Aspect-oriented Modeling of Attacks in Automotive Cyber-Physical Systems

This paper introduces aspect-oriented modeling (AOM) as a powerful, model-based design technique to assess the secu- rity of Cyber-Physical Systems (CPS). Particularly in safety- critical CPS such as automotive control systems, the pro- tection against malicious design and interaction faults is paramount to guaranteeing correctness and reliable opera- tion. Essentially, attack models are associated with the CPS in an aspect-oriented manner to evaluate the system under attack. This modeling technique requires minimal changes to the model of the CPS. Using application-specic metrics, the designer can gain insights into the behavior of the CPS under attack. Copyright 2014 ACM

Ptolemy-HLA: A Cyber-Physical System Distributed Simulation Framework

The Ptolemy-HLA distributed co-simulation framework leverages two open source tools, Ptolemy II and HLA/CERTI, for the simulation of Cyber-Physical Systems (CPS). This framework enables dealing with three important issues: (1) Distribution of a simulation, allowing to scale up models and performance; (2) Interoperability of tools, allowing reusability and interfacing with other simulators or real devices/systems; (3) Heterogeneous simulations (discrete events, continuous time). The framework extends Ptolemy both, by coordinating the time advance of various Ptolemy instances, and by allowing data communication between them with the help of HLA management services. These additions enable the creation of HLA federates (i.e., simulators) in a Federation (i.e., a distributed simulation) in an easy way, since the user does not need to be an HLA specialist in order to design a Federate. The paper presents the new components added to Ptolemy, some semantic issues, an application example and performance analysis

Let’s Get Physical: Computer Science Meets Systems

In cyber-physical systems (CPS) computing, networking and control (typically regarded as the "cyber" part of the system) are tightly intertwined with mechanical, electrical, thermal, chemical or biological processes (the "physical" part). The increasing sophistication and heterogeneity of these systems requires radical changes in the way sense-and-control platforms are designed to regulate them. In this paper, we highlight some of the design challenges due to the complexity and heterogeneity of CPS. We argue that such challenges can be addressed by leveraging concepts that have been instrumental in fostering electronic design automation while dealing with complexity in VLSI system design. Based on these concepts, we introduce a design methodology whereby platform-based design is combined with assume-guarantee contracts to formalize the design process and enable realization of CPS architectures and control software in a hierarchical and compositional manner. We demonstrate our approach on a prototype design of an aircraft electric power system. © 2014 Springer-Verlag Berlin Heidelberg

Efficient FPGA Implementations of LowMC and Picnic

Post-quantum cryptography has received increased attention in recent years, in particular, due to the standardization effort by NIST. One of the second-round candidates in the NIST post-quantum standardization project is Picnic, a post-quantum secure signature scheme based on efficient zero-knowledge proofs of knowledge. In this work, we present the first FPGA implementation of Picnic. We show how to efficiently calculate LowMC, the block cipher used as a one-way function in Picnic, in hardware despite the large number of constants needed during computation. We then combine our LowMC implementation and efficient instantiations of Keccak to build the full Picnic algorithm. Additionally, we conform to recently proposed hardware interfaces for post-quantum schemes to enable easier comparisons with other designs. We provide evaluations of our Picnic implementation for both, the standalone design and a version wrapped with a PCIe interface, and compare them to the state-of-the-art software implementations of Picnic and similar hardware designs. Concretely, signing messages on our FPGA takes 0.25 ms for the L1 security level and 1.24 ms for the L5 security level, beating existing optimized software implementations by a factor of 4

Feistel Structures for MPC, and More

We study approaches to generalized Feistel constructions with low-degree round functions with a focus on x -> x^3 . Besides known constructions, we also provide a new balanced Feistel construction with improved diffusion properties. This then allows us to propose more efficient generalizations of the MiMC design (Asiacrypt’16), which we in turn evaluate in three application areas. Whereas MiMC was not competitive at all in a recently proposed new class of PQ-secure signature schemes, our new construction leads to about 30 times smaller signatures than MiMC. In MPC use cases, where MiMC outperforms all other competitors, we observe improvements in throughput by a factor of more than 4 and simultaneously a 5-fold reduction of preprocessing effort, albeit at the cost of a higher latency. Another use case where MiMC already outperforms other designs, in the area of SNARKs, sees modest improvements. Additionally, this use case benefits from the flexibility to use smaller fields

Public-Key Puncturable Encryption: Modular and Compact Constructions

We revisit the method of designing public-key puncturable encryption schemes and present a generic conversion by leveraging the techniques of distributed key-distribution and revocable encryption. In particular, we first introduce a refined version of identity-based revocable encryption, named key-homomorphic identity-based revocable key encapsulation mechanism with extended correctness. Then, we propose a generic construction of puncturable key encapsulation mechanism from the former by merging the idea of distributed key-distribution. Compared to the state-of-the-art, our generic construction supports unbounded number of punctures and multiple tags per message, thus achieving more fine-grained revocation of decryption capability. Further, it does not rely on random oracles, not suffer from non-negligible correctness error, and results in a variety of efficient schemes with distinct features. More precisely, we obtain the first scheme with very compact ciphertexts in the standard model, and the first scheme with support for both unbounded size of tags per ciphertext and unbounded punctures as well as constant-time puncture operation. Moreover, we get a comparable scheme proven secure under the standard DBDH assumption, which enjoys both faster encryption and decryption than previous works based on the same assumption, especially when the number of tags associated with the ciphertext is large

Skin tribology: Science friction?

The application of tribological knowledge is not just restricted to optimizing mechanical and chemical engineering problems. In fact, effective solutions to friction and wear related questions can be found in our everyday life. An important part is related to skin tribology, as the human skin is frequently one of the interacting surfaces in relative motion. People seem to solve these problems related to skin friction based upon a trial-and-error strategy and based upon on our sense for touch. The question of course rises whether or not a trained tribologist would make different choices based upon a science based strategy? In other words: Is skin friction part of the larger knowledge base that has been generated during the last decades by tribology research groups and which could be referred to as Science Friction? This paper discusses the specific nature of tribological systems that include the human skin and argues that the living nature of skin limits the use of conventional methods. Skin tribology requires in vivo, subject and anatomical location specific test methods. Current predictive friction models can only partially be applied to predict in vivo skin friction. The reason for this is found in limited understanding of the contact mechanics at the asperity level of product-skin interactions. A recently developed model gives the building blocks for enhanced understanding of friction at the micro scale. Only largely simplified power law based equations are currently available as general engineering tools. Finally, the need for friction control is illustrated by elaborating on the role of skin friction on discomfort and comfort. Surface texturing and polymer brush coatings are promising directions as they provide way and means to tailor friction in sliding contacts without the need of major changes to the produc

UC Updatable Databases and Applications

We define an ideal functionality \Functionality_{\UD} and a construction \mathrm{\Pi_{\UD}} for an updatable database (\UD). \UD is a two-party protocol between an updater and a reader. The updater sets the database and updates it at any time throughout the protocol execution. The reader computes zero-knowledge (ZK) proofs of knowledge of database entries. These proofs prove that a value is stored at a certain position in the database, without revealing the position or the value. (Non-)updatable databases are implicitly used as building block in priced oblivious transfer, privacy-preserving billing and other privacy-preserving protocols. Typically, in those protocols the updater signs each database entry, and the reader proves knowledge of a signature on a database entry. Updating the database requires a revocation mechanism to revoke signatures on outdated database entries. Our construction \mathrm{\Pi_{\UD}} uses a non-hiding vector commitment (NHVC) scheme. The updater maps the database to a vector and commits to the database. This commitment can be updated efficiently at any time without needing a revocation mechanism. ZK proofs for reading a database entry have communication and amortized computation cost independent of the database size. Therefore, \mathrm{\Pi_{\UD}} is suitable for large databases. We implement \mathrm{\Pi_{\UD}} and our timings show that it is practical. In existing privacy-preserving protocols, a ZK proof of a database entry is intertwined with other tasks, e.g., proving further statements about the value read from the database or the position where it is stored. \Functionality_{\UD} allows us to improve modularity in protocol design by separating those tasks. We show how to use \Functionality_{\UD} as building block of a hybrid protocol along with other functionalities