Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey

The advancement of manufacturing technologies has enabled the integration of more intellectual property (IP) cores on the same system-on-chip (SoC). Scalable and high throughput on-chip communication architecture has become a vital component in today's SoCs. Diverse technologies such as electrical, wireless, optical, and hybrid are available for on-chip communication with different architectures supporting them. Security of the on-chip communication is crucial because exploiting any vulnerability would be a goldmine for an attacker. In this survey, we provide a comprehensive review of threat models, attacks, and countermeasures over diverse on-chip communication technologies as well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table

Information Leakage Attacks and Countermeasures

The scientific community has been consistently working on the pervasive problem of information leakage, uncovering numerous attack vectors, and proposing various countermeasures. Despite these efforts, leakage incidents remain prevalent, as the complexity of systems and protocols increases, and sophisticated modeling methods become more accessible to adversaries. This work studies how information leakages manifest in and impact interconnected systems and their users. We first focus on online communications and investigate leakages in the Transport Layer Security protocol (TLS). Using modern machine learning models, we show that an eavesdropping adversary can efficiently exploit meta-information (e.g., packet size) not protected by the TLS’ encryption to launch fingerprinting attacks at an unprecedented scale even under non-optimal conditions. We then turn our attention to ultrasonic communications, and discuss their security shortcomings and how adversaries could exploit them to compromise anonymity network users (even though they aim to offer a greater level of privacy compared to TLS). Following up on these, we delve into physical layer leakages that concern a wide array of (networked) systems such as servers, embedded nodes, Tor relays, and hardware cryptocurrency wallets. We revisit location-based side-channel attacks and develop an exploitation neural network. Our model demonstrates the capabilities of a modern adversary but also presents an inexpensive tool to be used by auditors for detecting such leakages early on during the development cycle. Subsequently, we investigate techniques that further minimize the impact of leakages found in production components. Our proposed system design distributes both the custody of secrets and the cryptographic operation execution across several components, thus making the exploitation of leaks difficult

Micro-architectural Threats to Modern Computing Systems

With the abundance of cheap computing power and high-speed internet, cloud and mobile computing replaced traditional computers. As computing models evolved, newer CPUs were fitted with additional cores and larger caches to accommodate run multiple processes concurrently. In direct relation to these changes, shared hardware resources emerged and became a source of side-channel leakage. Although side-channel attacks have been known for a long time, these changes made them practical on shared hardware systems. In addition to side-channels, concurrent execution also opened the door to practical quality of service attacks (QoS). The goal of this dissertation is to identify side-channel leakages and architectural bottlenecks on modern computing systems and introduce exploits. To that end, we introduce side-channel attacks on cloud systems to recover sensitive information such as code execution, software identity as well as cryptographic secrets. Moreover, we introduce a hard to detect QoS attack that can cause over 90+\% slowdown. We demonstrate our attack by designing an Android app that causes degradation via memory bus locking. While practical and quite powerful, mounting side-channel attacks is akin to listening on a private conversation in a crowded train station. Significant manual labor is required to de-noise and synchronizes the leakage trace and extract features. With this motivation, we apply machine learning (ML) to automate and scale the data analysis. We show that classical machine learning methods, as well as more complicated convolutional neural networks (CNN), can be trained to extract useful information from side-channel leakage trace. Finally, we propose the DeepCloak framework as a countermeasure against side-channel attacks. We argue that by exploiting adversarial learning (AL), an inherent weakness of ML, as a defensive tool against side-channel attacks, we can cloak side-channel trace of a process. With DeepCloak, we show that it is possible to trick highly accurate (99+\% accuracy) CNN classifiers. Moreover, we investigate defenses against AL to determine if an attacker can protect itself from DeepCloak by applying adversarial re-training and defensive distillation. We show that even in the presence of an intelligent adversary that employs such techniques, DeepCloak still succeeds

On the Periphery of the Russo-Japanese War - Part I

Chapman: Major defects in British naval intelligence were the absence of an effective central department, an inferior network of naval attachés in major capitals prior to 1902 and the lack of secure direct cable communications with Northeast Asia. The performance of the Naval Intelligence Department was changed for the better by the efforts of Lord Selborne as First Lord of the Admiralty (1900-5). Selborne's promotion of Britain's alliance with Japan was conditional on a close working relationship with the administration of Theodore Roosevelt.Nish: There was considerable uncertainty and indecision about whether China would take part in the Russo-Japanese war. Finally under considerable outside pressure she declared strict neutrality. Since the civil administration in her Three Eastern Provinces (Manchuria) was in Chinese hands, she inevitably had a role in the war; and her people suffered much.The Portsmouth treaties that ended the war could only be implemented with China's agreement. Foreign Minister Komura had to conclude new treaties with China at the Peking Conference on 22 December 1905.Japan, China, Russia, Manchuria, Britain, Admiralty, Fisher, Selborne, Balfour, Uchida, Komura, Yuna Shikai, Great Northern Telegraphs, Naval Intelligence, Portsmouth Conference, Peking Conference.

SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

Salattujen komento- ja ohjauskanavien havaitseminen verkkosormenjälkien avulla

The threat landscape of the Internet has evolved drastically into an environment where malware are increasingly developed by financially motivated cybercriminal groups who mirror legitimate businesses in their structure and processes. These groups develop sophisticated malware with the aim of transforming persistent control over large numbers of infected machines into profit. Recent developments have shown that malware authors seek to hide their Command and Control channels by implementing custom application layer protocols and using custom encryption algorithms. This technique effectively thwarts conventional pattern-based detection mechanisms. This thesis presents network fingerprints, a novel way of performing network-based detection of encrypted Command and Control channels. The goal of the work was to produce a proof of concept system that is able to generate accurate and reliable network signatures for this purpose. The thesis presents and explains the individual phases of an analysis pipeline that was built to process and analyze malware network traffic and to produce network fingerprint signatures. The analysis system was used to generate network fingerprints that were deployed to an intrusion detection system in real-world networks for a test period of 17 days. The experimental phase produced 71 true positive detections and 9 false positive detections, and therefore proved that the established technique is capable of performing detection of targeted encrypted Command and Control channels. Furthermore, the effects on the performance of the underlying intrusion detection system were measured. These results showed that network fingerprints induce an increase of 2-9% to the packet loss and a small increase to the overall computational load of the intrusion detection system.Internetin uhkaympäristön radikaalin kehittymisen myötä edistyksellisiä haittaohjelmia kehittävät kyberrikollisryhmät ovat muuttuneet järjestäytyneiksi ja taloudellista voittoa tavoitteleviksi organisaatioiksi. Nämä rakenteiltaan ja prosesseiltaan laillisia yrityksiä muistuttavat organisaatiot pyrkivät saastuttamaan suuria määriä tietokoneita ja saavuttamaan yhtämittaisen hallintakyvyn. Tutkimukset ovat osoittaneet, että tuntemattomien salausmenetelmien ja uusien sovellustason protokollien käyttö haittaohjelmien komento- ja hallintakanavien piilottamiseksi tietoverkoissa ovat kasvussa. Tämän kaltaiset tekniikat vaikeuttavat oleellisesti perinteisiä toistuviin kuvioihin perustuvia havaitsemismenetelmiä. Tämä työ esittelee salattujen komento- ja hallintakanavien havaitsemiseen suunnitellun uuden konseptin, verkkosormenjäljet. Työn tavoitteena oli toteuttaa prototyyppijärjestelmä, joka analysoi ja prosessoi haittaohjelmaliikennettä, sekä kykenee tuottamaan tarkkoja ja tehokkaita haittaohjelmakohtaisia verkkosormenjälkitunnisteita. Työ selittää verkkosormenjälkien teorian ja käy yksityiskohtaisesti läpi kehitetyn järjestelmän eri osiot ja vaiheet. Järjestelmästä tuotetut verkkosormenjäljet asennettiin 17 päiväksi oikeisiin tietoverkkoihin osaksi tunkeilijan havaitsemisjärjestelmää. Testijakso tuotti yhteensä 71 oikeaa haittaohjelmahavaintoa sekä 9 väärää havaintoa. Menetelmän käyttöönoton vaikutukset tunkeilijan havaitsemisjärjestelmän suorituskykyyn olivat 2 – 9 % kasvu pakettihäviössä ja pieni nousu laskennallisessa kokonaiskuormituksessa. Tulokset osoittavat, että kehitetty järjestelmä kykenee onnistuneesti analysoimaan haittaohjelmaliikennettä sekä tuottamaan salattuja komento- ja hallintakanavia havaitsevia verkkosormenjälkiä

Evidence synthesis on the occurrence, causes, consequences, prevention and management of bullying and harassment behaviours to inform decision making in the NHS

Background Workplace bullying is a persistent problem in the NHS with negative implications for individuals, teams, and organisations. Bullying is a complex phenomenon and there is a lack of evidence on the best approaches to manage the problem. Aims Research questions What is known about the occurrence, causes, consequences and management of bullying and inappropriate behaviour in the workplace? Objectives Summarise the reported prevalence of workplace bullying and inappropriate behaviour. Summarise the empirical evidence on the causes and consequences of workplace bullying and inappropriate behaviour. Describe any theoretical explanations of the causes and consequences of workplace bullying and inappropriate behaviour. Synthesise evidence on the preventative and management interventions that address workplace bullying interventions and inappropriate behaviour. Methods To fulfil a realist synthesis approach the study was designed across four interrelated component parts: Part 1: A narrative review of the prevalence, causes and consequences of workplace bullying Part 2: A systematic literature search and realist review of workplace bullying interventions Part 3: Consultation with international bullying experts and practitioners Part 4: Identification of case studies and examples of good practic

Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications

Smartphones come with a variety of sensors and communication interfaces, which make them perfect candidates for mobile communication testbeds. Nevertheless, proprietary firmwares hinder us from accessing the full capabilities of the underlying hardware platform which impedes innovation. Focusing on FullMAC Wi-Fi chips, we present Nexmon, a C-based firmware modification framework. It gives access to raw Wi-Fi frames and advanced capabilities that we found by reverse engineering chips and their firmware. As firmware modifications pose security risks, we discuss how to secure firmware handling without impeding experimentation on Wi-Fi chips. To present and evaluate our findings in the field, we developed the following applications. We start by presenting a ping-offloading application that handles ping requests in the firmware instead of the operating system. It significantly reduces energy consumption and processing delays. Then, we present a software-defined wireless networking application that enhances scalable video streaming by setting flow-based requirements on physical-layer parameters. As security application, we present a reactive Wi-Fi jammer that analyses incoming frames during reception and transmits arbitrary jamming waveforms by operating Wi-Fi chips as software-defined radios (SDRs). We further introduce an acknowledging jammer to ensure the flow of non-targeted frames and an adaptive power-control jammer to adjust transmission powers based on measured jamming successes. Additionally, we discovered how to extract channel state information (CSI) on a per-frame basis. Using both SDR and CSI-extraction capabilities, we present a physical-layer covert channel. It hides covert symbols in phase changes of selected OFDM subcarriers. Those manipulations can be extracted from CSI measurements at a receiver. To ease the analysis of firmware binaries, we created a debugging application that supports single stepping and runs as firmware patch on the Wi-Fi chip. We published the source code of our framework and our applications to ensure reproducibility of our results and to enable other researchers to extend our work. Our framework and the applications emphasize the need for freely modifiable firmware and detailed hardware documentation to create novel and exciting applications on commercial off-the-shelf devices