VMEO: Vector Modeling Errors and Operands for Approximate adders

Approximate computing techniques are extensively used in computationally intensive applications. Addition architecture being the basic component of computational unit, has received a lot of interest from approximate computing community. Approximate adders are designed with the motivation to reduce area, power and delay of their accurate versions at the cost of bounded loss in accuracy. A major class of approximate adders are implemented using binary logic circuits that operate with a high degree of predictability and speculation. This paper is one of the early attempt to vector model error values that occur in approximate architectures and the inputs fed to them. In this paper, we propose two vectors namely Error Vectors (EVs) and the Input Conditioning Vectors (ICVs) that will form the mathematical foundation of several probabilistic error evaluation methodologies. In other words, the suggested vectors can be used to develop assessment methods to measure the performance of approximate circuits. Our proposed vectors when utilised to analyze approximate circuits, will provide a descriptive idea about (i) chances of error generation and propagation, (ii) the amount of error at specific bit locations and its impact on overall result. This is however not conceivable with existing state-of-the-art methodologies

Sorting Attacks Resilient Authentication Protocol for CMOS Image Sensor Based PUF

Physically Unclonable Functions (PUFs) have emerged as a viable and cost-effective method for device authentication and key generation. Recently, CMOS image sensors have been exploited as PUF for hardware fingerprinting in mobile devices. As CMOS image sensors are readily available in modern devices such as smartphones, laptops etc., it eliminates the need for additional hardware for implementing a PUF structure. In ISIC2014, an authentication protocol has been proposed to generate PUF signatures using a CMOS image sensor by leveraging the fixed pattern noise (FPN) of certain pixel values. This makes the PUF candidate an interesting target for adversarial attacks. In this work, we testify that a simple sorting attack and a win-rate (WR) based sorting attack can be launched in this architecture to predict the PUF response for given a challenge. We also propose a modified authentication protocol as a countermeasure to make it resilient against simple sorting and WR sorting attacks. The proposed work reduces the accuracy of prediction due to simple sorting attack and WR sorting attack by approximately 14% compared to the existing approach

CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning

Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. As the firmware of the WLAN devices in the context of IoT, industrial systems, and medical devices is often not patched, detecting and preventing such attacks is challenging. In this paper, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. Our proposed system works without decrypting any traffic. It passively monitors multiple wireless channels in parallel in the neighborhood and uses a state machine model to characterize and detect the attacks. In particular, we develop a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the access point or the COTS devices, it only requires to be physically placed within the range of the access point and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning models, we show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using CheckShak

A PUF-based Secure Communication Protocol for IoT

Security features are of paramount importance for IoT, and implementations are challenging given the resource-constrained IoT set-up. We have developed a lightweight identity-based cryptosystem suitable for IoT, to enable secure authentication and message exchange among the devices. Our scheme employs Physically Unclonable Function (PUF), to generate the public identity of each device, which is used as the public key for each device for message encryption. We have provided formal proofs of security in the Session Key security and Universally Composable Framework of the proposed protocol, which demonstrates the resilience of the scheme against passive as well as active attacks. We have demonstrated the set up required for the protocol implementation and shown that the proposed protocol implementation incurs low hardware and software overhead

Exploiting Safe Error based Leakage of RFID Authentication Protocol using Hardware Trojan Horse

Radio-Frequency Identification tags are used for several applications requiring authentication mechanisms, which if subverted can lead to dire consequences. Many of these devices are based on low-cost Integrated Circuits which are designed in off-shore fabrication facilities and thus raising concerns about their trust. Recently, a lightweight entity authentication protocol called LCMQ was proposed, which is based on Learning Parity with Noise, Circulant Matrix, and Multivariate Quadratic problems. This protocol was proven to be secure against Man-in-the-middle attack and cipher-text only attacks. In this paper, we show that in the standard setting, although the authentication uses two $m$ bit keys, $\mathbf{K_1}$ and $\mathbf{K_2}$, knowledge of only $\mathbf{K_2}$ is sufficient to forge the authentication. Based on this observation, we design a stealthy malicious modification to the circuitry based on the idea of Safe-errors to leak $\mathbf{K_2}$ and thus can be used to forge the entire authentication mechanism. We develop a Field Programmable Gate Array prototype of the design which is extremely lightweight and can be implemented using four Lookup tables

PUF+IBE: Blending Physically Unclonable Functions with Identity Based Encryption for Authentication and Key Exchange in IoTs

Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry

Safe is the new Smart: PUF-based Authentication for Load Modification-Resistant Smart Meters

In the energy sector, IoT manifests in the form of next-generation power grids that provide enhanced electrical stability, efficient power distribution and utilization. The primary feature of a Smart Grid is the presence of an advanced bi-directional communication network between the Smart meters at the consumer end and the servers at the Utility Operators. The Smart meters are broadly vulnerable to attacks on communication and physical systems. We propose a secure and operationally asymmetric mutual authentication and key-exchange protocol for secure communication. Our protocol balances security and efficiency, delegates complex cryptographic operations to the resource-equipped servers, and carefully manages the workload on the resource-constrained Smart meter nodes using unconventional lightweight primitives such as Physically Unclonable Functions. We prove the security of the protocol using well-established cryptographic assumptions. We implement the proposed scheme end-to-end in a Smart meter prototype using commercial-off-the-shelf products, a Utility server and a credential generator as the trusted third party. Additionally, we demonstrate a physics-based attack named load modification attack on the Smart meter to demonstrate that merely securing the communication channel using authentication does not secure the meter, but requires further protections to ensure the correctness of the reported consumption. Hence, we propose a countermeasure to such attack that goes side-by-side with our protocol implementation.ISSN:1545-5971ISSN:1941-001