Journal articles on the topic 'Hardware Security Primitives'
To see the other types of publications on this topic, follow the link: Hardware Security Primitives.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Hardware Security Primitives.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Labrado, Carson, and Himanshu Thapliyal. "Hardware Security Primitives for Vehicles." IEEE Consumer Electronics Magazine 8, no. 6 (November 1, 2019): 99–103. http://dx.doi.org/10.1109/mce.2019.2941392.
Full text
2
Huffmire, Ted, Timothy Levin, Thuy Nguyen, Cynthia Irvine, Brett Brotherton, Gang Wang, Timothy Sherwood, and Ryan Kastner. "Security Primitives for Reconfigurable Hardware-Based Systems." ACM Transactions on Reconfigurable Technology and Systems 3, no. 2 (May 2010): 1–35. http://dx.doi.org/10.1145/1754386.1754391.
Full text
3
Gordon, Holden, Jack Edmonds, Soroor Ghandali, Wei Yan, Nima Karimian, and Fatemeh Tehranipoor. "Flash-Based Security Primitives: Evolution, Challenges and Future Directions." Cryptography 5, no. 1 (February 4, 2021): 7. http://dx.doi.org/10.3390/cryptography5010007.
Full textAbstract:
Over the last two decades, hardware security has gained increasing attention in academia and industry. Flash memory has been given a spotlight in recent years, with the question of whether or not it can prove useful in a security role. Because of inherent process variation in the characteristics of flash memory modules, they can provide a unique fingerprint for a device and have thus been proposed as locations for hardware security primitives. These primitives include physical unclonable functions (PUFs), true random number generators (TRNGs), and integrated circuit (IC) counterfeit detection. In this paper, we evaluate the efficacy of flash memory-based security primitives and categorize them based on the process variations they exploit, as well as other features. We also compare and evaluate flash-based security primitives in order to identify drawbacks and essential design considerations. Finally, we describe new directions, challenges of research, and possible security vulnerabilities for flash-based security primitives that we believe would benefit from further exploration.
4
Zhang, Zhiming, and Qiaoyan Yu. "Towards Energy-Efficient and Secure Computing Systems." Journal of Low Power Electronics and Applications 8, no. 4 (November 27, 2018): 48. http://dx.doi.org/10.3390/jlpea8040048.
Full textAbstract:
Countermeasures against diverse security threats typically incur noticeable hardware cost and power overhead, which may become the obstacle for those countermeasures to be applicable in energy-efficient computing systems. This work presents a summary of energy-efficiency techniques that have been applied in security primitives or mechanisms to ensure computing systems’ resilience against various security threats on hardware. This work also uses examples to discuss practical methods for securing the hardware for computing systems to achieve energy efficiency.
5
Bi, Yu, Kaveh Shamsi, Jiann-Shiun Yuan, Pierre-Emmanuel Gaillardon, Giovanni De Micheli, Xunzhao Yin, X. Sharon Hu, Michael Niemier, and Yier Jin. "Emerging Technology-Based Design of Primitives for Hardware Security." ACM Journal on Emerging Technologies in Computing Systems 13, no. 1 (December 6, 2016): 1–19. http://dx.doi.org/10.1145/2816818.
Full text
6
Dubrova, Elena. "Energy-efficient cryptographic primitives." Facta universitatis - series: Electronics and Energetics 31, no. 2 (2018): 157–67. http://dx.doi.org/10.2298/fuee1802157d.
Full textAbstract:
Our society greatly depends on services and applications provided by mobile communication networks. As billions of people and devices become connected, it becomes increasingly important to guarantee security of interactions of all players. In this talk we address several aspects of this important, many-folded problem. First, we show how to design cryptographic primitives which can assure integrity and confidentiality of transmitted messages while satisfying resource constrains of low-end low-cost wireless devices such as sensors or RFID tags. Second, we describe countermeasures which can enhance the resistance of hardware implementing cryptographic algorithms to hardware Trojans.
7
Venkataraman, Anusha, Eberechukwu Amadi, and Chris Papadopoulos. "Molecular-Scale Hardware Encryption Using Tunable Self-Assembled Nanoelectronic Networks." Micro 2, no. 3 (June 21, 2022): 361–68. http://dx.doi.org/10.3390/micro2030024.
Full textAbstract:
Nanomaterials are promising alternatives for creating hardware security primitives that are considered more robust and less susceptible to physical attacks compared to standard CMOS-based approaches. Here, nanoscale electronic circuits composed of tunable ratios of molecules and colloidal nanoparticles formed via self-assembly on silicon wafers are investigated for information and hardware security by utilizing device-level physical variations induced during fabrication. Two-terminal electronic transport measurements show variations in current through different parts of the nanoscale network, which are used to define electronic physically unclonable functions. By comparing different current paths, arrays of binary bits are generated that can be used as encryption keys. Evaluation of the keys using Hamming inter-distance values indicates that performance is improved by varying the ratio of molecules to nanoparticles in the network, which demonstrates self-assembly as a potential path toward implementing molecular-scale hardware security primitives. These nanoelectronic networks thus combine facile fabrication with a large variety of possible network building blocks, enabling their utilization for hardware security with additional degrees of freedom that is difficult to achieve using conventional systems.
8
Tsantikidou, Kyriaki, and Nicolas Sklavos. "Hardware Limitations of Lightweight Cryptographic Designs for IoT in Healthcare." Cryptography 6, no. 3 (September 1, 2022): 45. http://dx.doi.org/10.3390/cryptography6030045.
Full textAbstract:
Security is an important aspect of healthcare applications that employ Internet of Things (IoT) technology. More specifically, providing privacy and ensuring the confidentiality, integrity and authenticity of IoT-based designs are crucial in the health domain because the collected data are sensitive, and the continuous availability of the system is critical for the user’s wellbeing. However, the IoT consists of resource-constrained devices that increase the difficulty of implementing high-level-security schemes. Therefore, in the current paper, renowned lightweight cryptographic primitives and their most recent architecture, to the best of the authors’ knowledge, are investigated. Their security, architecture characteristics and overall hardware limitations are analyzed and collected in tables. Finally, all the algorithms are compared based on their effectiveness in securing healthcare applications, the utilized device and the overall implementation efficiency.
9
Tomecek, Jozef. "Hardware optimizations of stream cipher rabbit." Tatra Mountains Mathematical Publications 50, no. 1 (December 1, 2011): 87–101. http://dx.doi.org/10.2478/v10127-011-0039-8.
Full textAbstract:
ABSTRACT Stream ciphers form part of cryptographic primitives focused on privacy. Synchronous, symmetric and software-oriented stream cipher Rabbit is member of final portfolio of European Union's eStream project. Although it was designed to perform well in software, employed operations seem to compute efficiently in hardware. 128-bit security, with no known security weaknesses is claimed by Rabbit's designers. Since hardware performance of Rabbit was only estimated in the proposal of algorithm, comparison of direct and optimized FPGA implementations of Rabbit stream cipher is presented, identifying algorithm bottlenecks, discussing optimization techniques applied to algorithm computations, along with key area/time trade-offs.
10
Preetisudha Meher, Lukram Dhanachandra Singh,. "Advancing Hardware Security: A Review and Novel Design of Configurable Arbiter PUF with DCM-Induced Metastability for Enhanced Resource Efficiency and Unpredictability." Tuijin Jishu/Journal of Propulsion Technology 45, no. 01 (February 16, 2024): 3804–16. http://dx.doi.org/10.52783/tjjpt.v45.i01.4934.
Full textAbstract:
As the Internet of Things (IoT) and Blockchain technologies continue to assert their dominance in the technical landscape, the demand to enhance security measures becomes foremost. In this context, Physical Unclonable Functions (PUFs) are widely used hardware security primitives that can be used to solve a wide range of security issues. To support hardware security solutions, this paper presents an extensive overview and analysis of the existing Physical Unclonable Functions (PUFs) used as True Random Number Generators (TRNGs). Recognizing the shortcomings of current PUF designs, we propose a configurable Arbiter PUF design employing Digital Clock Manager (DCM)-induced metastability as an entropy source, presenting a robust solution for evolving hardware security. To mitigate the adverse consequences of metastability, the proposed Arbiter PUF includes a Carry Chain primitive with four Flip-Flop clones. Acknowledging the constantly evolving IoT and Blockchain environment, the suggested configurable Arbiter PUF is made to satisfy the highest security standards. By exploiting the inherent variations in FPGA technology, we aim to reduce system resource and area consumption, aligning with the efficiency criteria of modern applications. The system's performance is additionally enhanced by an on-chip post-processing based on DSP. Simulation results demonstrate successful implementation on a Xilinx Basys-3 FPGA board, offering a scalable and efficient solution. The generated sequences of the proposed PUF undergo rigorous testing, including National Institute of Standards and Technology (NIST) statistical tests for uniqueness, reliability, and randomness. This holistic approach aims to improve the PUF's performance and security.
11
Chakraborty, Suvradip, Janaka Alawatugoda, and Chandrasekaran Pandu Rangan. "New approach to practical leakage-resilient public-key cryptography." Journal of Mathematical Cryptology 14, no. 1 (July 11, 2020): 172–201. http://dx.doi.org/10.1515/jmc-2019-0014.
Full textAbstract:
AbstractWe present a new approach to construct several leakage-resilient cryptographic primitives, including leakage-resilient public-key encryption (PKE) schemes, authenticated key exchange (AKE) protocols and low-latency key exchange (LLKE) protocols. To this end, we introduce a new primitive called leakage-resilient non-interactive key exchange (LR-NIKE) protocol. We introduce an appropriate security model for LR-NIKE protocols in the bounded memory leakage (BML) settings. We then show a secure construction of the LR-NIKE protocol in the BML setting that achieves an optimal leakage rate, i.e., 1 – o(1). Our construction of LR-NIKE requires a minimal use of a leak-free hardware component. We argue that the use of such a leak-free hardware component seems to be unavoidable in any construction of an LR-NIKE protocol, even in the BML setting. Finally, we show how to construct the aforementioned leakage-resilient primitives from such an LR-NIKE protocol as summarized below. All these primitives also achieve the same (optimal) leakage rate as the underlying LR-NIKE protocol. We show how to construct a leakage-resilient (LR) IND-CCA-2-secure PKE scheme in the BML model generically from a bounded LR-NIKE (BLR-NIKE) protocol. Our construction of LR-IND-CCA-2 secure PKE differs significantly from the state-of-the-art constructions of these primitives, which mainly use hash proof techniques to achieve leakage resilience. Moreover, our transformation preserves the leakage-rate of the underlying BLR-NIKE protocol. We introduce a new leakage model for AKE protocols, in the BML setting, and present a leakage-resilient AKE protocol construction from the LR-NIKE protocol. We introduce the first-ever leakage model for LLKE protocols in the BML setting and the first construction of such a leakage-resilient LLKE from the LR-NIKE protocol.
12
Amsaad, Fathi, Mohammed Niamat, Amer Dawoud, and Selcuk Kose. "Reliable Delay Based Algorithm to Boost PUF Security Against Modeling Attacks." Information 9, no. 9 (September 3, 2018): 224. http://dx.doi.org/10.3390/info9090224.
Full textAbstract:
Silicon Physical Unclonable Functions (sPUFs) are one of the security primitives and state-of-the-art topics in hardware-oriented security and trust research. This paper presents an efficient and dynamic ring oscillator PUFs (d-ROPUFs) technique to improve sPUFs security against modeling attacks. In addition to enhancing the Entropy of weak ROPUF design, experimental results show that the proposed d-ROPUF technique allows the generation of larger and updated challenge-response pairs (CRP space) compared with simple ROPUF. Additionally, an innovative hardware-oriented security algorithm, namely, the Optimal Time Delay Algorithm (OTDA), is proposed. It is demonstrated that the OTDA algorithm significantly improves PUF reliability under varying operating conditions. Further, it is shown that the OTDA further efficiently enhances the d-ROPUF capability to generate a considerably large set of reliable secret keys to protect the PUF structure from new cyber-attacks, including machine learning and modeling attacks.
13
El Hadj Youssef, Wajih, Ali Abdelli, Fethi Dridi, and Mohsen Machhout. "Hardware Implementation of Secure Lightweight Cryptographic Designs for IoT Applications." Security and Communication Networks 2020 (November 29, 2020): 1–13. http://dx.doi.org/10.1155/2020/8860598.
Full textAbstract:
The recent expansion of the Internet of Things is creating a new world of smart devices in which security implications are very significant. Besides the claimed security level, the IoT devices are usually featured with constrained resources, such as low computation capability, low memory, and limited battery. Lightweight cryptographic primitives are proposed in the context of IoT while considering the trade-off between security guarantee and good performance. In this paper, we present optimized hardware, lightweight cryptographic designs, of 32-bit datapath, LED 64/128, SIMON 64/128, and SIMECK 64/128 algorithms, for constrained devices. Our proposed designs are investigated on Spartan-3, Spartan-6, and Zynq-7000 FPGA platforms in terms of area, speed, efficiency, and power consumption. The proposed designs achieved a high throughput up to 891.99 Mbps, 838.95 Mbps, and 210.13 Mbps for SIMECK 64/128, SIMON 64/128, and LED 64/128 on Zynq-7000, respectively. A deep comparison between our three proposed designs is elaborated on different FPGA families for adequate FPGAs-based application deployment. Test results and security analysis show that not only can our proposed designs achieve good encryption results with high performance and a low reduced cost but also they are secure enough to resist statistical attacks.
14
Bathalapalli, Venkata K. V. V., Saraju P. Mohanty, Elias Kougianos, Vasanth Iyer, and Bibhudutta Rout. "PUFchain 3.0: Hardware-Assisted Distributed Ledger for Robust Authentication in Healthcare Cyber–Physical Systems." Sensors 24, no. 3 (January 31, 2024): 938. http://dx.doi.org/10.3390/s24030938.
Full textAbstract:
This article presents a novel hardware-assisted distributed ledger-based solution for simultaneous device and data security in smart healthcare. This article presents a novel architecture that integrates PUF, blockchain, and Tangle for Security-by-Design (SbD) of healthcare cyber–physical systems (H-CPSs). Healthcare systems around the world have undergone massive technological transformation and have seen growing adoption with the advancement of Internet-of-Medical Things (IoMT). The technological transformation of healthcare systems to telemedicine, e-health, connected health, and remote health is being made possible with the sophisticated integration of IoMT with machine learning, big data, artificial intelligence (AI), and other technologies. As healthcare systems are becoming more accessible and advanced, security and privacy have become pivotal for the smooth integration and functioning of various systems in H-CPSs. In this work, we present a novel approach that integrates PUF with IOTA Tangle and blockchain and works by storing the PUF keys of a patient’s Body Area Network (BAN) inside blockchain to access, store, and share globally. Each patient has a network of smart wearables and a gateway to obtain the physiological sensor data securely. To facilitate communication among various stakeholders in healthcare systems, IOTA Tangle’s Masked Authentication Messaging (MAM) communication protocol has been used, which securely enables patients to communicate, share, and store data on Tangle. The MAM channel works in the restricted mode in the proposed architecture, which can be accessed using the patient’s gateway PUF key. Furthermore, the successful verification of PUF enables patients to securely send and share physiological sensor data from various wearable and implantable medical devices embedded with PUF. Finally, healthcare system entities like physicians, hospital admin networks, and remote monitoring systems can securely establish communication with patients using MAM and retrieve the patient’s BAN PUF keys from the blockchain securely. Our experimental analysis shows that the proposed approach successfully integrates three security primitives, PUF, blockchain, and Tangle, providing decentralized access control and security in H-CPS with minimal energy requirements, data storage, and response time.
15
Lara-Nino, Carlos Andres, Arturo Diaz-Perez, and Miguel Morales-Sandoval. "Energy and Area Costs of Lightweight Cryptographic Algorithms for Authenticated Encryption in WSN." Security and Communication Networks 2018 (September 4, 2018): 1–14. http://dx.doi.org/10.1155/2018/5087065.
Full textAbstract:
Wireless Sensor Networks (WSN) aim at linking the cyber and physical worlds. Their security has taken relevance due to the sensitive data these networks might process under unprotected physical and cybernetic environments. The operational constraints in the sensor nodes demand security primitives with small implementation size and low power consumption. Authenticated encryption is a mechanism to provide these systems with confidentiality, integrity, and authentication of sensitive data. In this paper we explore hardware implementation alternatives of authenticated encryption through generic compositions, to assess the costs of this security approach in WSN. Two symmetric ciphers, AES and PRESENT, and two hash functions, SHA and SPONGENT, are used as the underlying primitives for the generic compositions. All the architectures studied in this work are implemented and evaluated in an FPGA-based WSN mote. The life time of the sensor node is used as the main evaluation metric but FPGA resources are also reported. From the experimental results obtained, it is shown how lightweight ciphers significantly contribute to reduce implementation area and energy consumption overheads, extending the lifetime of the sensor node.
16
Russinovich, Mark. "Confidential Computing: Elevating Cloud Security and Privacy." Queue 21, no. 4 (August 31, 2023): 44–48. http://dx.doi.org/10.1145/3623461.
Full textAbstract:
Confidential Computing (CC) fundamentally improves our security posture by drastically reducing the attack surface of systems. While traditional systems encrypt data at rest and in transit, CC extends this protection to data in use. It provides a novel, clearly defined security boundary, isolating sensitive data within trusted execution environments during computation. This means services can be designed that segment data based on least-privilege access principles, while all other code in the system sees only encrypted data. Crucially, the isolation is rooted in novel hardware primitives, effectively rendering even the cloud-hosting infrastructure and its administrators incapable of accessing the data. This approach creates more resilient systems capable of withstanding increasingly sophisticated cyber threats, thereby reinforcing data protection and sovereignty in an unprecedented manner.
17
Chung, Kai-Min, Marios Georgiou, Ching-Yi Lai, and Vassilis Zikas. "Cryptography with Disposable Backdoors." Cryptography 3, no. 3 (August 20, 2019): 22. http://dx.doi.org/10.3390/cryptography3030022.
Full textAbstract:
Backdooring cryptographic algorithms is an indisputable taboo in the cryptographic literature for a good reason: however noble the intentions, backdoors might fall in the wrong hands, in which case security is completely compromised. Nonetheless, more and more legislative pressure is being produced to enforce the use of such backdoors. In this work we introduce the concept of disposable cryptographic backdoors which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens. Concretely, we construct a disposable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories. This is to our knowledge the first provably secure construction of such primitives from stateless tokens. As an application of disposable cryptographic backdoors we use our constructed primitive above to propose a middle-ground solution to the recent legislative push to backdoor cryptography: the conflict between Apple and FBI. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and not even Apple can use it to unlock more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a disposable (i.e., single-use, as in the above scenario) backdoor.
18
Al-Aqrabi, Hussain, Anju P. Johnson, Richard Hill, Phil Lane, and Tariq Alsboui. "Hardware-Intrinsic Multi-Layer Security: A New Frontier for 5G Enabled IIoT." Sensors 20, no. 7 (March 31, 2020): 1963. http://dx.doi.org/10.3390/s20071963.
Full textAbstract:
The introduction of 5G communication capabilities presents additional challenges for the development of products and services that can fully exploit the opportunities offered by high bandwidth, low latency networking. This is particularly relevant to an emerging interest in the Industrial Internet of Things (IIoT), which is a foundation stone of recent technological revolutions such as Digital Manufacturing. A crucial aspect of this is to securely authenticate complex transactions between IIoT devices, whilst marshalling adversarial requests for system authorisation, without the need for a centralised authentication mechanism which cannot scale to the size needed. In this article we combine Physically Unclonable Function (PUF) hardware (using Field Programmable Gate Arrays—FPGAs), together with a multi-layer approach to cloud computing from the National Institute of Standards and Technology (NIST). Through this, we demonstrate an approach to facilitate the development of improved multi-layer authentication mechanisms. We extend prior work to utilise hardware security primitives for adversarial trojan detection, which is inspired by a biological approach to parameter analysis. This approach is an effective demonstration of attack prevention, both from internal and external adversaries. The security is further hardened through observation of the device parameters of connected IIoT equipment. We demonstrate that the proposed architecture can service a significantly high load of device authentication requests using a multi-layer architecture in an arbitrarily acceptable time of less than 1 second.
19
Nili, Hussein, Gina C. Adam, Brian Hoskins, Mirko Prezioso, Jeeson Kim, M. Reza Mahmoodi, Farnood Merrikh Bayat, Omid Kavehei, and Dmitri B. Strukov. "Hardware-intrinsic security primitives enabled by analogue state and nonlinear conductance variations in integrated memristors." Nature Electronics 1, no. 3 (March 2018): 197–202. http://dx.doi.org/10.1038/s41928-018-0039-7.
Full text
20
Gómez-Marín, Ernesto, Valerio Senni, Luis Parrilla, Jose L. Tejero López, Encarnación Castillo, and Davide Martintoni. "An Innovative Strategy Based on Secure Element for Cyber–Physical Authentication in Safety-Critical Manufacturing Supply Chain." Applied Sciences 13, no. 18 (September 19, 2023): 10477. http://dx.doi.org/10.3390/app131810477.
Full textAbstract:
The accurate tracking of every production step and related outcome in a supply chain is a stringent requirement in safety-critical sectors such as civil aviation. In such a framework, trusted traceability and accountability can be reliably and securely managed by means of blockchain-based solutions. Unfortunately, blockchain cannot guarantee the provenance and accuracy of the stored information. To overcome such a limitation, this paper proposes a secure solution to strongly rely on the tracking information of the physical assets in the supply chain. The proposed solution exploits Hardware Security Modules (HSMs) to provide required cryptographic primitives through a Near-Field Communication (NFC) connection. In our approach, each transfer of the assets is authenticated, verified, and recorded in the blockchain through the HSM. Transaction entries are signed, thus providing a guarantee of ownership and authenticity. The proposed infrastructure has been subject of an exhaustive security analysis and proved resilient against counterfeiting attempts, stakeholder repudiations, and misleading information.
21
Boovaraghavan, Sudershan, Chen Chen, Anurag Maravi, Mike Czapik, Yang Zhang, Chris Harrison, and Yuvraj Agarwal. "Mites." Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 7, no. 1 (March 27, 2022): 1–32. http://dx.doi.org/10.1145/3580865.
Full textAbstract:
There is increasing interest in deploying building-scale, general-purpose, and high-fidelity sensing to drive emerging smart building applications. However, the real-world deployment of such systems is challenging due to the lack of system and architectural support. Most existing sensing systems are purpose-built, consisting of hardware that senses a limited set of environmental facets, typically at low fidelity and for short-term deployment. Furthermore, prior systems with high-fidelity sensing and machine learning fail to scale effectively and have fewer primitives, if any, for privacy and security. For these reasons, IoT deployments in buildings are generally short-lived or done as a proof of concept. We present the design of Mites, a scalable end-to-end hardware-software system for supporting and managing distributed general-purpose sensors in buildings. Our design includes robust primitives for privacy and security, essential features for scalable data management, as well as machine learning to support diverse applications in buildings. We deployed our Mites system and 314 Mites devices in Tata Consultancy Services (TCS) Hall at Carnegie Mellon University (CMU), a fully occupied, five-story university building. We present a set of comprehensive evaluations of our system using a series of microbenchmarks and end-to-end evaluations to show how we achieved our stated design goals. We include five proof-of-concept applications to demonstrate the extensibility of the Mites system to support compelling IoT applications. Finally, we discuss the real-world challenges we faced and the lessons we learned over the five-year journey of our stack's iterative design, development, and deployment.
22
Zhu, Lianghong, Huaikun Xiang, and Kai Zhang. "A Light and Anonymous Three-Factor Authentication Protocol for Wireless Sensor Networks." Symmetry 14, no. 1 (December 30, 2021): 46. http://dx.doi.org/10.3390/sym14010046.
Full textAbstract:
Recently, wireless sensor networks (WSNs) have been widely used in a variety of fields, and make people’s lives more convenient and efficient. However, WSNs are usually deployed in a harsh and insecure environment. Furthermore, sensors with limited hardware resources have a low capacity for data processing and communication. For these reasons, research on efficient and secure real-time authentication and key agreement protocols based on the characteristics of WSNs has gradually attracted the attention of academics. Although many schemes have been proposed, most of them cannot achieve all known security features with satisfactory performance, among which anonymity, N-Factor security, and forward secrecy are the most vulnerable. In order to solve these shortcomings, we propose a new lightweight and anonymous three-factor authentication scheme based on symmetric cryptographic primitives for WSNs. By using the automated security verification tool ProVerif, BAN-logic verification, and an informal security analysis, we prove that our proposed scheme is secure and realizes all known security features in WSNs. Moreover, we show that our proposed scheme is practical and efficient through the comparison of security features and performance.
23
Korona, Mateusz, Radosław Giermakowski, Mateusz Biernacki, and Mariusz Rawski. "Lightweight Strong PUF for Resource-Constrained Devices." Electronics 13, no. 2 (January 14, 2024): 351. http://dx.doi.org/10.3390/electronics13020351.
Full textAbstract:
Physical Unclonable Functions are security primitives that exploit the variation in integrated circuits’ manufacturing process, and, as a result, each instance processes applied stimuli differently. This feature can be used to provide a unique fingerprint of the electronic device, or as an interesting alternative to classic key storage methods. Due to their nature, they are often considered an element of the Internet of Things nodes. However, their application heavily depends on resource consumption. Lightweight architectures are proposed in the literature but are technology-dependent or still introduce significant hardware overhead. This paper presents a lightweight, Strong PUF based on ring oscillator architecture, which offers small hardware overhead and sufficient security levels for resource-constrained Internet of Things devices. The PUF design utilizes a Linear Feedback Shift Register-based scramble module to generate many challenge–response pairs from a small number of ring oscillators and a control module to manage the response generation process. The proposed PUF can be used as a Weak PUF for key generation or a Strong PUF for device authentication.
24
Asif, Rameez, Kinan Ghanem, and James Irvine. "Proof-of-PUF Enabled Blockchain: Concurrent Data and Device Security for Internet-of-Energy." Sensors 21, no. 1 (December 23, 2020): 28. http://dx.doi.org/10.3390/s21010028.
Full textAbstract:
A detailed review on the technological aspects of Blockchain and Physical Unclonable Functions (PUFs) is presented in this article. It stipulates an emerging concept of Blockchain that integrates hardware security primitives via PUFs to solve bandwidth, integration, scalability, latency, and energy requirements for the Internet-of-Energy (IoE) systems. This hybrid approach, hereinafter termed as PUFChain, provides device and data provenance which records data origins, history of data generation and processing, and clone-proof device identification and authentication, thus possible to track the sources and reasons of any cyber attack. In addition to this, we review the key areas of design, development, and implementation, which will give us the insight on seamless integration with legacy IoE systems, reliability, cyber resilience, and future research challenges.
25
Chen, Xue Dong, and Bao Peng. "A Security Localization Method in Wireless Sensor Networks." Advanced Materials Research 186 (January 2011): 193–97. http://dx.doi.org/10.4028/www.scientific.net/amr.186.193.
Full textAbstract:
In this paper, we address wireless sensor network localization problems that have high reliability in an environment where physical node destruction is possible. We propose a range-independent location algorithm called security location based on genetic algorithm (GASL) that allows sensors to passively determine their location with high reliability, without increasing the number of reference points, or the complexity of the hardware of each reference point or node. In GASL, sensors determine their location based on the optimization of select function by the reliability by aim at some reference point process location compute confirm and remainder energy and distance of node to reference point. By combining the communication range constraints imposed by the physical medium with computationally efficient cryptographic primitives that secure the beacon transmissions. We show that GASL is robust against diversified known attacks and mostly unknown attacks on WSN, such as the wormhole attack, the sybil attack, and inject misdate attack, etc. Finally, our performance evaluation shows that GASL leads to significant improvement in location accuracy and security compared with state of the art range independent location schemes.
26
Bernard, Florent, Viktor Fischer, and Boyan Valtchanov. "Mathematical model of physical RNGs based on coherent sampling." Tatra Mountains Mathematical Publications 45, no. 1 (December 1, 2010): 1–14. http://dx.doi.org/10.2478/v10127-010-0001-1.
Full textAbstract:
ABSTRACT Random number generators represent one of basic cryptographic primitives used in creating cryptographic protocols. Their security evaluation represents very important part in the design, implementation and employment phase of the generator. One of important security requirements is the existence of a mathematical model describing the physical noise source and the statistical properties of the digitized noise derived from it. The aim of this paper is to propose the model of a class of generators using two jittery clocks with rationally related frequencies. The clock signals with related frequencies can be obtained using phase-locked loops, delay-locked loops or ring oscillators with adjusted oscillation periods. The proposed mathematical model is used to provide entropy per bit estimators and expected bias on the generated sequence. The model is validated by hardware experiments.
27
Hardin, David. "Hardware/Software Co-Assurance for the Rust Programming Language Applied to Zero Trust Architecture Development." ACM SIGAda Ada Letters 42, no. 2 (April 5, 2023): 55–61. http://dx.doi.org/10.1145/3591335.3591340.
Full textAbstract:
Zero Trust Architecture requirements are of increasing importance in critical systems development. Zero trust tenets hold that no implicit trust be granted to assets based on their physical or network location. Zero Trust development focuses on authentication, authorization, and shrinking implicit trust zones to the most granular level possible, while maintaining availability and minimizing authentication latency. Performant, high-assurance cryptographic primitives are thus central to successfully realizing a Zero Trust Architecture. The Rust programming language has garnered significant interest and use as a modern, type-safe, memory-safe, and potentially formally analyzable programming language. Our interest in Rust particularly stems from its potential as a hardware/software co-assurance language for developing Zero Trust Architectures. We describe a novel environment enabling Rust to be used as a High-Level Synthesis (HLS) language, suitable for secure and performant Zero Trust application development. Many incumbent HLS languages are a subset of C, and inherit many of the well-known security shortcomings of that language. A Rust-based HLS brings a single modern, type-safe, memory-safe, high-assurance development language for both hardware and software. To study the benefits of this approach, we crafted a Rust HLS subset, and developed a frontend to the hardware/software co-assurance toolchain due to Russinoff and colleagues at Arm, used primarily for floating-point hardware formal verification. This allows us to leverage a number of existing hardware/software co-assurance tools with a minimum investment of time and effort. In this paper, we describe our Rust subset, detail our prototype toolchain, and describe the implementation, performance analysis, formal verification and validation of representative Zero Trust algorithms and data structures written in Rust, emphasizing cryptographic primitives and common data structures.
28
Noseda, Mario, Lea Zimmerli, Tobias Schläpfer, and Andreas Rüst. "Performance Analysis of Secure Elements for IoT." IoT 3, no. 1 (December 21, 2021): 1–28. http://dx.doi.org/10.3390/iot3010001.
Full textAbstract:
New protocol stacks provide wireless IPv6 connectivity down to low power embedded IoT devices. From a security point of view, this leads to high exposure of such IoT devices. Consequently, even though they are highly resource-constrained, these IoT devices need to fulfil similar security requirements as conventional computers. The challenge is to leverage well-known cybersecurity techniques for such devices without dramatically increasing power consumption (and therefore reducing battery lifetime) or the cost regarding memory sizes and required processor performance. Various semiconductor vendors have introduced dedicated hardware devices, so-called secure elements that address these cryptographic challenges. Secure elements provide tamper-resistant memory and hardware-accelerated cryptographic computation support. Moreover, they can be used for mutual authentication with peers, ensuring data integrity and confidentiality, and various other security-related use cases. Nevertheless, publicly available performance figures on energy consumption and execution times are scarce. This paper introduces the concept of secure elements and provides a measurement setup for selected individual cryptographic primitives and a Datagram Transport Layer Security (DTLS) handshake over secure Constrained Application Protocol (CoAPs) in a realistic use case. Consequently, the paper presents quantitative results for the performance of five secure elements. Based on these results, we discuss the characteristics of the individual secure elements and supply developers with the information needed to select a suitable secure element for a specific application.
29
Scholz, Alexander, Lukas Zimmermann, Axel Sikora, Mehdi B. Tahoori, and Jasmin Aghassi-Hagmann. "Embedded Analog Physical Unclonable Function System to Extract Reliable and Unique Security Keys." Applied Sciences 10, no. 3 (January 21, 2020): 759. http://dx.doi.org/10.3390/app10030759.
Full textAbstract:
Internet of Things (IoT) enabled devices have become more and more pervasive in our everyday lives. Examples include wearables transmitting and processing personal data and smart labels interacting with customers. Due to the sensitive data involved, these devices need to be protected against attackers. In this context, hardware-based security primitives such as Physical Unclonable Functions (PUFs) provide a powerful solution to secure interconnected devices. The main benefit of PUFs, in combination with traditional cryptographic methods, is that security keys are derived from the random intrinsic variations of the underlying core circuit. In this work, we present a holistic analog-based PUF evaluation platform, enabling direct access to a scalable design that can be customized to fit the application requirements in terms of the number of required keys and bit width. The proposed platform covers the full software and hardware implementations and allows for tracing the PUF response generation from the digital level back to the internal analog voltages that are directly involved in the response generation procedure. Our analysis is based on 30 fabricated PUF cores that we evaluated in terms of PUF security metrics and bit errors for various temperatures and biases. With an average reliability of 99.20% and a uniqueness of 48.84%, the proposed system shows values close to ideal.
30
Upadhyaya, Devanshi, Maël Gay, and Ilia Polian. "Locking-Enabled Security Analysis of Cryptographic Circuits." Cryptography 8, no. 1 (January 5, 2024): 2. http://dx.doi.org/10.3390/cryptography8010002.
Full textAbstract:
Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this article, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce LEDFA (locking-enabled differential fault analysis) and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits. In several cases, logic locking has made circuit implementations prone to classical algebraic attacks with no fault injection needed altogether. We refer to this “zero-fault” version of LEDFA by the term LEDA, investigate its success factors in-depth and propose a countermeasure to protect the logic-locked implementations against LEDA. We also perform test vector leakage assessment (TVLA) of incorrectly unlocked AES implementations to show the effects of logic locking regarding side-channel leakage. Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.
31
Serrano, Ronaldo, Ckristian Duran, Marco Sarmiento, Cong-Kha Pham, and Trong-Thuc Hoang. "ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3." Cryptography 6, no. 2 (June 17, 2022): 30. http://dx.doi.org/10.3390/cryptography6020030.
Full textAbstract:
Transport Layer Security (TLS) provides a secure channel for end-to-end communications in computer networks. The ChaCha20–Poly1305 cipher suite is introduced in TLS 1.3, mitigating the sidechannel attacks in the cipher suites based on the Advanced Encryption Standard (AES). However, the few implementations cannot provide sufficient speed compared to other encryption standards with Authenticated Encryption with Associated Data (AEAD). This paper shows ChaCha20 and Poly1305 primitives. In addition, a compatible ChaCha20–Poly1305 AEAD with TLS 1.3 is implemented with a fault detector to reduce the problems in fragmented blocks. The AEAD implementation reaches 1.4-cycles-per-byte in a standalone core. Additionally, the system implementation presents 11.56-cycles-per-byte in an RISC-V environment using a TileLink bus. The implementation in Xilinx Virtex-7 XC7VX485T Field-Programmable Gate-Array (FPGA) denotes 10,808 Look-Up Tables (LUT) and 3731 Flip-Flops (FFs), represented in 23% and 48% of ChaCha20 and Poly1305, respectively. Finally, the hardware implementation of ChaCha20–Poly1305 AEAD demonstrates the viability of using a different option from the conventional cipher suite based on AES for TLS 1.3.
32
Madushan, Hasindu, Iftekhar Salam, and Janaka Alawatugoda. "A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses." Electronics 11, no. 24 (December 15, 2022): 4199. http://dx.doi.org/10.3390/electronics11244199.
Full textAbstract:
The security of resource-constrained devices is critical in the IoT field, given that everything is interconnected. Therefore, the National Institute of Standards and Technology (NIST) initialized the lightweight cryptography (LWC) project to standardize the lightweight cryptography algorithms for resource-constrained devices. After two rounds, the NIST announced the finalists in 2021. The finalist algorithms are Ascon, Elephant, GIFT-COFB, Grain-128AEAD, ISAP, PHOTON-Beetle, Romulus, SPARKLE, TinyJambu, and Xoodyak. The final round of the competition is still in progress, and the NIST will select the winner based on their and third-party evaluations. In this paper, we review the 10 finalists mentioned above, discuss their constructions, and classify them according to the underlying primitives. In particular, we analyze these ciphers from different perspectives, such as cipher specifications and structures, design primitives, security parameters, advantages and disadvantages, and existing cryptanalyses. We also review existing analyses of these finalists with a specific focus on the review of fault attacks. We hope the study compiled in this paper will benefit the cryptographic community by providing an easy-to-grasp overview of the NIST LWC finalists.
33
Maolood, Abeer Tariq, Alaa Kadhim Farhan, Wageda I. El-Sobky, Hany Nasry Zaky, Hossam L. Zayed, Hossam E. Ahmed, and Tamer O. Diab. "Fast Novel Efficient S-Boxes with Expanded DNA Codes." Security and Communication Networks 2023 (April 18, 2023): 1–19. http://dx.doi.org/10.1155/2023/5767102.
Full textAbstract:
IoT is one of the most popular technologies in recent years due to the interconnection of various infrastructures, physical devices, and software. To guarantee the security of Internet of Things (IoT) pervasiveness, lightweight cryptographic solutions are needed and this requires lightweight cryptographic primitives. The choice of S-box in light block ciphers plays an important role in characterizing the security-performance trade-off. The choice of the 4 × 4 S-box for the lightweight constructions results in compact hardware, speeding up the computational capability of the security algorithm unlike the 8 × 8 S-box. This work presents efficient algebraic S-boxes for a fast image cryptosystem based on a strong nonlinear function which is expanded by a biological technique depending on DNA. The robustness of the proposed S-boxes is analysed and tested against various standard attack criteria such as interpolation attacks, avalanche effect, and nonlinearity. The great advantage of introducing S-boxes is that its DSAC is the ideal value which is equal to zero. Also, other tests executed on these S-boxes guaranteed its robustness and excellent security performance. Moreover, the experiments are applied with full description in two different modes; RGB and gray images. The results of all tests proved to have fast and strong effective S-boxes.
34
Martin, Honorio, Pedro Martin-Holgado, Yolanda Morilla, Luis Entrena, and Enrique San-Millan. "Total Ionizing Dose Effects on a Delay-Based Physical Unclonable Function Implemented in FPGAs." Electronics 7, no. 9 (August 24, 2018): 163. http://dx.doi.org/10.3390/electronics7090163.
Full textAbstract:
Physical Unclonable Functions (PUFs) are hardware security primitives that are increasingly being used for authentication and key generation in ICs and FPGAs. For space systems, they are a promising approach to meet the needs for secure communications at low cost. To this purpose, it is essential to determine if they are reliable in the space radiation environment. In this work we evaluate the Total Ionizing Dose effects on a delay-based PUF implemented in SRAM-FPGA, namely a Ring Oscillator PUF. Several major quality metrics have been used to analyze the evolution of the PUF response with the total ionizing dose. Experimental results demonstrate that total ionizing dose has a perceptible effect on the quality of the PUF response, but it could still be used for space applications by making some appropriate corrections.
35
Chattopadhyay, Saranyu, Pranesh Santikellur, Rajat Subhra Chakraborty, Jimson Mathew, and Marco Ottavi. "A Conditionally Chaotic Physically Unclonable Function Design Framework with High Reliability." ACM Transactions on Design Automation of Electronic Systems 26, no. 6 (November 30, 2021): 1–24. http://dx.doi.org/10.1145/3460004.
Full textAbstract:
Physically Unclonable Function (PUF) circuits are promising low-overhead hardware security primitives, but are often gravely susceptible to machine learning–based modeling attacks. Recently, chaotic PUF circuits have been proposed that show greater robustness to modeling attacks. However, they often suffer from unacceptable overhead, and their analog components are susceptible to low reliability. In this article, we propose the concept of a conditionally chaotic PUF that enhances the reliability of the analog components of a chaotic PUF circuit to a level at par with their digital counterparts. A conditionally chaotic PUF has two modes of operation: bistable and chaotic , and switching between these two modes is conveniently achieved by setting a mode-control bit (at a secret position) in an applied input challenge. We exemplify our PUF design framework for two different PUF variants—the CMOS Arbiter PUF and a previously proposed hybrid CMOS-memristor PUF, combined with a hardware realization of the Lorenz system as the chaotic component. Through detailed circuit simulation and modeling attack experiments, we demonstrate that the proposed PUF circuits are highly robust to modeling and cryptanalytic attacks, without degrading the reliability of the original PUF that was combined with the chaotic circuit, and incurs acceptable hardware footprint.
36
Alkanhal, Mona, Abdulaziz Alali, and Mohamed Younis. "A Distributed Lightweight PUF-Based Mutual Authentication Protocol for IoV." IoT 5, no. 1 (December 30, 2023): 1–19. http://dx.doi.org/10.3390/iot5010001.
Full textAbstract:
In recent times, the advent of innovative technological paradigms like the Internet of Things has paved the way for numerous applications that enhance the quality of human life. A remarkable application of IoT that has emerged is the Internet of Vehicles (IoV), motivated by an unparalleled surge of connected vehicles on the roads. IoV has become an area of significant interest due to its potential in enhancing traffic safety as well as providing accurate routing information. The primary objective of IoV is to maintain strict latency standards while ensuring confidentiality and security. Given the high mobility and limited bandwidth, vehicles need to have rapid and frequent authentication. Securing Vehicle-to-Roadside unit (V2R) and Vehicle-to-Vehicle (V2V) communications in IoV is essential for preventing critical information leakage to an adversary or unauthenticated users. To address these challenges, this paper proposes a novel mutual authentication protocol which incorporates hardware-based security primitives, namely physically unclonable functions (PUFs) with Multi-Input Multi-Output (MIMO) physical layer communications. The protocol allows a V2V and V2R to mutually authenticate each other without the involvement of a trusted third-party (server). The protocol design effectively mitigates modeling attacks and impersonation attempts, where the accuracy of predicting the value of each PUF response bit does not exceed 54%, which is equivalent to a random guess.
37
Zhou, Zhen, Debiao He, Zhe Liu, Min Luo, and Kim-Kwang Raymond Choo. "A Software/Hardware Co-Design of Crystals-Dilithium Signature Scheme." ACM Transactions on Reconfigurable Technology and Systems 14, no. 2 (June 5, 2021): 1–21. http://dx.doi.org/10.1145/3447812.
Full textAbstract:
As quantum computers become more affordable and commonplace, existing security systems that are based on classical cryptographic primitives, such as RSA and Elliptic Curve Cryptography ( ECC ), will no longer be secure. Hence, there has been interest in designing post-quantum cryptographic ( PQC ) schemes, such as those based on lattice-based cryptography ( LBC ). The potential of LBC schemes is evidenced by the number of such schemes passing the selection of NIST PQC Standardization Process Round-3. One such scheme is the Crystals-Dilithium signature scheme, which is based on the hard module-lattice problem. However, there is no efficient implementation of the Crystals-Dilithium signature scheme. Hence, in this article, we present a compact hardware architecture containing elaborate modular multiplication units using the Karatsuba algorithm along with smart generators of address sequence and twiddle factors for NTT, which can complete polynomial addition/multiplication with the parameter setting of Dilithium in a short clock period. Also, we propose a fast software/hardware co-design implementation on Field Programmable Gate Array ( FPGA ) for the Dilithium scheme with a tradeoff between speed and resource utilization. Our co-design implementation outperforms a pure C implementation on a Nios-II processor of the platform Altera DE2-115, in the sense that our implementation is 11.2 and 7.4 times faster for signature and verification, respectively. In addition, we also achieve approximately 51% and 31% speed improvement for signature and verification, in comparison to the pure C implementation on processor ARM Cortex-A9 of ZYNQ-7020 platform.
38
Ibrahim, Atef, and Fayez Gebali. "Energy-Efficient Word-Serial Processor for Field Multiplication and Squaring Suitable for Lightweight Authentication Schemes in RFID-Based IoT Applications." Applied Sciences 11, no. 15 (July 28, 2021): 6938. http://dx.doi.org/10.3390/app11156938.
Full textAbstract:
Radio-Frequency Identification (RFID) technology is a crucial technology used in many IoT applications such as healthcare, asset tracking, logistics, supply chain management, assembly, manufacturing, and payment systems. Nonetheless, RFID-based IoT applications have many security and privacy issues restricting their use on a large scale. Many authors have proposed lightweight RFID authentication schemes based on Elliptic Curve Cryptography (ECC) with a low-cost implementation to solve these issues. Finite-field multiplication are at the heart of these schemes, and their implementation significantly affects the system’s overall performance. This article presents a formal methodology for developing a word-based serial-in/serial-out semisystolic processor that shares hardware resources for multiplication and squaring operations in GF(2n). The processor concurrently executes both operations and hence reduces the execution time. Furthermore, sharing the hardware resources provides savings in the area and consumed energy. The acquired implementation results for the field size n=409 indicate that the proposed structure achieves a significant reduction in the area–time product and consumed energy over the previously published designs by at least 32.3% and 70%, respectively. The achieved results make the proposed design more suitable to realize cryptographic primitives in resource-constrained RFID devices.
39
Rojas-Muñoz, Luis F., Santiago Sánchez-Solano, Macarena C. Martínez-Rodríguez, and Piedad Brox. "On-Line Evaluation and Monitoring of Security Features of an RO-Based PUF/TRNG for IoT Devices." Sensors 23, no. 8 (April 18, 2023): 4070. http://dx.doi.org/10.3390/s23084070.
Full textAbstract:
The proliferation of devices for the Internet of Things (IoT) and their implication in many activities of our lives have led to a considerable increase in concern about the security of these devices, posing a double challenge for designers and developers of products. On the one hand, the design of new security primitives, suitable for resource-limited devices, can facilitate the inclusion of mechanisms and protocols to ensure the integrity and privacy of the data exchanged over the Internet. On the other hand, the development of techniques and tools to evaluate the quality of the proposed solutions as a step prior to their deployment, as well as to monitor their behavior once in operation against possible changes in operating conditions arising naturally or as a consequence of a stress situation forced by an attacker. To address these challenges, this paper first describes the design of a security primitive that plays an important role as a component of a hardware-based root of trust, as it can act as a source of entropy for True Random Number Generation (TRNG) or as a Physical Unclonable Function (PUF) to facilitate the generation of identifiers linked to the device on which it is implemented. The work also illustrates different software components that allow carrying out a self-assessment strategy to characterize and validate the performance of this primitive in its dual functionality, as well as to monitor possible changes in security levels that may occur during operation as a result of device aging and variations in power supply or operating temperature. The designed PUF/TRNG is provided as a configurable IP module, which takes advantage of the internal architecture of the Xilinx Series-7 and Zynq-7000 programmable devices and incorporates an AXI4-based standard interface to facilitate its interaction with soft- and hard-core processing systems. Several test systems that contain different instances of the IP have been implemented and subjected to an exhaustive set of on-line tests to obtain the metrics that determine its quality in terms of uniqueness, reliability, and entropy characteristics. The results obtained prove that the proposed module is a suitable candidate for various security applications. As an example, an implementation that uses less than 5% of the resources of a low-cost programmable device is capable of obfuscating and recovering 512-bit cryptographic keys with virtually zero error rate.
40
Kumar, Devender, Sai Kishore Pachigolla, Shubham Singh Manhas, and Karan Rawat. "PUF-based user access control scheme for IoT environment." Journal of Information and Optimization Sciences 44, no. 7 (2023): 1347–64. http://dx.doi.org/10.47974/jios-1321.
Full textAbstract:
A very important part of any software or hardware associated with the Internet of Things (IoT) is the User Access Control. User Access Control deals with the important security features like authenticating a legitimate user, authorizing a user, etc. A very effective and secure way to ensure the user access control is: three factor user access control. Some three factor user authentication schemes have been developed in the past, brief details regarding them can be found in further sections of the paper. In this paper, we propose a new three factor user access control scheme. Our proposed scheme is based on Mandal et. al.’s user access control scheme published recently. Our scheme involves the use of lightweight cryptographic primitives like Physically Unclonable Function (PUF), one way cryptographic hash function and bitwise exclusive OR (XOR) operations. PUFs make the scheme very lightweight and efficient as compared to other schemes of similar nature. The three factors used in our scheme are: registered device of the user, personal biometrics of the user and password of the user. We present the informal security analysis to show that our scheme is safe from several known attacks.
41
Ellinidou, Soultana, Gaurav Sharma, Théo Rigas, Tristan Vanspouwen, Olivier Markowitch, and Jean-Michel Dricot. "SSPSoC: A Secure SDN-Based Protocol over MPSoC." Security and Communication Networks 2019 (March 18, 2019): 1–11. http://dx.doi.org/10.1155/2019/4869167.
Full textAbstract:
In recent years, Multi-Processor System-on-Chips (MPSoCs) are widely deployed in safety-critical embedded systems. The Cloud-of-Chips (CoC) is a scalable MPSoC architecture comprised of a large number of interconnected Integrated Circuits (IC) and Processing Clusters (PC) destined for critical systems. While many researches have focused on addressing the hardware issues of MPSoCs, the communication over them has not been very well explored. Following the SDN concept, we propose a new protocol in order to secure the communication and efficiently manage the routing within the CoC. The SSPSoC includes a private key derivation phase, a group key agreement (GKA) phase, and a data exchange phase in order to ensure that basic security primitives are preserved and provide secure communication. Furthermore, a network of 1-30 nodes is set in order to validate the proposed protocol and measure the network performance and memory consumption of the proposed protocol.
42
Frank, Florian, Simon Böttger, Nico Mexis, Nikolaos Athanasios Anagnostopoulos, Ali Mohamed, Martin Hartmann, Harald Kuhn, et al. "CNT-PUFs: Highly Robust and Heat-Tolerant Carbon-Nanotube-Based Physical Unclonable Functions." Nanomaterials 13, no. 22 (November 11, 2023): 2930. http://dx.doi.org/10.3390/nano13222930.
Full textAbstract:
In this work, we explored a highly robust and unique Physical Unclonable Function (PUF) based on the stochastic assembly of single-walled Carbon NanoTubes (CNTs) integrated within a wafer-level technology. Our work demonstrated that the proposed CNT-based PUFs are exceptionally robust with an average fractional intra-device Hamming distance well below 0.01 both at room temperature and under varying temperatures in the range from 23 ∘C to 120 ∘C. We attributed the excellent heat tolerance to comparatively low activation energies of less than 40 meV extracted from an Arrhenius plot. As the number of unstable bits in the examined implementation is extremely low, our devices allow for a lightweight and simple error correction, just by selecting stable cells, thereby diminishing the need for complex error correction. Through a significant number of tests, we demonstrated the capability of novel nanomaterial devices to serve as highly efficient hardware security primitives.
43
Sánchez-Solano, Santiago, Eros Camacho-Ruiz, Macarena C. Martínez-Rodríguez, and Piedad Brox. "Multi-Unit Serial Polynomial Multiplier to Accelerate NTRU-Based Cryptographic Schemes in IoT Embedded Systems." Sensors 22, no. 5 (March 7, 2022): 2057. http://dx.doi.org/10.3390/s22052057.
Full textAbstract:
Concern for the security of embedded systems that implement IoT devices has become a crucial issue, as these devices today support an increasing number of applications and services that store and exchange information whose integrity, privacy, and authenticity must be adequately guaranteed. Modern lattice-based cryptographic schemes have proven to be a good alternative, both to face the security threats that arise as a consequence of the development of quantum computing and to allow efficient implementations of cryptographic primitives in resource-limited embedded systems, such as those used in consumer and industrial applications of the IoT. This article describes the hardware implementation of parameterized multi-unit serial polynomial multipliers to speed up time-consuming operations in NTRU-based cryptographic schemes. The flexibility in selecting the design parameters and the interconnection protocol with a general-purpose processor allow them to be applied both to the standardized variants of NTRU and to the new proposals that are being considered in the post-quantum contest currently held by the National Institute of Standards and Technology, as well as to obtain an adequate cost/performance/security-level trade-off for a target application. The designs are provided as AXI4 bus-compliant intellectual property modules that can be easily incorporated into embedded systems developed with the Vivado design tools. The work provides an extensive set of implementation and characterization results in devices of the Xilinx Zynq-7000 and Zynq UltraScale+ families for the different sets of parameters defined in the NTRUEncrypt standard. It also includes details of their plug and play inclusion as hardware accelerators in the C implementation of this public-key encryption scheme codified in the LibNTRU library, showing that acceleration factors of up to 3.1 are achieved when compared to pure software implementations running on the processing systems included in the programmable devices.
44
I Mhaibes, Hakeem, and Shahnawaz Qadir. "A Lightweight Authentication Framework for Wireless Sensor Networks." International journal of electrical and computer engineering systems 13, no. 13 (February 3, 2022): 19–27. http://dx.doi.org/10.32985/ijeces.13.1.3.
Full textAbstract:
Wireless Sensor Network (WSN) is emerging as a dominant technology with its applications in areas like agriculture, communication, environment monitoring, and surveillance. The inherited vulnerability and resource-constrained nature of sensor nodes led researchers to propose many lightweight cryptographic protocols for WSN. These sensors are low-cost, low energy, have low processing capability and have low storage restrictions. WSN suffers from many risks because of these unique constraints. This paper proposes a new lightweight security framework for WSNs and covers different lightweight cryptographic schemes for WSN applications. The aim is to provide cryptographic primitives for integrity, confidentiality, and protection from the man-in-the-middle and reply attacks. The work is based solely on symmetric cryptography and it has four phases; Network Initialization, Node Initialization, Nodes Communication, and Node Authentication. This work adopts the Low-Energy Adaptive Clustering Hierarchy (LEACH) framework, which deploys random rotation to distribute the energy among a group of nodes. The probability of attacking in LEACH is higher at cluster head and member nodes. Therefore, data transmission among communicated nodes is encrypted over multiple levels of protection by dynamic session keys to provide a high level of security. In addition, an authentication ticket is provided by a cluster head for each authenticated node to identify another node. The session keys are dynamically generated and updated during the communication to prevent compromising or capturing the keys. Through simulation and evaluation of the system, the results showed less energy consumption and efficient cryptographic primitive were compared with existing schemes
45
Rao, Muzaffar, Thomas Newe, Ian Grout, and Avijit Mathur. "High Speed Implementation of a SHA-3 Core on Virtex-5 and Virtex-6 FPGAs." Journal of Circuits, Systems and Computers 25, no. 07 (April 22, 2016): 1650069. http://dx.doi.org/10.1142/s0218126616500699.
Full textAbstract:
This work presents a novel technique for a high-speed implementation of the newly selected cryptographic hash function, Secure Hash Algorithm-3 (SHA-3) on Xilinx’s Virtex-5 and Virtex-6 Field Programmable Gate Arrays (FPGAs). The proposed technique consists of a two-phase implementation approach. In the first phase, all steps of the SHA-3 core are logically combined, which helps to eliminate the intermediate states of core function, these states utilize more area and also slow the execution. The second phase deals with the hardware implementation of the first phase equations using Xilinx Look-Up-Table (LUT) primitives. This two phase implementation technique results in a throughput of 19.241[Formula: see text]Gbps on a Virtex-6 FPGA; this is the highest reported throughput to date for an FPGA implementation of SHA-3. This high throughput makes this technique ideally suited for the provision of Bump In The Wire (BITW) security for Internet of Things (IoT) applications.
46
Kurra, Anil Kumar, and Usha Rani Nelakuditi. "A Reliable Current Starved Inverter based Arbiter Puf Architecture for Iot Applications." International Journal of Engineering and Advanced Technology 9, no. 1s5 (December 30, 2019): 163–67. http://dx.doi.org/10.35940/ijeat.a1038.1291s519.
Full textAbstract:
In the recent years, Physical Unclonable Functions(PUFs) are emerged to be one of the lightweight hardware security primitives for device authentication, identification, such as Internet of things (IoT). IoT comprises connection of multiple number of nodes (devices) for exchanging the information across different networks. PUFs can sense the minute and unavoidable process variations during the fabrication process and generates the unique number of challenge-response pairs(CRPs), which can be stored and extensively used for secure associations between smart devices in IoT. Arbiter PUFs and ring oscillator PUFs are most commonly used strong PUFs in current day scenario. The conventional Linear arbiter PUFs are suffers from low reliability and vulnerable to Machine Learning attacks. In this paper, we proposed a Current starved Inverter (CSI) based arbiter PUF which enhances the non- linearity and randomness. The Proposed architecture was simulated using cadence spectre CMOS 45nm technology and estimated its metrics such as uniqueness reliability and uniformity.
47
Falas, Solon, Charalambos Konstantinou, and Maria K. Michael. "A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems." ACM Journal on Emerging Technologies in Computing Systems 18, no. 1 (January 31, 2022): 1–19. http://dx.doi.org/10.1145/3460234.
Full textAbstract:
Firmware refers to device read-only resident code which includes microcode and macro-instruction-level routines. For Internet-of-Things (IoT) devices without an operating system, firmware includes all the necessary instructions on how such embedded systems operate and communicate. Thus, firmware updates are essential parts of device functionality. They provide the ability to patch vulnerabilities, address operational issues, and improve device reliability and performance during the lifetime of the system. This process, however, is often exploited by attackers in order to inject malicious firmware code into the embedded device. In this article, we present a framework for secure firmware updates on embedded systems. This approach is based on hardware primitives and cryptographic modules, and it can be deployed in environments where communication channels might be insecure. The implementation of the framework is flexible, as it can be adapted in regards to the IoT device’s available hardware resources and constraints. Our security analysis shows that our framework is resilient to a variety of attack vectors. The experimental setup demonstrates the feasibility of the approach. By implementing a variety of test cases on FPGA, we demonstrate the adaptability and performance of the framework. Experiments indicate that the update procedure for a 1183-kB firmware image could be achieved, in a secure manner, under 1.73 seconds.
48
Ueno, Rei, Naofumi Homma, Akiko Inoue, and Kazuhiko Minematsu. "Fallen Sanctuary: A Higher-Order and Leakage-Resilient Rekeying Scheme." IACR Transactions on Cryptographic Hardware and Embedded Systems 2024, no. 1 (December 4, 2023): 264–308. http://dx.doi.org/10.46586/tches.v2024.i1.264-308.
Full textAbstract:
This paper presents a provably secure, higher-order, and leakage-resilient (LR) rekeying scheme named LR Rekeying with Random oracle Repetition (LR4), along with a quantitative security evaluation methodology. Many existing LR primitives are based on a concept of leveled implementation, which still essentially require a leak-free sanctuary (i.e., differential power analysis (DPA)-resistant component(s)) for some parts. In addition, although several LR pseudorandom functions (PRFs) based on only bounded DPA-resistant components have been developed, their validity and effectiveness for rekeying usage still need to be determined. In contrast, LR4 is formally proven under a leakage model that captures the practical goal of side-channel attack (SCA) protection (e.g., masking with a practical order) and assumes no unbounded DPA-resistant sanctuary. This proof suggests that LR4 resists exponential invocations (up to the birthday bound of key size) without using any unbounded leak-free component, which is the first of its kind. Moreover, we present a quantitative SCA success rate evaluation methodology for LR4 that combines the bounded leakage models for LR cryptography and a state-of-the-art information-theoretical SCA evaluation method. We validate its soundness and effectiveness as a DPA countermeasure through a numerical evaluation; that is, the number of secure calls of a symmetric primitive increases exponentially by increasing a security parameter under practical conditions.
49
Banerjee, Soumya, Ashok Kumar Das, Samiran Chattopadhyay, Sajjad Shaukat Jamal, Joel J. P. C. Rodrigues, and Youngho Park. "Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment." Electronics 10, no. 12 (June 12, 2021): 1417. http://dx.doi.org/10.3390/electronics10121417.
Full textAbstract:
Fog computing as an extension to the cloud computing infrastructure has been invaluable in enhancing the applicability of the Internet of Things (IoT) paradigm. IoT based Fog systems magnify the range and minimize the latency of IoT applications. However, as fog nodes are considered transient and they offer authenticated services, when an IoT end device loses connectivity with a fog node, it must authenticate freshly with a secondary fog node. In this work, we present a new security mechanism to leverage the initial authentication to perform fast lightweight secondary authentication to ensure smooth failover among fog nodes. The proposed scheme is secure in the presence of a current de-facto Canetti and Krawczyk (CK)-adversary. We demonstrate the security of the proposed scheme with a detailed security analysis using formal security under the broadly recognized Real-Or-Random (ROR) model, informal security analysis as well as through formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool. A testbed experiment for measuring computational time for different cryptographic primitives using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) has been done. Finally, through comparative analysis with other related schemes, we show how the presented approach is uniquely advantageous over other schemes.
50
Ibrahim, Atef, and Fayez Gebali. "Word-Based Systolic Processor for Field Multiplication and Squaring Suitable for Cryptographic Processors in Resource-Constrained IoT Systems." Electronics 10, no. 15 (July 25, 2021): 1777. http://dx.doi.org/10.3390/electronics10151777.
Full textAbstract:
Internet of things (IoT) technology provides practical solutions for a wide range of applications, including but not limited to, smart homes, smart cities, intelligent grid, intelligent transportation, and healthcare. Security and privacy issues in IoT are considered significant challenges that prohibit its utilization in most of these applications, especially relative to healthcare applications. Cryptographic protocols should be applied at the different layers of IoT framework, especially edge devices, to solve all security concerns. Finite-field arithmetic, particularly field multiplication and squaring, represents the core of most cryptographic protocols and their implementation primarily affects protocol performance. In this paper, we present a compact and combined two-dimensional word-based serial-in/serial-out systolic processor for field multiplication and squaring over GF(2m). The proposed structure features design flexibility to manage hardware utilization, execution time, and consumed energy. Application Specific Integrated Circuit (ASIC) Implementation results of the proposed word-serial design and the competitive ones at different embedded word-sizes show that the proposed structure realizes considerable saving in the area and consumed energy, up to 93.7% and 98.2%, respectively. The obtained results enable the implementation of restricted cryptographic primitives in resource-constrained IoT edge devices such as wearable and implantable medical devices, smart cards, and wireless sensor nodes.