Trojans in Early Design Steps—An Emerging Threat

Hardware Trojans inserted by malicious foundries during integrated circuit manufacturing have received substantial attention in recent years. In this paper, we focus on a different type of hardware Trojan threats: attacks in the early steps of design process. We show that third-party intellectual property cores and CAD tools constitute realistic attack surfaces and that even system specification can be targeted by adversaries. We discuss the devastating damage potential of such attacks, the applicable countermeasures against them and their deficiencies

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Cloud Computing based on RFID Internet of Things

The Internet of things is through the radio frequency identification (RFID), infrared sensors, GPS, laser scanners and other information sensing device, as agreed in the agreement, any items and Internet connection, the exchange of information and communication, to realize intelligent identification, location, with a network tracking, monitoring and management. The core of cloud computing is the high-speed information processing and transmission, its core idea is that large amounts of computing resources connected by a network of unified management and scheduling, constitute a computing resource pool to users on demand service. The three components of RFID system include the reader, antenna and the tag. The paper put forward the novel analysis model of Cloud computing based on RFID Internet of things

Survey on Security Issues and Protective Measures in Different Layers of Internet of Things (IoT)

In general perspective, Internet of things is defined as a network of physical objects by connecting” things to things” through the sensors, actuators and processors, to communicate and exchange data and information among each other along with other related devices and systems spread over different locations, without human-to-human or human-to-computer interactions. This survey summarises all the security threats along with privacy issues that may be confronted by the end users in Internet of Things (IoT). The majority of survey is to gather information about the current security requirements for IoT, the further scope and the challenges in IoT and the measures to prevent attacks upon the IoT systems

Improved Test Pattern Generation for Hardware Trojan Detection using Genetic Algorithm and Boolean Satisfiability

Test generation for \emph{Hardware Trojan Horses} (HTH) detection is extremely challenging, as Trojans are designed to be triggered by very rare logic conditions at internal nodes of the circuit. In this paper, we propose a \textit{Genetic Algorithm} (GA) based Automatic Test Pattern Generation (ATPG) technique, enhanced by automated solution to an associated \textit{Boolean Satisfiability} problem. The main insight is that given a specific internal trigger condition, it is not possible to attack an arbitrary node (payload) of the circuit, as the effect of the induced logic malfunction by the HTH might not get propagated to the output. Based on this observation, a fault simulation based framework has been proposed, which enumerates the feasible payload nodes for a specific triggering condition. Subsequently, a compact set of test vectors is selected based on their ability to detect the logic malfunction at the feasible payload nodes, thus increasing their effectiveness. Test vectors generated by the proposed scheme were found to achieve higher detection coverage over large population of HTH in ISCAS benchmark circuits, compared to a previously proposed logic testing based Trojan detection technique

Standards and practices necessary to implement a successful security review program for intrusion management systems

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2002Includes bibliographical references (leaves: 84-85)Text in English; Abstract: Turkish and Englishviii, 91 leavesIntrusion Management Systems are being used to prevent the information systems from successful intrusions and their consequences. They also have detection features. They try to detect intrusions, which have passed the implemented measures. Also the recovery of the system after a successful intrusion is made by the Intrusion Management Systems. The investigation of the intrusion is made by Intrusion Management Systems also. These functions can be existent in an intrusion management system model, which has a four layers architecture. The layers of the model are avoidance, assurance, detection and recovery. At the avoidance layer necessary policies, standards and practices are implemented to prevent the information system from successful intrusions. At the avoidance layer, the effectiveness of implemented measures are measured by some test and reviews. At the detection layer the identification of an intrusion or intrusion attempt is made in the real time. The recovery layer is responsible from restoring the information system after a successful intrusion. It has also functions to investigate the intrusion. Intrusion Management Systems are used to protect information and computer assets from intrusions. An organization aiming to protect its assets must use such a system. After the implementation of the system, continuous reviews must be conducted in order to ensure the effectiveness of the measures taken. Such a review can achieve its goal by using principles and standards. In this thesis, the principles necessary to implement a successful review program for Intrusion Management Systems have been developed in the guidance of Generally Accepted System Security Principles (GASSP). These example principles are developed for tools of each Intrusion Management System layer. These tools are firewalls for avoidance layer, vulnerability scanners for assurance layer, intrusion detection systems for detection layer and integrity checkers for recovery layer of Intrusion Management Systems