Creation and detection of hardware trojans using non-invasive off-the-shelf technologies

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware

Pervasive eHealth services a security and privacy risk awareness survey

The human factor is often recognised as a major aspect of cyber-security research. Risk and situational perception are identified as key factors in the decision making process, often playing a lead role in the adoption of security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a survey of the the risks and situational awareness in eHealth services. An analysis of the lack of security and privacy measures in connected health devices is described with recommendations to circumvent critical situations

X-Secure:protecting users from big bad wolves

In 2014 over 70% of people in Great Britain accessed the Internet every day. This resource is an optimal vector for malicious attackers to penetrate home computers and as such compromised pages have been increasing in both number and complexity. This paper presents X-Secure, a novel browser plug-in designed to present and raise the awareness of inexperienced users by analysing web-pages before malicious scripts are executed by the host computer. X-Secure was able to detect over 90% of the tested attacks and provides a danger level based on cumulative analysis of the source code, the URL, and the remote server, by using a set of heuristics, hence increasing the situational awareness of users browsing the internet

Validation of a building simulation tool for predictive control in energy management systems

Buildings are responsible for a significant portion of energy consumption worldwide. Intelligent buildings have been devised as a potential solution, where energy consumption and building use are harmonised. At the heart of the intelligent building is the building energy management system (BEMS), the central platform which manages and coordinates all the building monitoring and control subsystems, such as heating and lighting loads. There is often a disconnect between the BEMS and the building it is installed in, leading to inefficient operation, due to incongruous commissioning of sensors and control systems. In these cases, the BEMS has a lack of knowledge of the building form and function, requiring further complex optimisation, to facilitate efficient all year round operation. Flawed BEMS configurations can then lead to ‘sick buildings’. Recently, building energy performance simulation (BEPS) has been viewed as a conceptual solution to assist in efficient building control. Building energy simulation models offer a virtual environment to test many scenarios of BEMS operation strategies and the ability to quickly evaluate their effects on energy consumption and occupant comfort. Challenges include having an accurate building model, but recent advances in building information modelling (BIM) offer the chance to leverage existing building data, which can be translated into a form understood by the building simulator. This study will address these challenges, by developing and integrating a BEMS, with a BIM for BEPS assisted predictive control, and assessing the outcome and potential of the integration

Cyber-security internals of a Skoda Octavia vRS:a hands on approach

The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc. . . ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified

A taxonomy of malicious traffic for intrusion detection systems

With the increasing number of network threats it is essential to have a knowledge of existing and new network threats to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets

Evaluating the potential of Simulation Assisted Energy Management Systems : A Case for Electrical Heating Optimisation

Buildings consume a significant amount of energy worldwide in maintaining comfort for occupants. Building energy management systems (BEMS) are employed to ensure that the energy consumed is used efficiently. However these systems often do not adequately perform in minimising energy use. This is due to a number of reasons, including poor configuration or a lack of information such as being able to anticipate changes in weather conditions. We are now at the stage that building behaviour can be simulated, whereby computer programs can be used to predict building conditions, and therefore enable buildings to use energy more efficiently, when integrated with BEMS (i.e. simulation assisted control [1]). In this paper we demonstrate a low cost BEMS that uses building simulation to predict optimised electrical heating startup control points. Those that use electricity for heating in Scotland, where this study was based, tend to be fuel-poor, hence there is a strong case for optimisation, particularly when electricity costs nearly three times as much as the equivalent unit of gas for heating applications. The proposed system demonstrated a 50% energy saving in the reduced heating time compared to scheduling when retrospectively evaluated

The effect of uncertainty in whole building simulation models for purposes of generating control strategies

Buildings consume a significant amount of energy worldwide in maintaining comfort for occupants. Building energy management systems (BEMS) are employed to ensure that the energy consumed is used efficiently. However these systems often do not adequately perform in minimising energy use. This is due to a number of reasons, including poor configuration or a lack of information such as being able to anticipate changes in weather conditions. We are now at the stage that building behaviour can be simulated, whereby simulation tools can be used to predict building conditions, and therefore enable buildings to use energy more efficiently, when integrated with BEMS. What is required though, is an accurate model of the building which can effectively represent the building processes, for building simulation. Building information modelling (BIM) is a relatively new method of representing building models, however there still remains the issue of data translation between a BIM and simulation model, which requires calibration with a measured set of data. If there a lack of information or a poor translation, a level of uncertaintly is introduced which can affect the simulation’s ability to accurate predict control strategies for BEMS. This paper explores effects of uncertainty, by making assumptions on a building model due to a lack of information. It will be shown that building model calibration as a method of addressing uncertainty is no substitute for a well defined model

A taxonomy of network threats and the effect of current datasets on intrusion detection systems

As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade’s Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of real-network threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets