Thwarting Fault Attacks using the Internal Redundancy Countermeasure (IRC)

A growing number of connected objects, with their high performance and low-resources constraints, are embedding lightweight ciphers for protecting the confidentiality of the data they manipulate or store. Since those objects are easily accessible, they are prone to a whole range of physical attacks, one of which are fault attacks against for which countermeasures are usually expensive to implement, especially on off-the-shelf devices. For such devices, we propose a new generic software countermeasure, called the Internal Redundancy Countermeasure (IRC), to thwart most fault attacks while preserving the performances of the targeted cipher. We report practical experiments showing that IRC successfully thwarts fault attacks on the block cipher PRIDE and on the stream cipher TRIVIUM for which we protect both the initialization and the keystream generation

Secure architectures for pairing based public key cryptography

Along with the growing demand for cryptosystems in systems ranging from large servers to mobile devices, suitable cryptogrophic protocols for use under certain constraints are becoming more and more important. Constraints such as calculation time, area, efficiency and security, must be considered by the designer. Elliptic curves, since their introduction to public key cryptography in 1985 have challenged established public key and signature generation schemes such as RSA, offering more security per bit. Amongst Elliptic curve based systems, pairing based cryptographies are thoroughly researched and can be used in many public key protocols such as identity based schemes. For hardware implementions of pairing based protocols, all components which calculate operations over Elliptic curves can be considered. Designers of the pairing algorithms must choose calculation blocks and arrange the basic operations carefully so that the implementation can meet the constraints of time and hardware resource area. This thesis deals with different hardware architectures to accelerate the pairing based cryptosystems in the field of characteristic two. Using different top-level architectures the hardware efficiency of operations that run at different times is first considered in this thesis. Security is another important aspect of pairing based cryptography to be considered in practically Side Channel Analysis (SCA) attacks. The naively implemented hardware accelerators for pairing based cryptographies can be vulnerable when taking the physical analysis attacks into consideration. This thesis considered the weaknesses in pairing based public key cryptography and addresses the particular calculations in the systems that are insecure. In this case, countermeasures should be applied to protect the weak link of the implementation to improve and perfect the pairing based algorithms. Some important rules that the designers must obey to improve the security of the cryptosystems are proposed. According to these rules, three countermeasures that protect the pairing based cryptosystems against SCA attacks are applied. The implementations of the countermeasures are presented and their performances are investigated

Trust and integrity in distributed systems

In the last decades, we have witnessed an exploding growth of the Internet. The massive adoption of distributed systems on the Internet allows users to offload their computing intensive work to remote servers, e.g. cloud. In this context, distributed systems are pervasively used in a number of difference scenarios, such as web-based services that receive and process data, cloud nodes where company data and processes are executed, and softwarised networks that process packets. In these systems, all the computing entities need to trust each other and co-operate in order to work properly. While the communication channels can be well protected by protocols like TLS or IPsec, the problem lies in the expected behaviour of the remote computing platforms, because they are not under the direct control of end users and do not offer any guarantee that they will behave as agreed. For example, the remote party may use non-legitimate services for its own convenience (e.g. illegally storing received data and routed packets), or the remote system may misbehave due to an attack (e.g. changing deployed services). This is especially important because most of these computing entities need to expose interfaces towards the Internet, which makes them easier to be attacked. Hence, software-based security solutions alone are insufficient to deal with the current scenario of distributed systems. They must be coupled with stronger means such as hardware-assisted protection. In order to allow the nodes in distributed system to trust each other, their integrity must be presented and assessed to predict their behaviour. The remote attestation technique of trusted computing was proposed to specifically deal with the integrity issue of remote entities, e.g. whether the platform is compromised with bootkit attacks or cracked kernel and services. This technique relies on a hardware chip called Trusted Platform Module (TPM), which is available in most business class laptops, desktops and servers. The TPM plays as the hardware root of trust, which provides a special set of capabilities that allows a physical platform to present its integrity state. With a TPM equipped in the motherboard, the remote attestation is the procedure that a physical node provides hardware-based proof of the software components loaded in this platform, which can be evaluated by other entities to conclude its integrity state. Thanks to the hardware TPM, the remote attestation procedure is resistant to software attacks. However, even though the availability of this chip is high, its actual usage is low. The major reason is that trusted computing has very little flexibility, since its goal is to provide strong integrity guarantees. For instance, remote attestation result is positive if and only if the software components loaded in the platform are expected and loaded in a specific order, which limits its applicability in real-world scenarios. For such reasons, this technique is especially hard to be applied on software services running in application layer, that are loaded in random order and constantly updated. Because of this, current remote attestation techniques provide incomplete solution. They only focus on the boot phase of physical platforms but not on the services, not to mention the services running in virtual instances. This work first proposes a new remote attestation framework with the capability of presenting and evaluating the integrity state not only of the boot phase of physical platforms but also of software services at load time, e.g. whether the software is legitimate or not. The framework allows users to know and understand the integrity state of the whole life cycle of the services they are interacting with, thus the users can make informed decision whether to send their data or trust the received results. Second, based on the remote attestation framework this thesis proposes a method to bind the identity of secure channel endpoint to a specific physical platform and its integrity state. Secure channels are extensively adopted in distributed systems to protect data transmitted from one platform to another. However, they do not convey any information about the integrity state of the platform or the service that generates and receives this data, which leaves ample space for various attacks. With the binding of the secure channel endpoint and the hardware TPM, users are protected from relay attacks (with hardware-based identity) and malicious or cracked platform and software (with remote attestation). Third, with the help of the remote attestation framework, this thesis introduces a new method to include the integrity state of software services running in virtual containers in the evidence generated by the hardware TPM. This solution is especially important for softwarised network environments. Softwarised network was proposed to provide dynamic and flexible network deployment which is an ever complex task nowadays. Its main idea is to switch hardware appliances to softwarised network functions running inside virtual instances, that are full-fledged computational systems and accessible from the Internet, thus their integrity is at stake. Unfortunately, currently remote attestation work is not able to provide hardware-based integrity evidence for software services running inside virtual instances, because the direct link between the internal of virtual instances and hardware root of trust is missing. With the solution proposed in this thesis, the integrity state of the softwarised network functions running in virtual containers can be presented and evaluated with hardware-based evidence, implying the integrity of the whole softwarised network. The proposed remote attestation framework, trusted channel and trusted softwarised network are implemented in separate working prototypes. Their performance was evaluated and proved to be excellent, allowing them to be applied in real-world scenarios. Moreover, the implementation also exposes various APIs to simplify future integration with different management platforms, such as OpenStack and OpenMANO

Cryptographic key management for the vehicles of tomorrow

The automotive industry is undergoing a major transformation process in which nearly every part of the vehicle is becoming digital and connected. Modern vehicles are often connected to the internet, feature several wireless interfaces and will soon communicate directly with surrounding vehicles and roadside infrastructure using V2X technology. However, this transformation has not yet been paralleled by the development of techniques or standards which address the cyber security challenges posed by these systems. The automotive industry has historically failed to use secure cryptography or appropriate key management techniques and there is no sign that things have improved. In this thesis, we present several new cryptographic and key management flaws in an existing automotive immobiliser system and we develop two new V2X architectures for improving the safety and privacy of tomorrow’s connected and autonomous vehicles. Specifically, we study the AUT64 automotive block cipher and its associated authentication protocol in a real-world immobiliser system. Despite having a 120~bit key, we find a number of flaws in the system which we combine to present several practical key-recovery attacks. Our first new V2X architecture, IFAL, provides a practical and secure improvement to the leading European standard for V2X. IFAL introduces a new certificate issuance mechanism that eliminates the trade-off between pseudonym duration and bandwidth. Our second architecture, VDAA, addresses the need for efficient techniques that preserve vehicle privacy despite dishonest or colluding certificate authorities

Resistance of the Point Randomisation Countermeasure for Pairings Against Side-Channel Attack

International audienc

Flexible Automation and Intelligent Manufacturing: The Human-Data-Technology Nexus

This is an open access book. It gathers the first volume of the proceedings of the 31st edition of the International Conference on Flexible Automation and Intelligent Manufacturing, FAIM 2022, held on June 19 – 23, 2022, in Detroit, Michigan, USA. Covering four thematic areas including Manufacturing Processes, Machine Tools, Manufacturing Systems, and Enabling Technologies, it reports on advanced manufacturing processes, and innovative materials for 3D printing, applications of machine learning, artificial intelligence and mixed reality in various production sectors, as well as important issues in human-robot collaboration, including methods for improving safety. Contributions also cover strategies to improve quality control, supply chain management and training in the manufacturing industry, and methods supporting circular supply chain and sustainable manufacturing. All in all, this book provides academicians, engineers and professionals with extensive information on both scientific and industrial advances in the converging fields of manufacturing, production, and automation

Flexible Automation and Intelligent Manufacturing: The Human-Data-Technology Nexus

This is an open access book. It gathers the first volume of the proceedings of the 31st edition of the International Conference on Flexible Automation and Intelligent Manufacturing, FAIM 2022, held on June 19 – 23, 2022, in Detroit, Michigan, USA. Covering four thematic areas including Manufacturing Processes, Machine Tools, Manufacturing Systems, and Enabling Technologies, it reports on advanced manufacturing processes, and innovative materials for 3D printing, applications of machine learning, artificial intelligence and mixed reality in various production sectors, as well as important issues in human-robot collaboration, including methods for improving safety. Contributions also cover strategies to improve quality control, supply chain management and training in the manufacturing industry, and methods supporting circular supply chain and sustainable manufacturing. All in all, this book provides academicians, engineers and professionals with extensive information on both scientific and industrial advances in the converging fields of manufacturing, production, and automation

Design by Play:Playfulness and Object-Oriented Philosophy for the design of IoT

The Internet of Things (IoT) has garnered heightened interest and momentum in recent years. These connected devices have extended the concurrent rise of data collection and processing within the everyday objects that cohabit our human lives. Though technology has always changed the way we live our lives these ‘smart’ devices are adding new challenges—particularly concerning privacy and security—not previously experienced when using their older ‘dumb’ predecessors. These challenges are not always apparent to their human cohabitors and often only come to the fore when something untoward happens as a consequence of the data being collected. These objects are not to blame, they exist in their worlds governed by their own rules established by their creators rather than their users. Designers have traditionally been taught to present these objects as neutral participants in our human lives; there to help, but not supersede. However, these objects exist within many independent and interdependent assemblages of human and non-human actants that go beyond the previously experienced human-object relationship. Through this discourse, I highlight the overall aim of this thesis to ask questions around our traditional practices of design concerning IoT. In particular, this research strives to do many things: it attempts to intertwine philosophical debate with the act of design; it moves towards an argument of rethinking design orthodoxies around human-centeredness in favour of object-oriented-ness; it explores an alternative side to the phenomenon of the IoT, arguing for agency in a post-anthropocentric perspective of the world and its implications; it tries to bridge the gap between practice-based design research and theory by passing through a veil of philosophical intrigue. But at its core, is an advocacy for the presence of a playful attitude within the practice of design, arguing for an attitude of playfulness as an integral part of the design process. How being playfully charged to create artefacts can usher in unique perspectives for design and technology. The research is enacted through an iterative Research through Design ideology, using a transdisciplinary approach of Ludic and Speculative Design practice that explore alternative perspectives towards the design of IoT. It is conducted through an exploration of Object-Oriented Philosophy as a means to enact a metaphorical ‘carpentry’ of artefacts that practice philosophical arguments through their execution. In the process of designing three artefacts—a model for a philosophical view of IoT, a board game, and a bespoke deck of tarot cards—this research builds upon the idea of More-than Human-Centeredness for the design of IoT, by introducing the creation of bespoken method assemblages as a means for playful design exploration. It concludes on a debate around the implications and potential of design thinking in a post-anthropocentric perspective through the inclusion of playfulness and philosophy as assets for design, and, the use of philosophical carpentry as a methodology for understanding the nebulous nature of IoT