To see the other types of publications on this topic, follow the link: Hardware Security.
Dissertations / Theses on the topic 'Hardware Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Hardware Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Kalibjian, Jeff. "Securing Telemetry Post Processing Applications with Hardware Based Security." International Foundation for Telemetering, 2004. http://hdl.handle.net/10150/605052.
Full textAbstract:
International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, CaliforniaThe use of hardware security for telemetry in satellites utilized for intelligence and defense applications is well known. Less common is the use of hardware security in ground-based computers hosting applications that post process telemetry data. Analysis reveals vulnerabilities in software only security solutions that can result in the compromise of telemetry data housed on ground-based computer systems. Such systems maybe made less susceptible to compromise with the use of hardware based security.
2
Chakraborty, Rajat Subhra. "Hardware Security through Design Obfuscation." Cleveland, Ohio : Case Western Reserve University, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=case1270133481.
Full textAbstract:
Thesis (Doctor of Philosophy)--Case Western Reserve University, 2010Department of EECS - Computer Engineering Title from PDF (viewed on 2010-05-25) Includes abstract Includes bibliographical references and appendices Available online via the OhioLINK ETD Center
3
Tselekounis, Ioannis. "Cryptographic techniques for hardware security." Thesis, University of Edinburgh, 2018. http://hdl.handle.net/1842/33148.
Full textAbstract:
Traditionally, cryptographic algorithms are designed under the so-called black-box model, which considers adversaries that receive black-box access to the hardware implementation. Although a "black-box" treatment covers a wide range of attacks, it fails to capture reality adequately, as real-world adversaries can exploit physical properties of the implementation, mounting attacks that enable unexpected, non-black-box access, to the components of the cryptographic system. This type of attacks is widely known as physical attacks, and has proven to be a significant threat to the real-world security of cryptographic systems. The present dissertation is (partially) dealing with the problem of protecting cryptographic memory against physical attacks, via the use of non-malleable codes, which is a notion introduced in a preceding work, aiming to provide privacy of the encoded data, in the presence of adversarial faults. In the present thesis we improve the current state-of-the-art on non-malleable codes and we provide practical solutions for protecting real-world cryptographic implementations against physical attacks. Our study is primarily focusing on the following adversarial models: (i) the extensively studied split-state model, which assumes that private memory splits into two parts, and the adversary tampers with each part, independently, and (ii) the model of partial functions, which is introduced by the current thesis, and models adversaries that access arbitrary subsets of codeword locations, with bounded cardinality. Our study is comprehensive, covering one-time and continuous, attacks, while for the case of partial functions, we manage to achieve a stronger notion of security, that we call non-malleability with manipulation detection, that in addition to privacy, it also guarantees integrity of the private data. It should be noted that, our techniques are also useful for the problem of establishing, private, keyless communication, over adversarial communication channels. Besides physical attacks, another important concern related to cryptographic hardware security, is that the hardware fabrication process is assumed to be trusted. In reality though, when aiming to minimize the production costs, or whenever access to leading-edge manufacturing facilities is required, the fabrication process requires the involvement of several, potentially malicious, facilities. Consequently, cryptographic hardware is susceptible to the so-called hardware Trojans, which are hardware components that are maliciously implanted to the original circuitry, having as a purpose to alter the device's functionality, while remaining undetected. Part of the present dissertation, deals with the problem of protecting cryptographic hardware against Trojan injection attacks, by (i) proposing a formal model for assessing the security of cryptographic hardware, whose production has been partially outsourced to a set of untrusted, and possibly malicious, manufacturers, and (ii) by proposing a compiler that transforms any cryptographic circuit, into another, that can be securely outsourced.
4
Edmison, Joshua Nathaniel. "Hardware Architectures for Software Security." Diss., Virginia Tech, 2006. http://hdl.handle.net/10919/29244.
Full textAbstract:
The need for hardware-based software protection stems primarily from the increasing value of software coupled with the inability to trust software that utilizes or manages shared resources. By correctly utilizing security functions in hardware, trust can be removed from software.
Existing hardware-based software protection solutions generally suffer from utilization of trusted software, lack of implementation, and/or extreme measures such as processor redesign. In contrast, the research outlined in this document proposes that substantial, hardware-based software protection can be achieved, without trusting software or redesigning the processor, by augmenting existing processors with security management hardware placed outside of the processor boundary. Benefits of this approach include the ability to add security features to nearly any processor, update security features without redesigning the processor, and provide maximum transparency to the software development and distribution processes. The major contributions of this research include the the augmentation methodology, design principles, and a graph-based method for analyzing hardware-based security systems.Ph. D.
5
Leonhard, Julian. "Analog hardware security and trust." Electronic Thesis or Diss., Sorbonne université, 2021. http://www.theses.fr/2021SORUS246.
Full textAbstract:
La mondialisation et la spécialisation de la chaîne d'approvisionnement des circuits intégrés (CI) ont conduit les entreprises de semi-conducteurs à partager leur précieuse propriété intellectuelle (PI) avec de nombreuses parties pour les faire fabriquer, tester, etc. En conséquence, les PI et les CI sensibles sont exposés à des parties potentiellement malveillantes, ce qui entraîne de graves menaces de piratage telles que la contrefaçon ou la retro ingénierie. Dans cette thèse, nous développons des méthodes pour sécuriser les IP/CI analogiques et mixtes contre les menaces de piratage dans la chaîne d'approvisionnement. Nous proposons une méthodologie anti-piratage pour verrouiller les circuits intégrés mixtes via l'application de logic locking à leur partie numérique. En outre, nous proposons une méthodologie contre la rétro ingénierie camouflant la géométrie effective des composants de layout. Enfin, nous proposons une attaque pour contourner toutes les techniques de verrouillage des circuits analogiques qui agissent sur la polarisation du circuit. Les techniques présentées ont le potentiel de protéger les circuits analogiques et mixtes contre une grande partie de tous les scénarios de risque possibles tout en infligeant de faibles coûts en termes de surface, de puissance et de performanceThe ongoing globalization and specialization of the integrated circuit (IC) supply chain has led semiconductor companies to share their valuable intellectual property (IP) assets with numerous parties for means of manufacturing, testing, etc. As a consequence, sensitive IPs and ICs are being exposed to untrusted parties, resulting in serious piracy threats such as counterfeiting or reverse engineering. In this thesis we develop methods to secure analog and mixed signal IPs/ICs from piracy threats within the supply chain. We propose an anti-piracy methodology for locking mixed-signal ICs via logic locking of their digital part. Furthermore, we propose an anti-reverse engineering methodology camouflaging the effective geometry of layout components. Finally, we propose an attack to break all analog circuit locking techniques that act upon the biasing of the circuit. The presented techniques have the potential to protect analog and mixed-signal circuits against a large subset of all the possible risk scenarios while inflicting low overheads in terms of area, power and performance
6
Bilzor, Michael B. "Defining and enforcing hardware security requirements." Monterey, California. Naval Postgraduate School, 2011. http://hdl.handle.net/10945/10741.
Full textAbstract:
Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to hardware systems demonstrated in the academic literature to date involve some type of subversion, often called a Hardware Trojan or malicious inclusion. Detecting these has proved very difficult. We demonstrate a method whereby the dynamic enforcement of a processor's security requirements can be used to detect the presence of some of these malicious inclusions. Although there are theoretical limits on which security properties can be dynamically enforced using the techniques we describe, our research does provide a novel method for expressing and enforcing security requirements at runtime in hardware designs. While the method does not guarantee the detection of all possible malicious inclusions in a given processor, it addresses a large class of inclusions-those detectable as violations of behavioral restrictions in the architectural specification-which provides significant progress against the general case, given a suitably complete set of checkers.
7
Sekar, Sanjana. "Logic Encryption Methods for Hardware Security." University of Cincinnati / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1505124923353686.
Full text
8
Xue, Hao. "Hardware Security and VLSI Design Optimization." Wright State University / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=wright1546466777397815.
Full text
9
Valea, Emanuele. "Security Techniques for Test Infrastructures." Thesis, Montpellier, 2020. http://www.theses.fr/2020MONTS042.
Full textAbstract:
Les infrastructures de test sont essentielles pour l'industrie moderne des circuits intégrés. La nécessité de détecter les défauts de fabrication et de prévenir les défaillances des systèmes sur le terrain, rend leur présence inévitable dans chaque circuit intégré et ses sous-modules. Malheureusement, les infrastructures de test représentent également une menace pour la sécurité en raison de la contrôlabilité et de l'observabilité accrues qu'elles offrent généralement sur les circuits internes. Dans cette thèse, nous présentons une analyse complète des menaces existantes et des contre-mesures respectives, en fournissant également une classification et une taxonomie de l'état de l'art. En outre, nous proposons de nouvelles solutions de sécurité, basées sur la cryptographie légère, pour la conception d'infrastructures de test. Toutes les contre-mesures proposées appartiennent à la catégorie des solutions dit de scan encryption et leur but est de garantir la confidentialité des données et l'authentification des utilisateurs. Chaque solution proposée est évaluée en termes de coûts de mise en œuvre et de capacités de sécurité. Les travaux qui ont été réalisés et qui sont présentés dans cette thèse, indiquent que la scan encryption est une solution prometteuse pour garantir une conception sécurisée des infrastructures de testTest infrastructures are crucial to the modern Integrated Circuits (ICs) industry. The necessity of detecting manufacturing defects and preventing system failures in the field, makes their presence inevitable in every IC and its sub-modules. Unfortunately, test infrastructures also represent a security threat due to the augmented controllability and observability on the IC internals that they typically provide. In this thesis, we present a comprehensive analysis of the existing threats and the respective countermeasures, also providing a classification and a taxonomy of the state-of-the-art. Furthermore, we propose new security solutions, based on lightweight cryptography, for the design of test infrastructures. All proposed countermeasures belong to the category of scan encryption solutions and their purpose is to guarantee data confidentiality and user authentication. Each proposed solution is evaluated in terms of implementation costs and security capabilities. The works that have been carried out and are presented in this thesis, indicate that scan encryption is a promising solution for granting a secure design of test infrastructures
10
Wenhua, Qi, Zhang Qishan, and Liu Hailong. "RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM." International Foundation for Telemetering, 2003. http://hdl.handle.net/10150/606688.
Full textAbstract:
International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, NevadaSecurity hardware based on asymmetric algorithm is the key component of Public Key Infrastructure (PKI), which decides the safety and performance of system. Security device in server or client have some common functions. We designed the client token and cryptographic server to improve the performance of PKI, and got obvious effect.
11
Zhang, Ning. "Attack and Defense with Hardware-Aided Security." Diss., Virginia Tech, 2016. http://hdl.handle.net/10919/72855.
Full textAbstract:
Riding on recent advances in computing and networking, our society is now experiencing the evolution into the age of information. While the development of these technologies brings great value to our daily life, the lucrative reward from cyber-crimes has also attracted criminals. As computing continues to play an increasing role in the society, security has become a pressing issue. Failures in computing systems could result in loss of infrastructure or human life, as demonstrated in both academic research and production environment. With the continuing widespread of malicious software and new vulnerabilities revealing every day, protecting the heterogeneous computing systems across the Internet has become a daunting task. Our approach to this challenge consists of two directions. The first direction aims to gain a better understanding of the inner working of both attacks and defenses in the cyber environment. Meanwhile, our other direction is designing secure systems in adversarial environment.Ph. D.
12
Ma, Yao. "Quantum Hardware Security and Near-term Applications." Electronic Thesis or Diss., Sorbonne université, 2023. https://accesdistant.sorbonne-universite.fr/login?url=https://theses-intra.sorbonne-universite.fr/2023SORUS500.pdf.
Full textAbstract:
Les primitives de sécurité matérielle sont des composants et des mécanismes fondamentaux basés sur le matériel et utilisés pour améliorer la sécurité des systèmes informatiques modernes en général. Ces primitives fournissent des éléments de base pour la mise en œuvre des fonctions de sécurité et la protection contre les menaces afin de garantir l'intégrité, la confidentialité et la disponibilité des informations et des ressources. Avec le développement à grande vitesse de l'informatique quantique et du traitement de l'information, la construction de primitives de sécurité matérielle avec des systèmes mécaniques quantiques présente un énorme potentiel. Parallèlement, il devient de plus en plus important de traiter les vulnérabilités potentielles du point de vue du matériel pour garantir les propriétés de sécurité des applications quantiques. La thèse se concentre sur les primitives de sécurité matérielles pratiques en analogie quantique, qui se réfèrent à la conception et à la mise en œuvre de fonctions de sécurité matérielles avec des systèmes mécaniques quantiques contre diverses menaces et attaques. Notre recherche s'articule autour de deux questions: Comment les systèmes mécaniques quantiques peuvent-ils améliorer la sécurité des primitives de sécurité matérielle existantes? Et comment les primitives de sécurité matérielle peuvent-elles protéger les systèmes d'informatique quantique? Nous apportons les réponses en étudiant deux types de primitives de sécurité matérielle avec des systèmes mécaniques quantiques, de la construction à l'application: Physical Unclonable Function (PUF) et Trusted Execution Environments (TEE). Nous proposons tout d'abord des constructions hybrides classiques-quantiques de PUF appelées HPUF et HLPUF. Alors que les PUF exploitent les propriétés physiques propres à chaque dispositif matériel individuel pour générer des clés ou des identifiants spécifiques, nos constructions intègrent des technologies de traitement quantique de l'information et mettent en œuvre des protocoles d'authentification et de communication sécurisés avec des clés quantiques réutilisables. Deuxièmement, inspirés par les TEE qui obtiennent des propriétés d'isolation par un mécanisme matériel, nous proposons la construction de QEnclave avec des systèmes mécaniques quantiques. L'idée est de fournir des environnements d'exécution isolés et sécurisés au sein d'un système informatique quantique plus large en utilisant des enclaves/processeurs sécurisés pour protéger les opérations sensibles d'un accès non autorisé ou d'une altération avec des hypothèses de confiance minimales. Il en résulte une construction de QEnclave assez simple de manière opérationnelle, avec l'exécution de rotations sur des qubits uniques. Nous montrons que QEnclave permet un calcul quantique aveugle délégué sur le serveur en nuage avec un utilisateur classique distant dans le cadre des définitions de sécuritéHardware security primitives are hardware-based fundamental components and mechanisms used to enhance the security of modern computing systems in general. These primitives provide building blocks for implementing security features and safeguarding against threats to ensure integrity, confidentiality, and availability of information and resources. With the high-speed development of quantum computation and information processing, a huge potential is shown in constructing hardware security primitives with quantum mechanical systems. Meanwhile, addressing potential vulnerabilities from the hardware perspective is becoming increasingly important to ensure the security properties of quantum applications. The thesis focuses on practical hardware security primitives in quantum analogue, which refer to designing and implementing hardware-based security features with quantum mechanical systems against various threats and attacks. Our research follows two questions: How can quantum mechanical systems enhance the security of existing hardware security primitives? And how can hardware security primitives protect quantum computing systems? We give the answers by studying two different types of hardware security primitives with quantum mechanical systems from constructions to applications: Physical Unclonable Function (PUF) and Trusted Execution Environments (TEE). We first propose classical-quantum hybrid constructions of PUFs called HPUF and HLPUF. When PUFs exploit physical properties unique to each individual hardware device to generate device-specific keys or identifiers, our constructions incorporate quantum information processing technologies and implement quantum-secure authentication and secure communication protocols with reusable quantum keys. Secondly, inspired by TEEs that achieve isolation properties by hardware mechanism, we propose the QEnclave construction with quantum mechanical systems. The idea is to provide an isolated and secure execution environment within a larger quantum computing system by utilising secure enclaves/processors to protect sensitive operations from unauthorized access or tampering with minimal trust assumptions. It results in an operationally simple enough QEnclave construction with performing rotations on single qubits. We show that QEnclave enables delegated blind quantum computation on the cloud server with a remote classical user under the security definitions
13
Yao, Håkansson Jonathan, and Niklas Rosencrantz. "Formal Verification of Hardware Peripheral with Security Property." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-209807.
Full textAbstract:
One problem with computers is that the operating system automatically trusts any externallyconnected peripheral. This can result in abuse when a peripheral technically can violate the security model because the peripheral is trusted. Because of that the security is an important issue to look at.The aim of our project is to see in which cases hardware peripherals can be trusted. We built amodel of the universal asynchronous transmitter/receiver (UART), a model of the main memory(RAM) and a model of a DMA controller. We analysed interaction between hardware peripherals,user processes and the main memory.One of our results is that connections with hardware peripherals are secure if the hardware is properly configured. A threat scenario could be an eavesdropper or man-in-the-middle trying to steal data or change a cryptographic key.We consider the use-cases of DMA and protecting a cryptographic key. We prove the well-behavior of the algorithm. Some error-traces resulted from incorrect modelling that was resolved by adjusting the models. Benchmarks were done for different memory sizes.The result is that a peripheral can be trusted provided a configuration is done. Our models consist of finite state machines and their corresponding SMV modules. The models represent computer hardware with DMA. We verified the SMV models using the model checkers NuSMV and nuXmv.Målet med vårt projekt är att verifiera olika specifikationer av externa enheter som ansluts till datorn. Vi utför formell verifikation av sådan datorutrustning och virtuellt minne. Verifikation med temporal logik, LTL, utförs. Specifikt verifierar vi 4 olika use-case och 9 formler för seriell datakommunikation, DMA och virtuellt minne. Slutsatsen är att anslutning av extern hårdvara är säker om den är ordentligt konfigurerad.Vi gör jämförelser mellan olika minnesstorlekar och mätte tidsåtgången för att verifiera olika system. Vi ser att tidsåtgången för verifikation är långsammare än linjärt beroende och att relativt små system tar relativt lång tid att verifiera.
14
Li, Huiyun. "Security evaluation at design time for cryptographic hardware." Thesis, University of Cambridge, 2006. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.613888.
Full text
15
Müelich, Sven [Verfasser]. "Channel coding for hardware-intrinsic security / Sven Müelich." Ulm : Universität Ulm, 2019. http://d-nb.info/119830989X/34.
Full text
16
Letan, Thomas. "Specifying and Verifying Hardware-based Security Enforcement Mechanisms." Thesis, CentraleSupélec, 2018. http://www.theses.fr/2018CSUP0002.
Full textAbstract:
Dans ces travaux de thèse, nous nous intéressons à une classe de stratégies d'application de politiques de sécurité que nous appelons HSE, pour Hardware-based Security Enforcement. Dans ce contexte, un ou plusieurs composants logiciels de confiance contraignent l'exécution du reste de la pile logicielle avec le concours de la plate-forme matérielle sous-jacente afin d'assurer le respect d'une politique de sécurité donnée. Pour qu'un mécanisme HSE contraigne effectivement l'exécution de logiciels arbitraires, il est nécessaire que la plate-forme matérielle et les composants logiciels de confiance l'implémentent correctement.Ces dernières années, plusieurs vulnérabilités ont mis à défaut des implémentations de mécanismes HSE. Nous concentrons ici nos efforts sur celles qui sont le résultat d'erreurs dans les spécifications matérielles et non dans une implémentation donnée.Plus précisément, nous nous intéressons aux cas particulier de l'usage légitime, par un attaquant, d'une fonctionnalité d'un composant matériel pour contourner les protections offertes par un second. Notre but est d'explorer des approches basées sur l'usage de méthodes formelles pour spécifier et vérifier des mécanismes HSE. La spécification de mécanismes HSE peut servir de point de départ pour la vérification des spécifications matérielles concernées, dans l'espoir de prévenir des attaques profitant de la composition d'un grand nombre de composants matériels. Elles peuvent ensuite être fournies aux développeurs logiciels, sous la forme d'une liste de prérequis que leurs produits doivent respecter s'ils désirent l'application d'une politique de sécurité clairement identifiéeIn this thesis, we consider a class of security enforcement mechanisms we called Hardware-based Security Enforcement (HSE). In such mechanisms, some trusted software components rely on the underlying hardware architecture to constrain the execution of untrusted software components with respect to targeted security policies. For instance, an operating system which configures page tables to isolate userland applications implements a HSE mechanism. For a HSE mechanism to correctly enforce a targeted security policy, it requires both hardware and trusted software components to play their parts. During the past decades, several vulnerability disclosures have defeated HSE mechanisms. We focus on the vulnerabilities that are the result of errors at the specification level, rather than implementation errors. In some critical vulnerabilities, the attacker makes a legitimate use of one hardware component to circumvent the HSE mechanism provided by another one. For instance, cache poisoning attacks leverage inconsistencies between cache and DRAM’s access control mechanisms. We call this class of attacks, where an attacker leverages inconsistencies in hardware specifications, compositional attacks. Our goal is to explore approaches to specify and verify HSE mechanisms using formal methods that would benefit both hardware designers and software developers. Firstly, a formal specification of HSE mechanisms can be leveraged as a foundation for a systematic approach to verify hardware specifications, in the hope of uncovering potential compositional attacks ahead of time. Secondly, it provides unambiguous specifications to software developers, in the form of a list of requirements
17
Mustapa, Muslim. "PUF based FPGAs for Hardware Security and Trust." University of Toledo / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1436361629.
Full text
18
Markettos, Athanasios Theodore. "Active electromagnetic attacks on secure hardware." Thesis, University of Cambridge, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.609203.
Full text
19
TAKALOO, HADIS. "Design and Implementation of Two Hardware Silicon Prototypes for Cryptography and Hardware Security Applications." Doctoral thesis, Università di Siena, 2020. http://hdl.handle.net/11365/1107236.
Full textAbstract:
This thesis reports the main research results that I achieved during my PhD program at the Department of Information Engineering and Mathematics of the University of Siena, Italy.
The purpose of my research was to study and design lightweight crypto-hardware silicon Integrated Circuits (ICs) based on non-linear dynamical systems for hardware security and cryptographic applications. The objectives of this work were ambitious, since the goal was facing the design of silicon True Random Bit Generators (TRBGs) and Physically Unclonable Functions (PUFs) with new methods and multidisciplinary approaches, linking together Measure Theory, Neural Networks, Complex Systems, Nonlinear Dynamics, Integrated Circuit design and technology, as well as Cryptography.
This thesis is divided in two parts. The first part presents the study and the design of an IC implementing a chaos-based TRBG with statistical self-tuning capabilities. As a result of my research, an integrated circuit was designed and taped-out during my PhD program. The IC is a full custom mixed-signal circuit implementing a TRBG based on a discrete-time piecewise linear 1D chaotic map. The TRBG exploits self-tuning capabilities to achieve the maximum entropy, which is obtained monitoring and adjusting the chaotic map parameters to compensate possible perturbing deviances due to, e.g., technological process variability and temperature variations. To this aim, the IC is equipped with a digital core analyzing the statistical characteristics of the generated sequences, to
achieve the estimation of the chaotic system parameters and to perform a digitized control and correction of the analog circuit implementing the map. The chip has been fabricated after being selected and ranked among the 10 best project proposals in the very first user category, in the second EUROPRACTICE First User Stimulation action. The IC has been fabricated at the end of April, 2018, and tested in June/July 2018. To house and power the IC a PCB has been designed and fabricated, providing the necessary physical analog and digital interfaces for the chip testing. Furthermore, the testing environment has been developed in the LABVIEW environment exploring to a development board equipped with a Xilinx FPGA, and providing the software and hardware tools to perform the tests.
The second part of this thesis presents the study and the design of an IC implementing a novel PUF circuit derived from Cellular Neural Networks (CNNs).
The fundamental idea in this research is to exploit the rich dynamical versatility of CNNs to derive a novel class of low-complexity mixed-signal silicon PUFs, taking advantages from a wide set of mathematical models that can be analyzed by means of well-established theoretical tools. Also for this research activity, as a result of my research, an integrated circuit was designed and taped-out during my PhD program. The design of the hardware silicon prototype aimed to study the feasibility of the proposal, referring to standard mixedsignal CMOS technologies, and exploring different architectures and circuit topologies.
The chip database for the tape-out was delivered at the end of August 2019, and at the time of writing this thesis the chip was currently under fabrication.
In both of the research activities the results were achieved through circuit simulations, including the effects of temperature variations and technological process variability to verify and refine the proposed theoretical models. The activities presented in this thesis covered the design of the proposed circuits both at the electrical and physical levels, including post-layout validation and the writing of the design documentation.
20
Shepherd, Simon John. "A distributed security architecture for large scale systems." Thesis, University of Plymouth, 1992. http://hdl.handle.net/10026.1/2143.
Full textAbstract:
This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamental problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.
21
Basak, Abhishek. "INFRASTRUCTURE AND PRIMITIVES FOR HARDWARE SECURITY IN INTEGRATED CIRCUITS." Case Western Reserve University School of Graduate Studies / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=case1458787036.
Full text
22
Deb, Nath Atul Prasad. "Hardware-based Authentication and Security for Advanced Metering Infrastructure." University of Toledo / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1470106841.
Full text
23
Cozzi, Maxime. "Infrared Imaging for Integrated Circuit Trust and Hardware Security." Thesis, Montpellier, 2019. http://www.theses.fr/2019MONTS046.
Full textAbstract:
La généralisation des circuits intégrés et plus généralement de l'électronique à tous les secteurs d'activité humaine, nécessite d'assurer la sécurité d'un certain nombre de systèmes critiques (militaire, finance, santé, etc). Aujourd'hui, l'intégrité de ces systèmes repose sur un éventail d'attaques connues, pour lesquelles des contremesures ont été développées.Ainsi, la recherche de nouvelles attaques contribue fortement à la sécurisation des circuits électroniques. La complexité toujours croissante des circuits, permise par les progrès dans les technologies silicium, a pour conséquence l'apparition de circuits occupant de plus en plus de surface. La retro-ingénierie est donc une étape souvent obligatoire menée en amont d'une attaque afin de localiser les périphériques et autres régions d'intérêts au sein du circuit visé. Dans cet objectif, l'étude présenté dans ce document propose de nouvelles méthodes d'imagerie infrarouge. En particulier, il est démontré que l'analyse statistique des mesures infrarouge permet d'automatiser la localisation des régions électriquement active d'un circuit. Aussi, une nouvelle méthode de comparaison statistique d'image infrarouge est proposée. Enfin, ces résultats sont acquis au moyen d'une plateforme de mesure faible cout, permettant de détecter toute activité électrique possédant une consommation supérieure à 200µWThe generalization of integrated circuits and more generally electronics to everyday life systems (military, finance, health, etc) rises the question about their security. Today, the integrity of such circuits relies on a large panel of known attacks for which countermeasures have been developed. Hence, the search of new vulnerabilities represents one of the largest contribution to hardware security. The always rising complexity of dies leads to larger silicon surfaces.Circuit imaging is therefore a popular step among the hardware security community in order to identify regions of interest within the die. In this objective, the work presented here proposes new methodologies for infrared circuit imaging. In particular, it is demonstrated that statistical measurement analysis can be performed for automated localization of active areas in an integrated circuit.Also, a new methodology allowing efficient statistical infrared image comparison is proposed. Finally, all results are acquired using a cost efficient infrared measurement platform that allows the investigation of weak electrical source, detecting power consumption as low as 200 µW
24
Reid, Jason Frederick. "Enhancing security in distributed systems with trusted computing hardware." Thesis, Queensland University of Technology, 2007. https://eprints.qut.edu.au/16379/1/Jason_Reid_Thesis.pdf.
Full textAbstract:
The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment.
We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives.
We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process.
We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices.
We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons.
We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.
25
Reid, Jason Frederick. "Enhancing security in distributed systems with trusted computing hardware." Queensland University of Technology, 2007. http://eprints.qut.edu.au/16379/.
Full textAbstract:
The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment.
We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives.
We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process.
We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices.
We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons.
We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.
26
Fattori, A. "HARDWARE-ASSISTED VIRTUALIZATION AND ITS APPLICATIONS TO SYSTEMS SECURITY." Doctoral thesis, Università degli Studi di Milano, 2014. http://hdl.handle.net/2434/233326.
Full textAbstract:
In recent years, the number and sophistication of cybercriminals attacks has
risen at an alarming pace, and this is not likely to slow down in the near
future. To date, security researchers and industry proposed several
countermeasures to this phenomenon, and continue to investigate new techniques,
in a real arms race against miscreants.
Most modern techniques to detect or prevent threats are based on
dynamic analysis, that allows to observe the properties and behaviors
of software while it runs. Many dynamic approaches are based on virtualization
technology. Over the years, indeed, virtualization became the de facto
standard environment for the implementation of many dynamic security tools and
frameworks. Virtualization has many features that are particularly useful when
dealing with systems security. Operating as a hypervisor (i.e., the entity that
controls the execution of a system inside a virtual machine), indeed, grants a
good degree of transparency and isolation, since the hypervisor is always more
privileged than any component running as a guest of a virtual machine. On the
contrary, approaches that directly work in the same system of their targets are
prone to identification and corruption of their results.
Until some years ago, virtualization was uniquely performed via software. Due
to the many challenges and intricacies of virtualization, most software
hypervisors have lots of prerequisites (e.g., the source code, or binaries, of
a system must be modified before it can be run as a guest of a virtual
machine). Furthermore, they commonly have bugs, due to the enormous amount of
little details that must be handled, and these badly affect transparency and
isolation qualities. These pitfalls greatly hinder security systems built on
top of software hypervisors. The introduction of an hardware support for
virtualization on most commodity CPUs, however, provided a good mean to
overcome these limitations. In a strive to contribute to the systems security
research field, in this dissertation we show how such hardware support can be
leveraged to build tools and frameworks that use dynamic analysis to face some
of the many challenges of the field. In more details, we first describe the
design and implementation of a generic framework to perform complex dynamic
analyses of both user- and kernel-level software, without relying on any native
support or any a priori modification of the target. This framework
lays the foundation of this dissertation, and on top of it we built the other
two contributions: a malware detector and a tool to automatically discover
vulnerabilities in Mac OS X kernel modules.
27
Badier, Hannah. "Transient obfuscation for HLS security : application to cloud security, birthmarking and hardware Trojan defense." Thesis, Brest, École nationale supérieure de techniques avancées Bretagne, 2021. https://tel.archives-ouvertes.fr/tel-03789700.
Full textAbstract:
La mondialisation croissante de la chaîne d'approvisionnement des semi-conducteurs, ainsi que la complexité et la diversité croissantes des flux de conception de matériel, ont entraîné une recrudescence des menaces de sécurité : risques de vol et de revente de propriété intellectuelle, de rétro-ingénierie et d'insertion de code malveillant sous la forme de chevaux de Troie pendant la fabrication et au moment de la conception ont fait l'objet d'une recherche croissante ces dernières années. Cependant, les menaces lors de la synthèse de haut niveau (HLS), où une description algorithmique est transformée en une implémentation matérielle de niveau inférieur, n'ont été envisagées que récemment, et peu de solutions ont été proposées jusqu'à présent. Dans cette thèse, nous nous concentrons sur la sécurisation des conceptions lors de la synthèse comportementale à l'aide d'un outil HLS basé sur le cloud ou interne, mais non fiable. Nous introduisons une nouvelle méthode de protection au moment de la conception appelée offuscation, où le code source de haut niveau est obscurci à l'aide de techniques basées sur des clés, et désobscurci après HLS au niveau du transfert de registre. Cette méthode en deux étapes garantit une fonctionnalité de conception correcte et une faible surcharge de conception. Nous proposons trois façons d'intégrer l'offuscation transitoire dans différents mécanismes de sécurité. Tout d'abord, nous montrons comment il peut être utilisé pour empêcher le vol de propriété intellectuelle et la réutilisation illégale dans un scénario HLS basé sur le cloud. Ensuite, nous étendons ce travail au filigranes numériques, en exploitant les effets secondaires de l'offuscation transitoire sur les outils HLS pour identifier les conceptions volées. Enfin, nous montrons comment cette méthode peut également être utilisée contre les chevaux de Troie matériels, à la fois en empêchant l'insertion et en facilitant la détectionThe growing globalization of the semiconductor supply chain, as well as the increasing complexity and diversity of hardware design flows, have lead to a surge in security threats: risks of intellectual property theft and reselling, reverse-engineering and malicious code insertion in the form of hardware Trojans during manufacturing and at design time have been a growing research focus in the past years. However, threats during highlevel synthesis (HLS), where an algorithmic description is transformed into a lower level hardware implementation, have only recently been considered, and few solutions have been given so far. In this thesis, we focus on how to secure designs during behavioral synthesis using either a cloud-based or an internal but untrusted HLS tool. We introduce a novel design time protection method called transient obfuscation, where the high-level source code is obfuscated using key-based techniques, and deobfuscated after HLS at register-transfer level. This two-step method ensures correct design functionality and low design overhead. We propose three ways to integrate transient obfuscation in different security mechanisms. First, we show how it can be used to prevent intellectual property theft and illegal reuse in a cloud-based HLS scenario. Then, we extend this work to watermarking, by exploiting the side-effects of transient obfuscation on HLS tools to identify stolen designs. Finally, we show how this method can also be used against hardware Trojans, both by preventing insertion and by facilitating detection
28
Kuvaiskii, Dmitrii. "Hardware-Assisted Dependable Systems." Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2018. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-234205.
Full textAbstract:
Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data.
Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead.
In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs.
Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead.
29
Huang, Sinan. "Hardware Evaluation of SHA-3 Candidates." Thesis, Virginia Tech, 2011. http://hdl.handle.net/10919/32932.
Full textAbstract:
Cryptographic hash functions are used extensively in information security, most notably in digital authentication and data integrity verification. Their performance is an important factor of the overall performance of a secure system. In 2005, some groups of cryptanalysts were making increasingly successful attacks and exploits on the cryptographic hash function, SHA-1, the most widely used hash function of the secure hashing algorithm family. Although these attacks do not work on SHA-2, the next in the series of the secure hashing algorithm family, the National Institute of Standards and Technology still believes that it is necessary to hold a competition to select a new algorithm to be added to the current secure hashing algorithm family. The new algorithm will be chosen through a public competition. The entries will be evaluated with different kinds of criteria, such as security, performance and implementation characteristics. These criteria will not only cover the domain of software, but the domain of hardware as well. This is the motivation of this thesis.
This thesis will describe the experiments and measurements done to evaluate the SHA-3 cryptographic hash function candidatesâ performance on both ASIC and FPGA devices. The methodology, metrics, implementation details, and the framework of the experiments will be described. The results on both hardware devices will be shown and possible future directions will be discussed.Master of Science
30
Patel, Krutartha Computer Science & Engineering Faculty of Engineering UNSW. "Hardware-software design methods for security and reliability of MPSoCs." Awarded by:University of New South Wales. Computer Science & Engineering, 2009. http://handle.unsw.edu.au/1959.4/44854.
Full textAbstract:
Security of a Multi-Processor System on Chip (MPSoC) is an emerging area of concern in embedded systems. MPSoC security is jeopardized by Code Injection attacks. Code Injection attacks, which are the most common types of software attacks, have plagued single processor systems. Design of MPSoCs must therefore incorporate security as one of the primary objectives. Code Injection attacks exploit vulnerabilities in \trusted" and legacy code. An architecture with a dedicated monitoring processor (MONITOR) is employed to simultaneously supervise the application processors on an MPSoC. The program code in the application processors is divided into basic blocks. The basic blocks in the application processors are statically instrumented with special instructions that allow communication with the MONITOR at runtime. The MONITOR verifies the execution of all the processors at runtime using control flow checks and either a timing or instruction count check. This thesis proposes a monitoring system called SOFTMON, a design methodology called SHIELD, a design flow called LOCS and an architectural framework called CUFFS for detecting Code Injection attacks. SOFTMON, a software monitoring system, uses a software algorithm in the MONITOR. SOFTMON incurs limited area overheads. However, the runtime performance overhead is quite high. SHIELD, an extension to the work in SOFTMON overcomes the limitation of high runtime overhead using a MONITOR that is predominantly hardware based. LOCS uses only one special instruction per basic block compared to two, as was the case in SOFTMON and SHIELD. Additionally, profile information is generated for all the basic blocks in all the application processors for the MPSoC designer to tune the design by increasing or decreasing the frequency of loop basic blocks. CUFFS detects attacks even without application processors communicating to the MONITOR. The SOFTMON, SHIELD and LOCS approaches can only detect attacks if the application processors communicate to the MONITOR. CUFFS relies on the exact number of instructions in basic blocks to determine an attack, rather than time-frame based measures used in SOFTMON, SHIELD and LOCS. The lowest runtime performance overhead was achieved by LOCS (worst case of 37.5%), while the SOFTMON monitoring system had the least amount of area overheads of about 25%. The CUFFS approach employed an active MONITOR and hence detected a greater range of attacks. The CUFFS framework also detects bit flip errors (reliability errors) in the control flow instructions of the application processors on an MPSoC. CUFFS can detect nearly 70% of all bit flip errors in the control flow instructions. Additionally, a modified CUFFS approach is proposed to ensure reliable inter-processor communication on an MPSoC. The modified CUFFS approach uses a hardware based checksum approach for reliable inter-processor communication and incurred a runtime performance overhead of up to 25% and negligible area overheads compared to CUFFS. Thus, the approaches proposed in this thesis equip an MPSoC designer with tools to embed security features during an MPSoC's design phase. Incorporating security measures at the processor design level provides security against software attacks in MPSoCs and incurs manageable runtime, area and code-size overheads.
31
Skorobogatov, Sergei Petrovich. "Semi-invasive attacks : a new approach to hardware security analysis." Thesis, University of Cambridge, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.614760.
Full text
32
Banerjee, Utsav. "Energy-efficient protocols and hardware architectures for transport layer security." Thesis, Massachusetts Institute of Technology, 2017. http://hdl.handle.net/1721.1/111861.
Full textAbstract:
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2017.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 99-104).
The Internet of Things (IoT) has introduced a vision of an Internet where computing and sensing devices are interconnected. Digitally connected devices are encroaching on every aspect of our lives, including our homes, cars, offices, and even our bodies. Researchers estimate that there will be over 50 billion wireless connected devices by 2020 [1]. On one hand, the IoT enables fundamentally new applications, but on the other, these devices are attractive targets for cyber attackers, thus making IoT security a major concern. Datagram Transport Layer Security (DTLS) is considered to be one of the most suited protocols for securing the IoT. However, computation and communication overheads make it very expensive to implement DTLS on resource-constrained IoT sensor nodes. In this work, we profile the energy costs of DTLS version 1.3, using experimental models for cryptographic computations and radio-frequency (RF) communications. Based on this analysis, we propose protocol optimizations that can reduce the overall energy consumption of DTLS up to 45%, while still maintaining the same security strength of the standard DTLS. We discuss energy-efficient architectures for implementing the standard cryptographic primitives AES (Advanced Encryption Standard), SHA (Secure Hash Algorithm) and ECC (Elliptic Curve Cryptography) in hardware. Our hardware can provide more than 2,500 times reduction in energy consumption compared to traditional software implementations. These hardware primitives are integrated with dedicated control and memory to design a DTLS co-processor that can accelerate the complete DTLS state machine in hardware, thus minimizing the energy consumption due to DTLS computations. The proposed DTLS core is integrated with a RISC-V micro-processor to accurately profile these functions, as well as design custom protocols using standalone cryptographic instructions.
by Utsav Banerjee.
S.M.
33
Wan, Shengye. "Hardware-Assisted Security Mechanisms On Arm-Based Multi-Core Processors." W&M ScholarWorks, 2020. https://scholarworks.wm.edu/etd/1616444331.
Full textAbstract:
During the last decade, Trusted Execution Environment (TEE) provided by ARM TrustZone had become one of the most popular techniques to build security on mobile devices. On a TrustZone-enabled system, the software can execute in either Secure World (trusted) and Normal World (untrusted). Meanwhile, along with the expeditious development of TrustZone technology, the security of TEE is also challenged by dealing with more and more on-board hardware and in-TEE applications. In this dissertation, we explicitly study the security of ARM TrustZone technology with the latest ARM architecture in three aspects. First, we study the security of the TrustZone-assisted asynchronous introspection. Previously, asynchronous introspection mechanisms have been developed in the secure world to detect security policy violations in the normal world. However, we identify a new normal-world evasion attack that can defeat the asynchronous introspection by removing the attacking traces in parallel from one core when the secure-world checking is performing on another core. As the countermeasure, we propose a trustworthy asynchronous introspection mechanism called SATIN, which can effectively prevent evasion attacks with a minor system overhead by increasing the attackers' evasion time cost and decreasing the defender's inspecting time. Second, we design an ARM TrustZone-assisted connectivity mechanism, called TZNIC, to enable the secure world's access to network even at the presence of a malicious OS. TZNIC deploys two NIC drivers, one secure-world driver, and one normal-world driver, that multiplex one physical NIC. We utilize the ARM TrustZone high-privilege to protect the secure-world driver, and further resolve several challenges about sharing one set of hardware peripheral between two isolated software environments. The evaluation shows that TZNIC can provide a reliable network channel for the secure world. Third, we investigate the memory-safety of secure-world trusted applications. Though the existing TrustZone hardware focuses on protecting the application's confidentiality and integrity from malicious accesses of the normal world, there is little the secure world can do when the inside applications contain vulnerabilities and further get exploited by the normal world. To enhance the security of the secure-world application, we propose RusTEE, a TrustZone-based SDK that enables the development of trusted applications in the memory-safe programming language Rust. RusTEE can utilize the built-in security checks of Rust to mitigate all memory-corruption vulnerabilities for trusted applications. Besides, we enhance the trusted application's security by enforcing the memory-safety on its invocations of system-service APIs and cross-world communication channels.
34
Babecki, Christopher. "A Memory-Array Centric Reconfigurable Hardware Accelerator for Security Applications." Case Western Reserve University School of Graduate Studies / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=case1427381331.
Full text
35
Boraten, Travis Henry. "Hardware Security Threat and Mitigation Techniques for Network-on-Chips." Ohio University / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1596031630118173.
Full text
36
Maji, Saurav. "Energy-efficient protocol and hardware for security of implantable devices." Thesis, Massachusetts Institute of Technology, 2019. https://hdl.handle.net/1721.1/122701.
Full textAbstract:
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 77-83).
Modern-day bio-electronics has truly revolutionized monitoring, diagnosis, and treatment of disease. The continued development of microelectronic has fueled the development of implantable and wearable devices by enabling them with increased functionality and features. According to the report, global active implantable medical devices (IMDs) market was valued at approximately USD 16.47 billion in 2017 and is expected to generate revenue of around USD 23.33 billion by the end of 2024 [63]. However, the deployment of these devices is limited by their security concerns. Several attacks have been demonstrated on IMDs by exploiting their weaknesses [29, 36, 38, 58, 72]. Although these attacks have been demonstrated for academic investigation, these are enough to confirm that the security of these systems needs to be addressed more aggressively. In this work, we analyze the security concerns in the design of the IMDs and the interactions with the other parties involved. Based on this analysis, we propose a protocol to address some of the shortcomings. Our protocol features a dual-factor authentication system in the IMD that relies on both cryptographic security as well as voluntary human actions before responding to any request. We discuss the merits of the protocol and analyze the trade-offs involved. The proposed protocol is implemented in an energy-efficient integrated circuit-and-system solution to emulate an actual implantable device. The design decisions involved to make the system energy-efficient and to accelerate the cryptographic computation are analyzed in detail. Finally, the impact of the implemented protocol on the entire system is obtained and discussed for various use-cases.
"Analog Devices Fellowship and Analog Devices Inc. for providing financial support during various phases of this project"
by Saurav Maji.
S.M.
S.M. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
37
Drzevitzky, Stephanie [Verfasser], Marco Akademischer Betreuer] Platzner, and Uwe [Akademischer Betreuer] [Kastens. "Proof-carrying hardware : a novel approach to reconfigurable hardware security / Stephanie Drzevitzky. Betreuer: Marco Platzner ; Uwe Kastens." Paderborn : Universitätsbibliothek, 2012. http://d-nb.info/1036891348/34.
Full text
38
Hoffmann, Max [Verfasser], Christof [Gutachter] Paar, and Ingrid [Gutachter] Verbauwhede. "Security and subvertability of modern hardware : a journey through selected layers of hardware security / Max Hoffmann ; Gutachter: Christof Paar, Ingrid Verbauwhede ; Fakultät für Elektrotechnik und Informationstechnik." Bochum : Ruhr-Universität Bochum, 2020. http://d-nb.info/1223175952/34.
Full text
39
Lu, Qi Charles. "Active tamper-detector hardware mechanism and FPGA implementation /." Diss., Online access via UMI:, 2006.
Find full text
40
Dinh, Tien Tuan Anh. "Trustworthy infrastructure for Peer-to-Peer applications using hardware based security." Thesis, University of Birmingham, 2010. http://etheses.bham.ac.uk//id/eprint/1015/.
Full textAbstract:
Peer-to-Peer (P2P) infrastructure has been used for designing many large-scale distributed systems. Structured P2P, in particular, has received a greater amount of research attention. Having trust in such the P2P environments can help mitigate many problems including security, because peers can choose to interact with the ones that are deemed trustworthy. However, there exists numerous hurdles that need to be overcome before a reliable trust system can be implemented for P2P. This thesis seeks to improve the existing reputation metrics and feedback mechanisms which are important components of the trust system. The new reputation metrics are more resilient to manipulations, and they take into account negative feedback. New protocols are also proposed as parts of the feedback mechanisms, and they allow an honest peer in a structured P2P system to securely detect if another peer has misbehaved. The new protocols make used of hardware-based security which is in the form of trusted devices: TPMs and the newly proposed trusted device called TTMs. The protocols are analyzed using formal methods and simulation. CSP is used to model and verify the properties of these protocols. The performance of these protocols is then evaluated using a new, distributed simulation platform called dPeerSim.
41
Pundir, Nitin K. Pundir. "Design of a Hardware Security PUF Immune to Machine Learning Attacks." University of Toledo / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1513009797455883.
Full text
42
Azhar, Mahmood Javed. "Duty-Cycle Based Physical Unclonable Functions (PUFs) for Hardware Security Applications." Thesis, University of South Florida, 2019. http://pqdtopen.proquest.com/#viewpdf?dispub=10980455.
Full textAbstract:
Duty cycle and frequency are important characteristics of periodic signals that are exploited to develop a variety of application circuits in IC design. Controlling the duty cycle and frequency provides a method to develop adaptable circuits for a variety of applications. These applications range from stable on-chip clock generation circuits, on-chip voltage regulation circuits, and Physical unclonable functions for hardware security applications. Ring oscillator circuits that are developed with CMOS inverter circuits provide a simple, versatile flexible method to generated periodic signals on an IC chip. A digitally controlled ring oscillator circuit can be adapted to control its duty cycle and frequency. This work describes a novel current starved ring oscillator, with digitally controlled current source based headers and footers, that is used to provide a versatile duty cycle and a precise frequency control. Using this novel circuit, the duty cycle and frequency can be adapted to a wide range of values. The proposed circuit achieves i) a controlled duty cycle that can vary between 20% and 90% with a high granularity and ii) a compensation circuit that guarantees a constant duty cycle under process, voltage, and temperature (PVT) variations.
A novel application of the proposed PWM circuit is the design and demonstration of a reliable and reconfigurable Duty-cycle based Physical unclonable function (PUF). The proposed PWM based PUF circuit is demonstrated to work in a reliable and stable operation for a variety of process, voltage and temperature conditions with circuit implementations using 22nm and 32nm CMOS technologies. A comparative presentation of the duty cycle based PUF are provided using standard PUF figures of merits.
43
Azhar, Mahmood Javed. "Duty-Cycle Based Physical Unclonable Functions (PUFs) for Hardware Security Applications." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7470.
Full textAbstract:
Duty cycle and frequency are important characteristics of periodic signals that are exploited to develop a variety of application circuits in IC design. Controlling the duty cycle and frequency provides a method to develop adaptable circuits for a variety of applications. These applications range from stable on-chip clock generation circuits, on-chip voltage regulation circuits, and Physical unclonable functions for hardware security applications. Ring oscillator circuits that are developed with CMOS inverter circuits provide a simple, versatile flexible method to generated periodic signals on an IC chip. A digitally controlled ring oscillator circuit can be adapted to control its duty cycle and frequency. This work describes a novel current starved ring oscillator, with digitally controlled current source based headers and footers, that is used to provide a versatile duty cycle and a precise frequency control. Using this novel circuit, the duty cycle and frequency can be adapted to a wide range of values. The proposed circuit achieves i) a controlled duty cycle that can vary between 20% and 90% with a high granularity and ii) a compensation circuit that guarantees a constant duty cycle under process, voltage, and temperature (PVT) variations. A novel application of the proposed PWM circuit is the design and demonstration of a reliable and reconfigurable Duty-cycle based Physical unclonable function (PUF). The proposed PWM based PUF circuit is demonstrated to work in a reliable and stable operation for a variety of process, voltage and temperature conditions with circuit implementations using 22nm and 32nm CMOS technologies. A comparative presentation of the duty cycle based PUF are provided using standard PUF figures of merits.
44
Challa, Rohith Prasad. "SR Flip-Flop Based Physically Unclonable Function (PUF) for Hardware Security." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7669.
Full textAbstract:
Physically Unclonable Functions (PUFs) are now widely being used to uniquely identify Integrated Circuits (ICs). In this work, we propose a novel Set-Reset (SR) Flip-flop based PUF design. For a NAND gate based SR flip-flop, the input condition S (Set) = 1 and R (Reset) = 1 must be avoided as it is an inconsistent condition. When S=R=1 is applied followed by S=R=0, then the outputs Q and Q' undergo race condition and depending on the delays of the NAND gates in the feedback path, the output Q can settle at either 0 or 1. Because of process variations in an IC, the NAND delays are statistical in nature. Thus, for a given SR FF based $n$-bit register implemented in an IC, when we apply S=R=1 to all flip-flops followed by S=R=0, then we obtain an $n$ bit string that can be interpreted as a signature of the chip. Due to process variations, the signature is highly likely to be unique for an IC. We validated the proposed idea by SPICE-level simulations for 90nm, 45nm, and 32nm designs for both intra- and inter-chip variations to establish the robustness of the proposed PUF. Experimental results for 16-, 32-, 64-, and 128-bit registers based on Monte-Carlo simulations demonstrate that the proposed PUF is robust. The main advantage of the proposed PUF is that there is very little area overhead as we can reuse existing registers in the design.
45
Fießler, Andreas Christoph Kurt. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications." Doctoral thesis, Humboldt-Universität zu Berlin, 2019. http://dx.doi.org/10.18452/20023.
Full textAbstract:
Die Menge an in Computernetzwerken verarbeiteten Daten steigt stetig, was Netzwerkgeräte wie Switches, Bridges, Router und Firewalls vor Herausfordungen stellt.
Die Performance der verbreiteten, CPU/softwarebasierten Ansätze für die Implementierung dieser Aufgaben ist durch den inhärenten Overhead in der sequentiellen Datenverarbeitung limitiert, weshalb solche Funktionalitäten vermehrt auf dedizierten Hardwarebausteinen realisiert werden.
Diese bieten eine schnelle, parallele Verarbeitung mit niedriger Latenz, sind allerdings aufwendiger in der Entwicklung und weniger flexibel.
Nicht jede Anwendung kann zudem für parallele Verarbeitung optimiert werden.
Diese Arbeit befasst sich mit hybriden Ansätzen, um eine bessere Ausnutzung der jeweiligen Stärken von Soft- und Hardwaresystemen zu ermöglichen, mit Schwerpunkt auf der Paketklassifikation.
Es wird eine Firewall realisiert, die sowohl Flexibilität und Analysetiefe einer Software-Firewall als auch Durchsatz und Latenz einer Hardware-Firewall erreicht.
Der Ansatz wird auf einem Standard-Rechnersystem, welches für die Hardware-Klassifikation mit einem rekonfigurierbaren Logikbaustein (FPGA) ergänzt wird, evaluiert.
Eine wesentliche Herausforderung einer hybriden Firewall ist die Identifikation von Abhängigkeiten im Regelsatz.
Es werden Ansätze vorgestellt, welche den redundanten Klassifikationsaufwand auf ein Minimum reduzieren, wie etwa die Wiederverwendung von Teilergebnissen der hybriden Klassifikatoren oder eine exakte Abhängigkeitsanalyse mittels Header Space Analysis.
Für weitere Problemstellungen im Bereich der hardwarebasierten Paketklassifikation, wie dynamisch konfigurierbare Filterungsschaltkreise und schnelle, sichere Hashfunktionen für Lookups, werden Machbarkeit und Optimierungen evaluiert.
Der hybride Ansatz wird im Weiteren auf ein System mit einer SDN-Komponente statt einer FPGA-Erweiterung übertragen. Auch hiermit können signifikante Performancegewinne erreicht werden.Network devices like switches, bridges, routers, and firewalls are subject to a continuous development to keep up with ever-rising requirements. As the overhead of software network processing already became the performance-limiting factor for a variety of applications, also former software functions are shifted towards dedicated network processing hardware. Although such application-specific circuits allow fast, parallel, and low latency processing, they require expensive and time-consuming development with minimal possibilities for adaptions. Security can also be a major concern, as these circuits are virtually a black box for the user. Moreover, the highly parallel processing capabilities of specialized hardware are not necessarily an advantage for all kinds of tasks in network processing, where sometimes a classical CPU is better suited. This work introduces and evaluates concepts for building hybrid hardware-software-systems that exploit the advantages of both hardware and software approaches in order to achieve performant, flexible, and versatile network processing and packet classification systems. The approaches are evaluated on standard software systems, extended by a programmable hardware circuit (FPGA) to provide full control and flexibility. One key achievement of this work is the identification and mitigation of challenges inherent when a hybrid combination of multiple packet classification circuits with different characteristics is used. We introduce approaches to reduce redundant classification effort to a minimum, like re-usage of intermediate classification results and determination of dependencies by header space analysis. In addition, for some further challenges in hardware based packet classification like filtering circuits with dynamic updates and fast hash functions for lookups, we describe feasibility and optimizations. At last, the hybrid approach is evaluated using a standard SDN switch instead of the FPGA accelerator to prove portability.
46
Portella, Rodrigo. "Balancing energy, security and circuit area in lightweight cryptographic hardware design." Thesis, Paris Sciences et Lettres (ComUE), 2016. http://www.theses.fr/2016PSLEE036/document.
Full textAbstract:
Cette thèse aborde la conception et les contremesures permettant d'améliorer le calcul cryptographique matériel léger. Parce que la cryptographie (et la cryptanalyse) sont de nos jours de plus en plus omniprésentes dans notre vie quotidienne, il est crucial que les nouveaux systèmes développés soient suffisamment robustes pour faire face à la quantité croissante de données de traitement sans compromettre la sécurité globale. Ce travail aborde de nombreux sujets liés aux implémentations cryptographiques légères. Les principales contributions de cette thèse sont : - Un nouveau système d'accélération matérielle cryptographique appliqué aux codes BCH ; - Réduction de la consommation des systèmes embarqués et SoCs ; - Contre-mesures légères des attaques par canal auxiliaire applicables à l'algorithme de chiffrement reconfigurable AES ;- CSAC : Un pare-feu sécurisé sur la puce cryptographique ; - Attaques par analyse fréquentielle ; - Un nouveau protocole à divulgation nulle de connaissance appliquée aux réseaux de capteurs sans fil ; - OMD : Un nouveau schéma de chiffrement authentifiéThis thesis addresses lightweight hardware design and countermeasures to improve cryptographic computation. Because cryptography (and cryptanalysis) is nowadays becoming more and more ubiquitous in our daily lives, it is crucial that newly developed systems are robust enough to deal with the increasing amount of processing data without compromising the overall security. This work addresses many different topics related to lightweight cryptographic implementations. The main contributions of this thesis are: - A new cryptographic hardware acceleration scheme applied to BCH codes; - Hardware power minimization applied to SoCs and embedded devices; - Timing and DPA lightweight countermeasures applied to the reconfigurable AES block cipher; - CSAC: A cryptographically secure on-chip firewall; - Frequency analysis attack experiments; - A new zero-knowledge zero-knowledge protocol applied to wireless sensor networks; - OMD: A new authenticated encryption scheme
47
Vaslin, Romain. "Hardware core for off-chip memory security management in embedded system." Lorient, 2008. http://www.theses.fr/2008LORIS119.
Full textAbstract:
Nous proposons une architecture matérielle sécurisée du démarrage du système en passant par l'exécution des applications jusqu'à sa mise àjour sur le terrain. Une nouvelle technique afin de garantir la confidentialité et l'intégrité des données en mémoires est présentée et évaluée dans un premier temp L'architecture proposée est alors étendue avec de nouvelles fonctionnalités qui permettent de gérer à la volée le niveau de sécurité spécifique à la donnée. Ceci ayant pour but de minimiser au maximum les coûts engendrés par la sécurité et notamment la surface, la performance, la consommation mémoire et e��nergétique de l'architecture. Cette base étant évaluée au traves de différentes applications temps réel s'exécutant sur l'architecture sécurisée, l'étape suivante est la mise en oeuvre complète d'un système. Pour cela une méthode de démarrage sécurisée est également proposée afin de lancer les applications depuis une mémoire flash. D'autre mécanismes sont également introduits afin de permettre une mise à jour des applications contenues dans la flash et leur exécution par la suite sur l'architecture sécurisée. L'ensemble des résultats générés ont pour but de montrer que la solution proposée correspond aux besoins et aux capacités des systèmes embarqués. Pour la première fois le coût de la sécurité a été évalué sur l'ensemble des caractéristiques spécifiques au domaine des systèmes embarqués (surface, performance, consommation mémoire et énergétique) pour une chaine totalement sécuriséeWe offer a secure hardware architecture for system boot up, secure software execution and on field update. A new scheme is presented to guarantee dat confidentiality and integrity for off-chip memories. The architecture capabilities are extended to support on the fly security level management of data. The goal is to minimize the overhead due to security like logic area, performance, memory footprint and power consumption for the architecture. After careful evaluation through real time applications execution with this secure architecture, the next step was to provide an end to end solution. Toward th solution, a secure boot up mechanism is proposed in order to securely start applications from a flash memory. More techniques are also introduced to allow on field software update for later secure execution with the architecture. A complete set ofresults has been generated in order to underline the fact that the proposed solution matches with the current needs and constraints of embedded systems. For the first time the security cost in area, performance, memory and power has been evaluated for embedded systems with an end to end solution
48
Vlach, Jiří. "Zabezpečovací ústředna - hardware." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2010. http://www.nusl.cz/ntk/nusl-218368.
Full textAbstract:
This work deals with the design and realization of a modular security central unit's hardware positioned in familial houses. As an operating component of the central unit is used Module Rabbit 3365 with an integrated Ethernet interface. Based on user's requirements and general requirements for electronic security system, circuit diagrams of the central unit's motherboard and power supply with a function of backup power supply are designed. The work also includes layout of a keyboard and LCD display. Printed circuit boards are designed, produced and assembled. The device is set to work. The last part concerns programming of the module Rabbit 3365 in Dynamic C. Gradually, set of operating functions for individual components of the security central unit are implemented.
49
Johnston, B. A. "Investigation of methods for secure transmission of digital data at high speed." Thesis, University of Hertfordshire, 1987. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.377565.
Full text
50
Hoque, Tamzidul. "Ring Oscillator Based Hardware Trojan Detection." University of Toledo / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1430413190.
Full text