromemristive architecture reduces the correlations between data and power consumption. Hardware primitives, such as neuron and synapse circuits were developed along with a framework to generate neural networks in hardware. An attack framework was developed to run DPA attacks using different leakage models. A baseline AES cryptoprocessor using only CMOS technology was attacked successfully. The SubBytes transformation was replaced by a neuromemristive architecture, and the proposed designs were more resilient against DPA attacks at the cost of increased power consumption

Energy Harvesting and Sensor Based Hardware Security Primitives for Cyber-Physical Systems

The last few decades have seen a large proliferation in the prevalence of cyber-physical systems. Although cyber-physical systems can offer numerous advantages to society, their large scale adoption does not come without risks. Internet of Things (IoT) devices can be considered a significant component within cyber-physical systems. They can provide network communication in addition to controlling the various sensors and actuators that exist within the larger cyber-physical system. The adoption of IoT features can also provide attackers with new potential avenues to access and exploit a system\u27s vulnerabilities. Previously, existing systems could more or less be considered a closed system with few potential points of access for attackers. Security was thus not typically a core consideration when these systems were originally designed. The cumulative effect is that these systems are now vulnerable to new security risks without having native security countermeasures that can easily address these vulnerabilities. Even just adding standard security features to these systems is itself not a simple task. The devices that make up these systems tend to have strict resource constraints in the form of power consumption and processing power. In this dissertation, we explore how security devices known as Physically Unclonable Functions (PUFs) could be used to address these concerns. PUFs are a class of circuits that are unique and unclonable due to inherent variations caused by the device manufacturing process. We can take advantage of these PUF properties by using the outputs of PUFs to generate secret keys or pseudonyms that are similarly unique and unclonable. Existing PUF designs are commonly based around transistor level variations in a special purpose integrated circuit (IC). Integrating these designs within a system would still require additional hardware along with system modification to interact with the device. We address these concerns by proposing a novel PUF design methodology for the creation of PUFs whose integration within these systems would minimize the cost of redesigning the system by reducing the need to add additional hardware. This goal is achieved by creating PUF designs from components that may already exist within these systems. A PUF designed from existing components creates the possibility of adding a PUF (and thus security features) to the system without actually adding any additional hardware. This could allow PUFs to become a more attractive security option for integration with resource constrained devices. Our proposed approach specifically targets sensors and energy harvesting devices since they can provide core functions within cyber-physical systems such as power generation and sensing capabilities. These components are known to exhibit variations due to the manufacturing process and could thus be utilized to design a PUF. Our first contribution is the proposal of a novel PUF design methodology based on using components which are already commonly found within cyber-physical systems. The proposed methodology uses eight sensors or energy harvesting devices along with a microcontroller. It is unlikely that single type of sensor or energy harvester will exist in all possible cyber-physical systems. Therefore, it is important to create a range of designs in order to reach a greater portion of cyber-physical systems. The second contribution of this work is the design of a PUF based on piezo sensors. Our third contribution is the design of a PUF that utilizes thermistor temperature sensors. The fourth contribution of this work is a proposed solar cell based PUF design. Furthermore, as a fifth contribution of this dissertation we evaluate a selection of common solar cell materials to establish which type of solar cell would be best suited to the creation of a PUF based on the operating conditions. The viability of the proposed designs is evaluated through testing in terms of reliability and uniformity. In addition, Monte Carlo simulations are performed to evaluate the uniqueness property of the designs. For our final contribution we illustrate the security benefits that can be achieved through the adoption of PUFs by cyber-physical systems. For this purpose we chose to highlight vehicles since they are a very popular example of a cyber-physical system and they face unique security challenges which are not readily solvable by standard solutions. Our contribution is the proposal of a novel controller area network (CAN) security framework that is based on PUFs. The framework does not require any changes to the underlying CAN protocol and also minimizes the amount of additional message passing overhead needed for its operation. The proposed framework is a good example of how the cost associated with implementing such a framework could be further reduced through the adoption of our proposed PUF designs. The end result is a method which could introduce security to an inherently insecure system while also making its integration as seamless as possible by attempting to minimize the need for additional hardware

Nanoelectronic Solutions for Hardware Security

Information security has emerged as an important system and application metric. Classical security solutions use algorithmic mechanisms that address a small subset of emerging security requirements, often at high energy and performance overhead. Further, emerging side channel and physical attacks can compromise classical security solutions. Hardware-based security solutions overcome many of the limitations of classical security while consuming less energy and improving performance. Nanoelectronics-based hardware security preserves all of these advantages while enabling conceptually new security mechanisms and security applications. This paper highlights nanoelectronics based security capabilities and challenges. The paper describes nanoelectronics-based hardware security primitives for device identification, digital forensics, and tamper detection. These primitives can be developed using the unique characteristics of emerging nanoelectronic devices such as complex device and system models, bidirectional operation, and temporal drift of state variables. We also identify important desiderata and outstanding challenges in nanoelectronics-based security

Random‑telegraph‑noise‑enabled true random number generator for hardware security

The future security of Internet of Things is a key concern in the cyber-security field. One of the key issues is the ability to generate random numbers with strict power and area constrains. “True Random Number Generators” have been presented as a potential solution to this problem but improvements in output bit rate, power consumption, and design complexity must be made. In this work we present a novel and experimentally verified “True Random Number Generator” that uses exclusively conventional CMOS technology as well as offering key improvements over previous designs in complexity, output bitrate, and power consumption. It uses the inherent randomness of telegraph noise in the channel current of a single CMOS transistor as an entropy source. For the first time multilevel and abnormal telegraph noise can be utilised, which greatly reduces device selectivity and offers much greater bitrates. The design is verified using a breadboard and FPGA proof of concept circuit and passes all 15 of the NIST randomness tests without any need for post-processing of the generated bitstream. The design also shows resilience against machine learning attacks performed by the LSTM neural network

Approximate Computing Techniques for Low Power and Energy Efficiency

Approximate computing is an emerging computation paradigm in the era of the Internet of things, big data and AI. It takes advantages of the error-tolerable feature of many applications, such as machine learning and image/signal processing, to reduce the resources consumption and delivers a certain level of computation quality. In this dissertation, we propose several data format oriented approximate computing techniques that will dramatically increase the power/energy efficiency with the insignificant loss of computational quality. For the integer computations, we propose an approximate integer format (AIF) and its associated arithmetic mechanism with controllable computation accuracy. In AIF, operands are segmented at runtime such that the computation is performed only on part of operands by computing units (such as adders and multipliers) of smaller bit-width. The proposed AIF can be used for any arithmetic operation and can be extended to fixed point numbers. AIF requires additional customized hardware support. We also provide a method that can optimize the bit-width of the fixed point computations that run on the general purpose hardware. The traditional bit-width optimization methods mainly focus on minimizing the fraction part since the integer part is restricted by the data range. In our work, we utilize the dynamic fixed point concept and the input data range as the prior knowledge to get rid of this limitation. We expand the computations into data flow graph (DFG) and propose a novel approach to estimate the error during propagation. We derive the function of energy consumption and apply a more efficient optimization strategy to balance the tradeoff between the accuracy and energy. Next, to deal with the floating point computation, we propose a runtime estimation technique by converting data into the logarithmic domain to assess the intermediate result at every node in the data flow graph. Then we evaluate the impact of each node to the overall computation quality, and decide whether we should perform an accurate computation or simply use the estimated value. To approximate the whole graph, we propose three algorithms to make the decisions at certain nodes whether these nodes can be truncated. Besides the low power and energy efficiency concern, we propose a design concept that utilizes the approximate computing to address the security concerns. We can encode the secret keys into the least significant bits of the input data, and decode the final output. In the future work, the input-output pairs will be used for device authentication, verification, and fingerprint