TV-PUF : A Fast Lightweight Analog Physically Unclonable Function

Physical Unclonable Function (PUF) is hardware analog of a one-way function which can address hardware security issues such as device authentication, generating secret keys, producing seeds for Random Number Generators, etc. Traditional silicon PUFs are based on delay (Ring Oscillator PUFs and Arbiter PUFs) or memory structures (like SRAM). In this paper, we propose a novel idea of a very fast, lightweight and robust analog PUF that exploits the susceptibility of Threshold Voltage (${V_{th}}$) of MOSFETs to process variations. We call this the Threshold Voltage PUF (TV-PUF). Extensive implementations and simulations shows improvement in quality metrics like uniformity of the PUF, intra-die distances (reliability metric of the PUF) and inter-die distances (uniqueness metric of the PUF) for 64-bit key generation. For 1 GHz clock input for sense amplifier, our design consumes 0.18$\mu$W/bit power with 50 \% uniqueness and 51\% reliability. It is also shown that TV-PUF characteristics are independent on the technology node

SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine Learning

Cyber-physical systems (CPS) and Internet-of-Things (IoT) devices are increasingly being deployed across multiple functionalities, ranging from healthcare devices and wearables to critical infrastructures, e.g., nuclear power plants, autonomous vehicles, smart cities, and smart homes. These devices are inherently not secure across their comprehensive software, hardware, and network stacks, thus presenting a large attack surface that can be exploited by hackers. In this article, we present an innovative technique for detecting unknown system vulnerabilities, managing these vulnerabilities, and improving incident response when such vulnerabilities are exploited. The novelty of this approach lies in extracting intelligence from known real-world CPS/IoT attacks, representing them in the form of regular expressions, and employing machine learning (ML) techniques on this ensemble of regular expressions to generate new attack vectors and security vulnerabilities. Our results show that 10 new attack vectors and 122 new vulnerability exploits can be successfully generated that have the potential to exploit a CPS or an IoT ecosystem. The ML methodology achieves an accuracy of 97.4% and enables us to predict these attacks efficiently with an 87.2% reduction in the search space. We demonstrate the application of our method to the hacking of the in-vehicle network of a connected car. To defend against the known attacks and possible novel exploits, we discuss a defense-in-depth mechanism for various classes of attacks and the classification of data targeted by such attacks. This defense mechanism optimizes the cost of security measures based on the sensitivity of the protected resource, thus incentivizing its adoption in real-world CPS/IoT by cybersecurity practitioners.Comment: This article has been accepted in IEEE Transactions on Emerging Topics in Computing. 17 pages, 12 figures, IEEE copyrigh

Machine Learning-based Efficient and Generalizable Cybersecurity Frameworks

Cyber-attacks are becoming more convoluted and complex every day. Thus, constant vigilance is necessary to protect the confidentiality, integrity, and availability of digital systems. Machine learning (ML) has evolved as a powerful tool for intelligent cyber analysis to enable proactive security. ML learns the patterns underpinning previous cyber-attacks and proactively uses this knowledge to defend against future threats. However, the application of ML in security analysis faces two significant drawbacks. First, state-of-the-art ML systems incur significant computation overheads. This drawback inhibits the widespread adoption of ML-based cyber strategies in enterprise security. Second, security analysts must design unique frameworks to employ ML for different applications. For example, cyber analysts cannot use the ML framework designed to detect vulnerabilities in the 5G core network (5GCN) to analyze the security of a connected vehicle. This thesis addresses these drawbacks and proposes efficient and generalizable ML-based frameworks for cyber-risk analysis. We first address the bottleneck of massive computation overheads of ML models with a novel vulnerability exploit detection framework called ML-FEED. While traditional rule-based vulnerability detection frameworks are efficient, they are not effective in detecting novel exploits. ML-FEED utilizes ML and rule-based systems to provide efficient vulnerability exploit detection while outperforming state-of-the-art ML models. Next, we introduce a smart hacking approach for risk analysis: SHARKS. SHARKS is a generic framework that developers can utilize for security analysis of diverse environments. In this thesis, we design SHARKS for risk analysis of Internet-of-Things (IoT) and cyber-physical systems (CPS). First, SHARKS extracts intelligence from documented cyber-attacks on IoT and CPS ecosystems. Then, it employs ML to learn the underlying patterns of these attacks. This knowledge enables SHARKS to defend IoT and CPS against future attacks. Finally, we conduct a 5GCN threat analysis using the SHARKS paradigm. As a result, we discover 119 novel possible exploits in a generic 5GCN architecture. Most of these attacks arise due to the interaction among various vulnerabilities of emerging technologies in 5GCN, such as software-defined networking and network function virtualization. We further investigate these weaknesses and observe that they can trigger targeted attacks on 5G network protocols and stand-alone applications like WhatsApp

TV-PUF : A Fast Lightweight Aging-Resistant Threshold Voltage PUF

Physical Unclonable Function (PUF) is the hardware analog of a one-way function which can address hardware security issues such as device authentication, generating secret keys, producing seeds for Random Number Generators, etc. Traditional silicon PUFs are based on delay (Ring Oscillator PUFs and Arbiter PUFs) or memory structures (e.g, SRAM PUFs). In this paper, we propose the design of an aging resistant, lightweight and low-power analog PUF that exploits the susceptibility of Threshold Voltage (Vth) of MOSFETs to process variations. Analysis shows improvement in power consumption, reliability over device aging along with quality metrics like uniformity, reliability and uniqueness for a 64-bit key generation. For 1 GHz clock input, this design consumes 0.18W/bit power with 50 % uniqueness and 51% uniformity along with the independence of these metrics on technology nodes. Experimental results suggest 4% variation in reliability under temperature variation from -55C to 125C and 20% variation in supply voltage. Aging analysis further projects the independence of reliability over device aging

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security

Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology. The diversity and complexity of these components present an enormous attack surface, allowing an adversary to exploit security vulnerabilities of different devices to execute a potent attack. Though significant efforts have been made to improve the security of individual devices in these systems, little attention has been paid to security at the aggregate level. In this article, we describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, our model employs a machine learning approach to extrapolate undiscovered exploits, enabling us to identify attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. GRAVITAS can be employed by governments, companies, and system administrators to design secure IoT/CPS at scale, providing a quantitative measure of security and efficiency in a world where IoT/CPS devices will soon be ubiquitous

Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems

The core network architecture of telecommunication systems has undergone a paradigm shift in the fifth-generation (5G) networks. 5G networks have transitioned to software-defined infrastructures, thereby reducing their dependence on hardware-based network functions. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This has resulted in significant improvements in efficiency, performance, and robustness of the networks. However, this has also made the core network more vulnerable, as software systems are generally easier to compromise than hardware systems. In this article, we present a comprehensive security analysis framework for the 5GCN. The novelty of this approach lies in the creation and analysis of attack graphs of the software-defined and virtualized 5GCN through machine learning. This analysis points to 119 novel possible exploits in the 5GCN. We demonstrate that these possible exploits of 5GCN vulnerabilities generate five novel attacks on the 5G Authentication and Key Agreement protocol. We combine the attacks at the network, protocol, and the application layers to generate complex attack vectors. In a case study, we use these attack vectors to find four novel security loopholes in WhatsApp running on a 5G network