Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey

The advancement of manufacturing technologies has enabled the integration of more intellectual property (IP) cores on the same system-on-chip (SoC). Scalable and high throughput on-chip communication architecture has become a vital component in today's SoCs. Diverse technologies such as electrical, wireless, optical, and hybrid are available for on-chip communication with different architectures supporting them. Security of the on-chip communication is crucial because exploiting any vulnerability would be a goldmine for an attacker. In this survey, we provide a comprehensive review of threat models, attacks, and countermeasures over diverse on-chip communication technologies as well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table

ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys

Sensor networks have many applications in monitoring and controlling of environmental properties such as sound, acceleration, vibration and temperature. Due to limited resources in computation capability, memory and energy, they are vulnerable to many kinds of attacks. The ZigBee specification based on the 802.15.4 standard, defines a set of layers specifically suited to sensor networks. These layers support secure messaging using symmetric cryptographic. This paper presents two different ways for grabbing the cryptographic key in ZigBee: remote attack and physical attack. It also surveys and categorizes some additional attacks which can be performed on ZigBee networks: eavesdropping, spoofing, replay and DoS attacks at different layers. From this analysis, it is shown that some vulnerabilities still in the existing security schema in ZigBee technology.Les xarxes de sensors tenen moltes aplicacions en el control i la monitorització de les propietats del medi ambient, com ara el so, l¿acceleració, la vibració i la temperatura. A causa dels limitats recursos en la capacitat de càlcul, la memòria i l'energia són vulnerables a molts tipus d'atacs. L'especificació ZigBee basada en l'estàndard 802.15.4, defineix un conjunt de capes, adaptada específicament per a xarxes de sensors. Aquestes capes suporten missatgeria segura mitjançant criptografia simètrica. Aquest article presenta dues formes diferents per agafar la clau de xifrat en ZigBee: atac a distància i atacs físics. També les enquesta i classifica alguns atacs addicionals que es poden realitzar en les xarxes ZigBee: espionatge, falsificació, reproducció i atacs DoS en les diferents capes. A partir d'aquesta anàlisi, es demostren algunes vulnerabilitats existents en l'esquema de seguretat en tecnologia ZigBee.Las redes de sensores tienen muchas aplicaciones en el control y la monitorización de las propiedades del medio ambiente, como el sonido, la aceleración, la vibración y la temperatura. Debido a los limitados recursos en la capacidad de cálculo, la memoria y la energía son vulnerables a muchos tipos de ataques. La especificación ZigBee basada en el estándar 802.15.4, define un conjunto de capas, adaptada específicamente para redes de sensores. Estas capas soportan mensajería segura mediante criptografía simétrica. Este artículo presenta dos formas diferentes para coger la clave de cifrado en ZigBee: ataque a distancia y ataques físicos. También las encuesta y clasifica algunos ataques adicionales que se pueden realizar en las redes ZigBee: espionaje, falsificación, reproducción y ataques DoS en las diferentes capas. A partir de este análisis, se demuestran algunas vulnerabilidades existentes en el esquema de seguridad en tecnología ZigBee

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations

With the expansion of wireless sensor networks (WSNs), the need for securing the data flow through these networks is increasing. These sensor networks allow for easy-to-apply and flexible installations which have enabled them to be used for numerous applications. Due to these properties, they face distinct information security threats. Security of the data flowing through across networks provides the researchers with an interesting and intriguing potential for research. Design of these networks to ensure the protection of data faces the constraints of limited power and processing resources. We provide the basics of wireless sensor network security to help the researchers and engineers in better understanding of this applications field. In this chapter, we will provide the basics of information security with special emphasis on WSNs. The chapter will also give an overview of the information security requirements in these networks. Threats to the security of data in WSNs and some of their counter measures are also presented

A Taxonomy of Security Threats and Solutions for RFID Systems

RFID (Radio Frequency Identification) is a method of wireless data collection technology that uses RFID tags or transponders to electronically store and retrieve data. RFID tags are quickly replacing barcodes as the “identification system of choice” [1]. Since RFID devices are electronic devices, they can be hacked into by an outsider, and their data can be accessed or modified without the user knowing. New threats to RFID-enabled systems are always on the horizon. A systematic classification should be used to categorize these threats to help reduce confusion. This paper will look at the problem of security threats towards RFID systems, and provide a taxonomy for these threats

Wireless security for secure facilities

This thesis presents methods for securing a facility that has wireless connectivity. The goal of this research is to develop a solution to securing a facility that utilizes wireless communications. The research will introduce methods to track and locate the position of attackers. This research also introduces the idea of using a Honeynet system for added security. This research uses what is called Defense-In-Depth. Defense-in-depth is when multiple layers of security are used. The first of the layers is the Zone of Interference. This Zone is an area where jammer transmitters and directive antennas are set up to take advantage of the near-far-effect. The idea is to use the near-far-effect to give a stronger signal on the perimeter of the secure area, to mask any signals escaping from the secure area. This Zone uses directive Yagi antenna arrays to direct the radiation. There are multiple jamming methods that are utilized within this Zone. The next layer of security is the Honeynet Zone. The idea is to make an attacker believe that they are seeing real network traffic. This is done at the Honeynet Zone once a device has been determined to be unfriendly. Decoy mobile devices are first placed within the Honeynet Zone. Spoofed traffic is then created between the Honeynet base stations and the decoy mobile devices zone; using adaptive antennas incorporated within the design to face the signals away from the inside secure area. The third defense is position location and tracking. The idea is to have constant tracking of all devices in the area. There are several methods available to locate and track a device that is giving off an RF signal. This thesis looks at combining all these methods into an integrated, and more robust, facility security system

A security framework for networked RFID

In the last decade RFID technology has become a major contender for managing large scale logistics operations and generating and distributing the massive amount of data involved in such operations. One of the main obstacles to the widespread deployment and adoption of RFID systems is the security issues inherent in them. This is compounded by a noticeable lack of literature on how to identify the vulnerabilities of a RFID system and then effectively identify and develop counter measures to combat the threats posed by those vulnerabilities. In this chapter, the authors develop a conceptual framework for analysing the threats, attacks, and security requirements pertaining to networked RFID systems. The vulnerabilities of, and the threats to, the system are identified using the threat model. The security framework itself consists of two main concepts: (1) the attack model, which identifies and classifies the possible attacks, and (2) the system model, which identifies the security requirements. The framework gives readers a method with which to analyse the threats any given system faces. Those threats can then be used to identify the attacks possible on that system and get a better understanding of those attacks. It also allows the reader to easily identify all the security requirements of that system and identify how those requirements can be met

Security and Privacy for IoT Ecosystems

Smart devices have become an integral part of our everyday life. In contrast to smartphones and laptops, Internet of Things (IoT) devices are typically managed by the vendor. They allow little or no user-driven customization. Users need to use and trust IoT devices as they are, including the ecosystems involved in the processing and sharing of personal data. Ensuring that an IoT device does not leak private data is imperative. This thesis analyzes security practices in popular IoT ecosystems across several price segments. Our results show a gap between real-world implementations and state-of-the-art security measures. The process of responsible disclosure with the vendors revealed further practical challenges. Do they want to support backward compatibility with the same app and infrastructure over multiple IoT device generations? To which extent can they trust their supply chains in rolling out keys? Mature vendors have a budget for security and are aware of its demands. Despite this goodwill, developers sometimes fail at securing the concrete implementations in those complex ecosystems. Our analysis of real-world products reveals the actual efforts made by vendors to secure their products. Our responsible disclosure processes and publications of design recommendations not only increase security in existing products but also help connected ecosystem manufacturers to develop secure products. Moreover, we enable users to take control of their connected devices with firmware binary patching. If a vendor decides to no longer offer cloud services, bootstrapping a vendor-independent ecosystem is the only way to revive bricked devices. Binary patching is not only useful in the IoT context but also opens up these devices as research platforms. We are the first to publish tools for Bluetooth firmware and lower-layer analysis and uncover a security issue in Broadcom chips affecting hundreds of millions of devices manufactured by Apple, Samsung, Google, and more. Although we informed Broadcom and customers of their technologies of the weaknesses identified, some of these devices no longer receive official updates. For these, our binary patching framework is capable of building vendor-independent patches and retrofit security. Connected device vendors depend on standards; they rarely implement lower-layer communication schemes from scratch. Standards enable communication between devices of different vendors, which is crucial in many IoT setups. Secure standards help making products secure by design and, thus, need to be analyzed as early as possible. One possibility to integrate security into a lower-layer standard is Physical-Layer Security (PLS). PLS establishes security on the Physical Layer (PHY) of wireless transmissions. With new wireless technologies emerging, physical properties change. We analyze how suitable PLS techniques are in the domain of mmWave and Visible Light Communication (VLC). Despite VLC being commonly believed to be very secure due to its limited range, we show that using VLC instead for PLS is less secure than using it with Radio Frequency (RF) communication. The work in this thesis is applied to mature products as well as upcoming standards. We consider security for the whole product life cycle to make connected devices and IoT ecosystems more secure in the long term