Securing IEEE P1687 On-chip Instrumentation Access Using PUF

As the complexity of VLSI designs grows, the amount of embedded instrumentation in system-on-a-chip designs increases at an exponential rate. Such structures serve various purposes throughout the life-cycle of VLSI circuits, e.g. in post-silicon validation and debug, production test and diagnosis, as well as during in-field test and maintenance. Reliable access mechanisms for embedded instruments are therefore key to rapid chip development and secure system maintenance. Reconfigurable scan networks defined by IEEE Std. P1687 emerge as a scalable and cost-effective access medium for on-chip instrumentation. The accessibility offered by reconfigurable scan networks contradicts security and safety requirements for embedded instrumentation. Embedded instrumentation is an integral system component that remains functional throughout the lifetime of a chip. To prevent harmful activities, such as tampering with safety-critical systems, and reduce the risk of intellectual property infringement, the access to embedded instrumentation requires protection. This thesis provides a novel, Physical Unclonable Function (PUF) based secure access method for on-chip instruments which enhances the security of IJTAG network at low hardware cost and with less routing congestion

Layered security for IEEE 1687 using a Bimodal Physically Unclonable Function

In this paper, a layered security mechanism for IEEE 1687 is proposed using a new class of physically unclonable function (PUF) called Bimodal PUF. It moves beyond the conventional single-challenge single-response PUF by introducing a second response to the PUF gained from the same single challenge. As an advantage, a double-response PUF forms two-layer security solution, one at the hardware layer by limiting the access to the embedded instrument and the second one for the data layer by securing the output data that needs to be transmitted. Experiments conducted with FPGA show that such advantages come in place at a small silicon area overhead, up to 1.4%, for a 64-bit security key. This is known to be sufficient enough to resist brute-force and machine learning attack

A Survey on Security Threats and Countermeasures in IEEE Test Standards

International audienceEditor's note: Test infrastructure has been shown to be a portal for hackers. This article reviews the threats and countermeasures for IEEE test infrastructure standards

SCAN CHAIN BASED HARDWARE SECURITY

Hardware has become a popular target for attackers to hack into any computing and communication system. Starting from the legendary power analysis attacks discovered 20 years ago to the recent Intel Spectre and Meltdown attacks, security vulnerabilities in hardware design have been exploited for malicious purposes. With the emerging Internet of Things (IoT) applications, where the IoT devices are extremely resource constrained, many proven secure but computational expensive cryptography protocols cannot be applied on such devices. Thus there is an urgent need to understand the hardware vulnerabilities and develop cost effective mitigation methods. One established field in the semiconductor and integrated circuit (IC) industry, known as IC test, has the goal of ensuring that fabricated ICs are free of manufacturing defects and perform the required functionalities. Testing is essential to isolate faulty chips from good ones. The concept of design for test (DFT) has been integrated in the commercial IC design and fabrication process for several decades. Scan chain, which provides test engineer access to all the flip flops in the chip through the scan in (SI) and scan out (SO) ports, is the backbone of industrial testing methods and can be found in almost all the modern designs. In addition to IC testing, scan chain has found applications in intellectual property (IP) protection and IC identification. However, attackers can also leverage the controllability and observability of scan chain as a side channel to break systems such as cryptographic chips. This dissertation addresses these two important security problems by proposing (1) a practical scan chain based security primitive for IP protection and (2) a partial scan chain framework that can mitigate all the existing scan based attacks. First, we observe the fact that each D-flip-flop has two output ports, Q and Q’, designed to simplify the logic and has been used to reduce the power consumption for IC test. The availability of both Q and Q’ ports provide the opportunity for IP protection. More specifically, we can generate a digital fingerprint by selecting different connection styles between adjacent scan cells during the design of scan chain. This method has two major advantages: fingerprints are created as a post-silicon procedure and therefore there will be little fabrication overhead; altering the connection style requires the modification of test vectors for each fingerprinted IP and thus enables a non-intrusive fingerprint verification method. This addresses the overhead and detectability problems, two of the most challenging problems of designing practical IP fingerprinting techniques in the past two decades. Combined with the recently developed reconfigurable scan networks (RSNs) that are popular for embedded and IoT devices, we design an IC identification (ID) scheme utilizing the different connection styles. We perform experiments on standard benchmarks to demonstrate that our approach has low design overhead. We also conduct security analysis to show that such fingerprints and IC IDs are robust against various attacks. In the second part of this dissertation, we consider the scan chain side channel attack, which has been reported as one of the most severe side channel attacks to modern secure systems. We argue that the current countermeasures are restricted to the requirement of providing direct SI and SO for testing and thus suffers the vulnerability of leaving this side channel open to the attackers as well. Therefore, we propose a novel public-private partial scan chain based approach with the basic idea of removing the flip flops that store sensitive information from the scan chain. This will eliminate the scan chain side channel, but it also limits IC test. The key contribution in our proposed public-private partial scan chain design is that it can keep the full test coverage while providing security to the scan chain. This is achieved by chaining the removed flip flops into one or more private partial scan chains and adding protections to the SI and SO ports of such chains. Unlike the traditional partial scan design which not only fails to provide full fault coverage, but also incur huge overhead in test time and test vector generation time, we propose a set of techniques to ensure that the desired test vectors can be entered into the system efficiently. These techniques include test vector reordering, test vector reusing, and test vector generation based on a novel finite state machine (FSM) structure we have invented. On the other hand, to enable the test engineers the ability to observe the test output to diagnose the chip while not leaking information to the attackers, we propose two lightweight mechanisms, one based on linear feedback shift register (LFSR) and the other one based on configurable physical unclonable function (PUF). Finally, we discuss a protocol on how in-field test can be realized using our public-private partial scan chain. We conduct experiments with industrial scan design tools to demonstrate that the required hardware in our approach has negligible area overhead and gives full test coverage with reduced test time and does not need to re-generate test vectors. In sum, this dissertation focuses on the role of scan chain, a conventional design for test facility, in hardware security. We show that scan chain features can be leveraged to create practical IP protection techniques including IP watermarking and fingerprinting as well as IC identification and authentication. We also propose a novel public-private partial scan design principle to close the scan chain side channel to the attackers. Through this dissertation work, we demonstrate that it is possible to develop highly practical scan chain based techniques that can benefit both the community of IC test and hardware security

Understanding Quantum Technologies 2022

Understanding Quantum Technologies 2022 is a creative-commons ebook that provides a unique 360 degrees overview of quantum technologies from science and technology to geopolitical and societal issues. It covers quantum physics history, quantum physics 101, gate-based quantum computing, quantum computing engineering (including quantum error corrections and quantum computing energetics), quantum computing hardware (all qubit types, including quantum annealing and quantum simulation paradigms, history, science, research, implementation and vendors), quantum enabling technologies (cryogenics, control electronics, photonics, components fabs, raw materials), quantum computing algorithms, software development tools and use cases, unconventional computing (potential alternatives to quantum and classical computing), quantum telecommunications and cryptography, quantum sensing, quantum technologies around the world, quantum technologies societal impact and even quantum fake sciences. The main audience are computer science engineers, developers and IT specialists as well as quantum scientists and students who want to acquire a global view of how quantum technologies work, and particularly quantum computing. This version is an extensive update to the 2021 edition published in October 2021.Comment: 1132 pages, 920 figures, Letter forma

Prävention, Detektion und Reaktion gegen drei Ausprägungsformen automotiver Malware : eine methodische Analyse im Spektrum von Manipulationen und Schutzkonzepten

Magdeburg, Univ., Fak. für Informatik, Diss., 2014von Tobias Hopp

Factors Influencing Customer Satisfaction towards E-shopping in Malaysia

Online shopping or e-shopping has changed the world of business and quite a few people have decided to work with these features. What their primary concerns precisely and the responses from the globalisation are the competency of incorporation while doing their businesses. E-shopping has also increased substantially in Malaysia in recent years. The rapid increase in the e-commerce industry in Malaysia has created the demand to emphasize on how to increase customer satisfaction while operating in the e-retailing environment. It is very important that customers are satisfied with the website, or else, they would not return. Therefore, a crucial fact to look into is that companies must ensure that their customers are satisfied with their purchases that are really essential from the ecommerce’s point of view. With is in mind, this study aimed at investigating customer satisfaction towards e-shopping in Malaysia. A total of 400 questionnaires were distributed among students randomly selected from various public and private universities located within Klang valley area. Total 369 questionnaires were returned, out of which 341 questionnaires were found usable for further analysis. Finally, SEM was employed to test the hypotheses. This study found that customer satisfaction towards e-shopping in Malaysia is to a great extent influenced by ease of use, trust, design of the website, online security and e-service quality. Finally, recommendations and future study direction is provided. Keywords: E-shopping, Customer satisfaction, Trust, Online security, E-service quality, Malaysia

Knowledge and Management Models for Sustainable Growth

In the last years sustainability has become a topic of global concern and a key issue in the strategic agenda of both business organizations and public authorities and organisations. Significant changes in business landscape, the emergence of new technology, including social media, the pressure of new social concerns, have called into question established conceptualizations of competitiveness, wealth creation and growth. New and unaddressed set of issues regarding how private and public organisations manage and invest their resources to create sustainable value have brought to light. In particular the increasing focus on environmental and social themes has suggested new dimensions to be taken into account in the value creation dynamics, both at organisations and communities level. For companies the need of integrating corporate social and environmental responsibility issues into strategy and daily business operations, pose profound challenges, which, in turn, involve numerous processes and complex decisions influenced by many stakeholders. Facing these challenges calls for the creation, use and exploitation of new knowledge as well as the development of proper management models, approaches and tools aimed to contribute to the development and realization of environmentally and socially sustainable business strategies and practices

Teaching/Learning Physics: Integrating Research into Practice

The GIREP-MPTL International conference on Teaching/Learning Physics: Integrating Research into Practice [GIREP-MPTL 2014] was held from 7 to 12 July 2014 at the University of Palermo, Italy. The conference has been organised by the Groupe International de Recherche sur l’Enseignement de la Physique [GIREP] and the Multimedia in Physics Teaching and Learning [MPTL] group and it has been sponsored by the International Commission on Physics Education [ICPE] – Commission 14 of the International Union for Pure and Applied Physics [IUPAP], the European Physical Society – Physics Education Division [EPS-PED], the Latin American Physics Education Network [LAPEN] and the Società Italiana di Fisica [SIF]. The theme of the conference, Teaching/Learning Physics: Integrating Research into Practice, underlines aspects of great relevance in contemporary science education. In fact, during the last few years, evidence based Physics Education Research provided results concerning the ways and strategies to improve student conceptual understanding, interest in Physics, epistemological awareness and insights for the construction of a scientific citizenship. However, Physics teaching practice seems resistant to adopting adapting these findings to their own situation and new research based curricula find difficulty in affirming and spread, both at school and university levels. The conference offered an opportunity for in-depth discussions of this apparently wide-spread tension in order to find ways to do better. The purpose of the GIREP-MPTL 2014 was to bring together people working in physics education research and in physics education at schools from all over the world to allow them to share research results and exchange their experience. About 300 teachers, educators, and researchers, from all continents and 45 countries have attended the Conference contributing with 177 oral presentations, 15 workshops, 11 symposia, and around 60 poster presentations, together with 11 keynote addresses (general talks). After the conference, 147 papers have been submitted for the GIREP-MPTL 2014 International Conference proceedings. Each paper has been reviewed by at least two reviewers, from countries that are different to those of the authors and on the basis of criteria described on the Conference web site. Papers were subsequently revised by authors according to reviewers’ comments and the accepted papers are reported in this book, divided in 8 Sections on the basis of the keywords suggested by authors. The other book section (actually, the first one) contains the papers that six of the keynote talkers sent for publication in this Proceedings Book. We would like to thank all the authors that contributed with their papers to the realization of this book and all the referees that with their criticism helped authors to improve the quality of the papers