131 research outputs found
Silencing hardware backdoors.
Abstract-Hardware components can contain hidden backdoors, which can be enabled with catastrophic effects or for ill-gotten profit. These backdoors can be inserted by a malicious insider on the design team or a third-party IP provider. In this paper, we propose techniques that allow us to build trustworthy hardware systems from components designed by untrusted designers or procured from untrusted third-party IP providers. We present the first solution for disabling digital, designlevel hardware backdoors. The principle is that rather than try to discover the malicious logic in the design -an extremely hard problem -we make the backdoor design problem itself intractable to the attacker. The key idea is to scramble inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions. We show that the proposed techniques cover the attack space of deterministic, digital HDL backdoors, provide probabilistic security guarantees, and can be applied to a wide variety of hardware components. Our evaluation with the SPEC 2006 benchmarks shows negligible performance loss (less than 1% on average) and that our techniques can be integrated into contemporary microprocessor designs
Using Blockchain for Digital Card Game
In recent years, the popularity of both online card games and blockchain technology have grown exponentially. While combining these two does not immediately seem like an obvious idea, they in fact complement each other nicely. Blockchain allows for players to actually own their cards, in a way that was unheard of in the digital format just a few years ago. It also gives them the freedom to use them in any way they like, just like in real life. In this thesis we will look into how viable this idea really is. We use the Ethereum virtual machine to simulate a publicly available blockchain that implements this concept and evaluate the results. This thesis should show that further work needs to be done, but that the concept is viable
Recommended from our members
Producing Trustworthy Hardware Using Untrusted Components, Personnel and Resources
Computer security is a full-system property, and attackers will always
go after the weakest link in a system. In modern computer systems,
the hardware supply chain is an obvious and vulnerable point of
attack. The ever-increasing complexity of hardware systems, along with
the globalization of the hardware supply chain, has made it unreasonable
to trust hardware. Hardware-based attacks, known as backdoors, are easy
to implement and can undermine the security of systems built on top of
compromised hardware. Operating systems and other software can only be
secure if they can trust the underlying hardware systems.
The full supply chain for creating hardware includes multiple processes,
which are often addressed in disparate threads of research, but which we
consider as one unified process. On the front-end side, there is the soft
design of hardware, along with validation and synthesis, to ultimately
create a netlist, the document that defines the physical layout of
hardware. On the back-end side, there is a physical fabrication process,
where a chip is produced at a foundry from a supplied netlist, followed
in some cases by post-fabrication testing. Producing a trustworthy chip
means securing the process from the early design stages through to the
post-fabrication tests.
We propose, implement and analyze a series of methods for making
the hardware supply chain resilient against a wide array of known and
possible attacks. These methods allow for the design and fabrication of
hardware using untrustworthy personnel, designs, tools and resources,
while protecting the final product from large classes of attacks, some
known previously and some discovered and taxonomized in this work.
The overarching idea in this work is to take a full-process view of
the hardware supply chain. We begin by securing the hardware design and
synthesis processes uses a defense-in-depth approach. We combine this
work with foundry-side techniques to prevent malicious modifications
and counterfeiting, and finally apply novel attestation techniques to
ensure that hardware is trustworthy when it reaches users.
For our design-side security approach, we use defense-in-depth
because in practice, any security method can potentially subverted, and
defense-in-depth is the best way to handle that assumption. Our approach
involves three independent steps. The first is a functional analysis
tool (called FANCI), applied statically to designs during the coding and
validation stages to remove any malicious circuits. The second step is
to include physical security circuits that operate at runtime. These
circuits, which we call trigger obfuscation circuits, scramble data at
the microarchitectural level so that any hardware backdoors remaining in
the design cannot be triggered at runtime. The third and final step is to
include a runtime monitoring system that detects any backdoor payloads
that might have been achieved despite the previous two steps. We design
two different versions of this monitoring system. The first, TrustNet, is
extremely lightweight and protects against an important class of attacks
called emitter backdoors. The second, DataWatch, is slightly more heavyweight
(though still efficient and low overhead) that can catch a wider variety
of attacks and can be adapted to protect against nearly any type of
digital payload. We taxonomize the types of attacks that are possible
against each of the three steps of our defense-in-depth system and show
that each defense provides strong coverage with low (or negligible)
overheads to performance, area and power consumption.
For our foundry-side security approach, we develop the first foundry-side
defense system that is aware of design-side security. We create a
power-based side-channel, called a beacon. This beacon is essentially a
benign backdoor. It can be turned on by a special key (not provided to
the foundry), allowing for security attestation during post-fabrication
testing. By designing this beacon into the design itself, the beacon
requires neither keys nor storage, and as such exists in the final chip
purely by virtue of existing in the netlist. We further obfuscate the
netlist itself, rendering the task of reverse engineering the beacon
(for a foundry-side adversary) intractable. Both the inclusion of the
beacon and the obfuscation process add little to area and power costs
and have no impact on performance.
All together, these methods provide a foundation on which hardware
security can be developed and enhanced. They are low overhead and
practical, making them suitable for inclusion in next generation
hardware. Moving forward, the criticality of having trustworthy hardware
can only increase. Ensuring that the hardware supply chain can be trusted
in the face of sophisticated adversaries is vital. Both hardware design
and hardware fabrication are increasingly international processes, and
we believe continuing with this unified approach is the correct path
for future research. In order for companies and governments to place
trust in mission-critical hardware, it is necessary for hardware to be
certified as secure and trustworthy. The methods we propose can be the
first steps toward making this certification a reality
Dynamic Shifting of Virtual Network Topologies for Network Attack Prevention
Computer networks were not designed with security in mind, making research into the subject of network security vital. Virtual Networks are similar to computer networks, except the components of a Virtual Network are in software rather than hardware. With the constant threat of attacks on networks, security is always a big concern, and Virtual Networks are no different. Virtual Networks have many potential attack vectors similar to physical networks, making research into Virtual Network security of great importance. Virtual Networks, since they are composed of virtualized network components, have the ability to dynamically change topologies. In this paper, we explore Virtual Networks and their ability to quickly shift their network topology. We investigate the potential use of this flexibility to protect network resources and defend against malicious activities.
To show the ability of reactively shifting a Virtual Network’s topology to se- cure a network, we create a set of four experiments, each with a different dynamic topology shift, or “dynamic defense”. These four groups of experiments are called the Server Protection, Isolated Subnet, Distributed Port Group, and Standard Port Group experiments. The Server Protection experiments involve detecting an attack against a server and shifting the server behind a protected subnet. The other three sets of experiments, called Attacker Prevention experiments, involve detecting a malicious node in the internal network and initiating a dynamic de- fense to move the attacker behind a protected subnet. Each Attacker Prevention experiment utilizes a different dynamic defense to prevent the malicious node from attacking the rest of the Virtual Network. For each experiment, we run 6 different network attacks to validate the effectiveness of the dynamic defenses. The network attacks utilized for each experiment are ICMP Flooding, TCP Syn Flooding, Smurf attack, ARP Spoofing, DNS Spoofing, and NMAP Scanning. Our validation shows that our dynamic defenses, outside of the standard port group, are very effective in stopping each attack, consistently lowering the at- tacks’ success rate significantly. The Standard Port Group was the one dynamic defense that is ineffective, though there are also a couple of experiments that could benefit from being run with more attackers and with different situations to fully understand the effectiveness of the defenses. We believe that, as Virtual Networks become more common and utilized outside of data centers, the ability to dynamically shift topology can be used for network security purposes
Developing collaborative planning support tools for optimised farming in Western Australia
Land-use (farm) planning is a highly complex and dynamic process. A land-use plan can be optimal at one point in time, but its currency can change quickly due to the dynamic nature of the variables driving the land-use decision-making process. These include external drivers such as weather and produce markets, that also interact with the biophysical interactions and management activities of crop production.The active environment of an annual farm planning process can be envisioned as being cone-like. At the beginning of the sowing year, the number of options open to the manager is huge, although uncertainty is high due to the inability to foresee future weather and market conditions. As the production year reveals itself, the uncertainties around weather and markets become more certain, as does the impact of weather and management activities on future production levels. This restricts the number of alternative management options available to the farm manager. Moreover, every decision made, such as crop type sown in a paddock, will constrains the range of management activities possible in that paddock for the rest of the growing season.This research has developed a prototype Land-use Decision Support System (LUDSS) to aid farm managers in their tactical farm management decision making. The prototype applies an innovative approach that mimics the way in which a farm manager and/or consultant would search for optimal solutions at a whole-farm level. This model captured the range of possible management activities available to the manager and the impact that both external (to the farm) and internal drivers have on crop production and the environment. It also captured the risk and uncertainty found in the decision space.The developed prototype is based on a Multiple Objective Decision-making (MODM) - á Posteriori approach incorporating an Exhaustive Search method. The objective set used for the model is: maximising profit and minimising environmental impact. Pareto optimisation theory was chosen as the method to select the optimal solution and a Monte Carlo simulator is integrated into the prototype to incorporate the dynamic nature of the farm decision making process. The prototype has a user-friendly front and back end to allow farmers to input data, drive the application and extract information easily
Influence of computational fluid dynamics on experimental aerospace facilities: A fifteen year projection
An assessment was made of the impact of developments in computational fluid dynamics (CFD) on the traditional role of aerospace ground test facilities over the next fifteen years. With improvements in CFD and more powerful scientific computers projected over this period it is expected to have the capability to compute the flow over a complete aircraft at a unit cost three orders of magnitude lower than presently possible. Over the same period improvements in ground test facilities will progress by application of computational techniques including CFD to data acquisition, facility operational efficiency, and simulation of the light envelope; however, no dramatic change in unit cost is expected as greater efficiency will be countered by higher energy and labor costs
Dynamic Polymorphic Reconfiguration to Effectively “CLOAK” a Circuit’s Function
Today\u27s society has become more dependent on the integrity and protection of digital information used in daily transactions resulting in an ever increasing need for information security. Additionally, the need for faster and more secure cryptographic algorithms to provide this information security has become paramount. Hardware implementations of cryptographic algorithms provide the necessary increase in throughput, but at a cost of leaking critical information. Side Channel Analysis (SCA) attacks allow an attacker to exploit the regular and predictable power signatures leaked by cryptographic functions used in algorithms such as RSA. In this research the focus on a means to counteract this vulnerability by creating a Critically Low Observable Anti-Tamper Keeping Circuit (CLOAK) capable of continuously changing the way it functions in both power and timing. This research has determined that a polymorphic circuit design capable of varying circuit power consumption and timing can protect a cryptographic device from an Electromagnetic Analysis (EMA) attacks. In essence, we are effectively CLOAKing the circuit functions from an attacker
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
Understanding and Enriching Randomness Within Resource-Constrained Devices
Random Number Generators (RNG) find use throughout all applications of computing, from high level statistical modeling all the way down to essential security primitives. A significant amount of prior work has investigated this space, as a poorly performing generator can have significant impacts on algorithms that rely on it. However, recent explosive growth of the Internet of Things (IoT) has brought forth a class of devices for which common RNG algorithms may not provide an optimal solution. Furthermore, new hardware creates opportunities that have not yet been explored with these devices. in this Dissertation, we present research fostering deeper understanding of and enrichment of the state of randomness within the context of resource-constrained devices. First, we present an exploratory study into methods of generating random numbers on devices with sensors. We perform a data collection study across 37 android devices to determine how much random data is consumed, and which sensors are capable of producing sufficiently entropic data. We use the results of our analysis to create an experimental framework called SensoRNG, which serves as a prototype to test the efficacy of a sensor-based RNG. SensoRNG employs opportunistic collection of data from on-board sensors and applies a light-weight mixing algorithm to produce random numbers. We evaluate SensoRNG with the National Institute of Standards and Technology (NIST) statistical testing suite and demonstrate that a sensor-based RNG can provide high quality random numbers with only little additional overhead. Second, we explore the design, implementation, and efficacy of a Collaborative and Distributed Entropy Transfer protocol (CADET), which explores moving random number generation from an individual task to a collaborative one. Through the sharing of excess random data, devices that are unable to meet their own needs can be aided by contributions from other devices. We implement and test a proof-of-concept version of CADET on a testbed of 49 Raspberry Pi 3B single-board computers, which have been underclocked to emulate resource-constrained devices. Through this, we evaluate and demonstrate the efficacy and baseline performance of remote entropy protocols of this type, as well as highlight remaining research questions and challenges. Finally, we design and implement a system called RightNoise, which automatically profiles the RNG activity of a device by using techniques adapted from language modeling. First, by performing offline analysis, RightNoise is able to mine and reconstruct, in the context of a resource-constrained device, the structure of different activities from raw RNG access logs. After recovering these patterns, the device is able to profile its own behavior in real time. We give a thorough evaluation of the algorithms used in RightNoise and show that, with only five instances of each activity type per log, RightNoise is able to reconstruct the full set of activities with over 90\% accuracy. Furthermore, classification is very quick, with an average speed of 0.1 seconds per block. We finish this work by discussing real world application scenarios for RightNoise
- …