Practical Lightweight Security: Physical Unclonable Functions and the Internet of Things

In this work, we examine whether Physical Unclonable Functions (PUFs) can act as lightweight security mechanisms for practical applications in the context of the Internet of Things (IoT). In order to do so, we first discuss what PUFs are, and note that memory-based PUFs seem to fit the best to the framework of the IoT. Then, we consider a number of relevant memory-based PUF designs and their properties, and evaluate their ability to provide security in nominal and adverse conditions. Finally, we present and assess a number of practical PUF-based security protocols for IoT devices and networks, in order to confirm that memory-based PUFs can indeed constitute adequate security mechanisms for the IoT, in a practical and lightweight fashion. More specifically, we first consider what may constitute a PUF, and we redefine PUFs as inanimate physical objects whose characteristics can be exploited in order to obtain a behaviour similar to a highly distinguishable (i.e., “(quite) unique”) mathematical function. We note that PUFs share many characteristics with biometrics, with the main difference being that PUFs are based on the characteristics of inanimate objects, while biometrics are based on the characteristics of humans and other living creatures. We also note that it cannot really be proven that PUFs are unique per instance, but they should be considered to be so, insofar as (human) biometrics are also considered to be unique per instance. We, then, proceed to discuss the role of PUFs as security mechanisms for the IoT, and we determine that memory-based PUFs are particularly suited for this function. We observe that the IoT nowadays consists of heterogeneous devices connected over diverse networks, which include both high-end and resource-constrained devices. Therefore, it is essential that a security solution for the IoT is not only effective, but also highly scalable, flexible, lightweight, and cost-efficient, in order to be considered as practical. To this end, we note that PUFs have been proposed as security mechanisms for the IoT in the related work, but the practicality of the relevant security mechanisms has not been sufficiently studied. We, therefore, examine a number of memory-based PUFs that are implemented using Commercial Off-The-Shelf (COTS) components, and assess their potential to serve as acceptable security mechanisms in the context of the IoT, not only in terms of effectiveness and cost, but also under both nominal and adverse conditions, such as ambient temperature and supply voltage variations, as well as in the presence of (ionising) radiation. In this way, we can determine whether memory-based PUFs are truly suitable to be used in the various application areas of the IoT, which may even involve particularly adverse environments, e.g., in IoT applications involving space modules and operations. Finally, we also explore the potential of memory-based PUFs to serve as adequate security mechanisms for the IoT in practice, by presenting and analysing a number of cryptographic protocols based on these PUFs. In particular, we study how memory-based PUFs can be used for key generation, as well as device identification, and authentication, their role as security mechanisms for current and next-generation IoT devices and networks, and their potential for applications in the space segment of the IoT and in other adverse environments. Additionally, this work also discusses how memory-based PUFs can be utilised for the implementation of lightweight reconfigurable PUFs that allow for advanced security applications. In this way, we are able to confirm that memory-based PUFs can indeed provide flexible, scalable, and efficient security solutions for the IoT, in a practical, lightweight, and inexpensive manner

FYTA: Conceptual Songwriting

FYTA (meaning: plants) formed in 2012 as a musical duo, producing post-punk DIY digital albums that were provided free of charge on fyta.bandcamp.com. They have since been giving interviews in which they present themselves as mysterious personae (F78 and F89), being photographed with their faces covered in plants. On their website it is stated that their albums revolve around metaphors on the concepts of "nature" and the "natural", aiming at sabotaging naturalised social relations, exposing the "self-importance of the avant-gardist" and mocking the white-male concept of the "precious genius-outsider artist". Assuming that naturalisation is among the ideological strategies that render the beliefs of dominant social groups universal, what do FYTA wish to denaturalise on an artistic level? And why do it through singing? Given the fact that FYTA describe themselves as "conceptual songwriters", teaching their songwriting methods in special workshops, I shall focus on "conceptual songwriting" as an artistic strategy of denaturalising specific musical "myths", leading to the creation of a reflexive, performative sonic/verbal world

Τα ΦΥΤΑ ως εννοιολογικοί τραγουδοποιοί

Τα ΦΥΤΑ ξεκίνησαν την δράση τους το 2012 ως post-punk μουσικό ντούο, δημιουργώντας DIY ψηφιακούς δίσκους, τους οποίους παρέχουν δωρεάν στο fyta.bandcamp.com. Στις συνεντεύξεις τους εμφανίζονται ως μυστηριώδεις περσόνες (Φ78 και Φ89) που φωτογραφίζονται με φυτά στα πρόσωπά τους. Στο site τους διαβάζουμε ότι οι δίσκοι τους περιστρέφονται γύρω από μεταφορές της έννοιας της «φύσης», του «φυσικού» και των «φυσικοποιημένων κοινωνικών σχέσεων», με σκοπό να σαμποτάρουν διαχωρισμούς όπως το «παραδοσιακό» και το «μοντέρνο», το «υψηλό» και το «χαμηλό», να καταδείξουν την «αυταρέσκεια του αβαν-γκαρντ καλλιτέχνη» και να κοροϊδέψουν την «λευκή-ανδρική έννοια του ανεκτίμητου καλλιτέχνη-εξωτερικού παρατηρητή». Aν η φυσικοποίηση είναι μία από τις στρατηγικές της ιδεολογίας που καθιστά τις πεποιθήσεις μιας κυρίαρχης κοινωνικής ομάδας οικουμενικές, τι είναι αυτό που επιθυμούν να αποφυσικοποιήσουν τα ΦΥΤΑ σε καλλιτεχνικό επίπεδο; Και γιατί το κάνουν αυτό τραγουδώντας; Δεδομένου ότι τα ΦΥΤΑ αυτοχαρακτηρίζονται «εννοιολογικοί τραγουδοποιοί», διδάσκοντας μάλιστα τη μέθοδό τους σε ειδικά εργαστήρια, θα εστιάσω στο «εννοιολογικό τραγούδι» ως καλλιτεχνική στρατηγική αποφυσικοποίησης συγκεκριμένων μουσικών «μύθων», που οδηγεί στη δημιουργία ενός αναστοχαστικού, επιτελεστικού ηχητικού-λεκτικού κόσμου

On the Sustainability of Lightweight Cryptography Based on PUFs Implemented on NAND Flash Memories Using Programming Disturbances

In this work, we examine the potential of Physical Unclonable Functions (PUFs) that have been implemented on NAND Flash memories using programming disturbances to act as sustainable primitives for the purposes of lightweight cryptography. In particular, we investigate the ability of such PUFs to tolerate temperature and voltage variations, and examine the current shortcomings of existing NAND-Flash-memory PUFs that are based on programming disturbances as well as how these could potentially be addressed in order to provide more robust and more sustainable security solutions.Comment: This work was accepted for and presented at the Workshop on Sustainability in Security, Security for Sustainability, which took place on 18 March 2022 and was co-located with the 25th Design, Automation and Test in Europe Conference & Exhibition (DATE 2022

Real-World Chaos-Based Cryptography Using Synchronised Chua Chaotic Circuits

This work presents the hardware demonstrator of a secure encryption system based on synchronised Chua chaotic circuits. In particular, the presented encryption system comprises two Chua circuits that are synchronised using a dedicated bidirectional synchronisation line. One of them forms part of the transmitter, while the other of the receiver. Both circuits are tuned to operate in a chaotic mode. The output (chaotic) signal of the first circuit (transmitter) is digitised and then combined with the message to be encrypted, through an XOR gate. The second Chua circuit (receiver) is used for the decryption; the output chaotic signal of this circuit is similarly digitised and combined with the encrypted message to retrieve the original message. Our hardware demonstrator proves that this method can be used in order to provide extremely lightweight real-world, chaos-based cryptographic solutions.Comment: This work was accepted for and presented as a hardware demo at the 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST 2022), held from 27 to 30 June 2022, in Washington, DC, US

Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature

The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately sense the temperature in the vicinity of the DRAM-carrying device. Among others, this enables adversaries to remotely and purely digitally spy on personal behavior in users' private homes, or to collect security-critical data in server farms, cloud storage centers, or commercial production lines. We demonstrate that our attack can be performed by merely compromising the software of an IoT device and does not require hardware modifications or physical access at attack time. It can achieve temperature resolutions of up to 0.5{\deg}C over a range of 0{\deg}C to 70{\deg}C in practice. Perhaps most interestingly, it even works in devices that do not have a dedicated temperature sensor on board. To complete our work, we discuss practical attack scenarios as well as possible countermeasures against our temperature espionage attacks.Comment: Submitted to IEEE TIFS and currently under revie

Aggressive treatment of metastatic squamous cell carcinoma of the rectum to the liver: a case report and a brief review of the literature

BACKGROUND: Rectal squamous cell carcinoma (SCC) is a rare tumor. The incidence of this malignancy has been reported to be 0.25 to 1 per 1000 colorectal carcinomas. From a review of the English literature 55 cases of SCC of the rectum have been published. In this study we report a rectal metastatic SCC to the liver, discussing the efficacy of aggressive adjuvant and neo-adjuvant therapies on survival and prognosis. CASE PRESENTATION: A 39-year-old female patient with a pure SCC of the rectum diagnosed endoscopically is presented. The patient underwent initially neoadjuvant chemo-radiotherapy and then abdominoperineal resection with concomitant bilateral oophorectomy and hysterectomy, followed by adjuvant chemo-radiotherapy. Five months after the initial operation liver metastasis was demonstrated and a liver resection was carried out, followed by adjuvant chemotherapy. Eighteen months after the initial operation the patient is alive. CONCLUSION: Although prognosis of rectal SCC is worse than that of adenocarcinoma, an aggressive therapeutic approach with surgery as the primary treatment, followed by combined neo- and adjuvant chemo-radiotherapy, may be necessary in order to improve survival and prognosis