A Physical Hash for Preventing and Detecting Cyber-Physical Attacks in Additive Manufacturing Systems

Brandman, Joshua Erich

22 June 2017

This thesis proposes a new method for detecting malicious cyber-physical attacks on additive manufacturing (AM) systems. The method makes use of a physical hash, which links digital data to the manufactured part via a disconnected side-channel measurement system. The disconnection ensures that if the network and/or AM system become compromised, the manufacturer can still rely on the measurement system for attack detection. The physical hash takes the form of a QR code that contains a hash string of the nominal process parameters and toolpath. It is manufactured alongside the original geometry for the measurement system to scan and compare to the readings from its sensor suite. By taking measurements in situ, the measurement system can detect in real-time if the part being manufactured matches the designer's specification. A proof-of-concept validation was realized on a material extrusion machine. The implementation was successful and demonstrated the ability of this method to detect the existence (and absence) of malicious attacks on both process parameters and the toolpath. A case study for detecting changes to the toolpath is also presented, which uses a simple measurement of how long each layer takes to build. Given benchmark readings from a 30x30 mm square layer created on a material extrusion system, several modifications were able to be detected. The machine's repeatability and measurement technique's accuracy resulted in the detection of a 1 mm internal void, a 2 mm scaling attack, and a 1 mm skewing attack. Additionally, for a short to moderate length build of an impeller model, it was possible to detect a 0.25 mm change in the fin base thickness. A second case study is also presented wherein dogbone tensile test coupons were manufactured on a material extrusion system at different extrusion temperatures. This process parameter is an example of a setting that can be maliciously modified and have an effect on the final part strength without the operator's knowledge. The performance characteristics (Young's modulus and maximum stress) were determined to be statistically different at different extrusion temperatures (235 and 270 °C). / Master of Science

additive manufacturing

3D printing

cyber-physical security

physical hash

in situ monitoring

side-channel measurement

EdgeFn: A Lightweight Customizable Data Store for Serverless Edge Computing

Paidiparthy, Manoj Prabhakar

01 June 2023

Serverless Edge Computing is an extension of the serverless computing paradigm that enables the deployment and execution of modular software functions on resource-constrained edge devices. However, it poses several challenges due to the edge network's dynamic nature and serverless applications' latency constraints. In this work, we introduce EdgeFn, a lightweight distributed data store for the serverless edge computing system. While serverless comput- ing platforms simplify the development and automated management of software functions, running serverless applications reliably on resource-constrained edge devices poses multiple challenges. These challenges include a lack of flexibility, minimum control over management policies, high data shipping, and cold start latencies. EdgeFn addresses these challenges by providing distributed data storage for serverless applications and allows users to define custom policies that affect the life cycle of serverless functions and their objects. First, we study the challenges of existing serverless systems to adapt to the edge environment. Sec- ond, we propose a distributed data store on top of a Distributed Hash Table (DHT) based Peer-to-Peer (P2P) Overlay, which achieves data locality by co-locating the function and its data. Third, we implement programmable callbacks for storage operations which users can leverage to define custom policies for their applications. We also define some use cases that can be built using the callbacks. Finally, we evaluate EdgeFn scalability and performance using industry-generated trace workload and real-world edge applications. / Master of Science / Serverless Edge Computing is an extension of the serverless computing paradigm that enables the deployment and execution of modular software functions on resource-constrained edge devices. However, it poses several challenges due to the edge network's dynamic nature and serverless applications' latency constraints. In this work, we introduce EdgeFn, a lightweight distributed data store for the serverless edge computing system. While serverless comput- ing platforms simplify the development and automated management of software functions, running serverless applications reliably on resource-constrained edge devices poses multiple challenges. These challenges include a lack of flexibility, minimum control over management policies, high data shipping, and cold start latencies. EdgeFn addresses these challenges by providing distributed data storage for serverless applications and allows users to define custom policies that affect the life cycle of serverless functions and their objects. First, we study the challenges of existing serverless systems to adapt to the edge environment. Sec- ond, we propose a distributed data store on top of a Distributed Hash Table (DHT) based Peer-to-Peer (P2P) Overlay, which achieves data locality by co-locating the function and its data. Third, we implement programmable callbacks for storage operations which users can leverage to define custom policies for their applications. We also define some use cases that can be built using the callbacks. Finally, we evaluate EdgeFn scalability and performance using industry-generated trace workload and real-world edge applications.

Serverless Computing

Edge Computing

Distributed Hash Table

Peer-to-Peer (P2P) Overlay Network

GraphDHT: Scaling Graph Neural Networks' Distributed Training on Edge Devices on a Peer-to-Peer Distributed Hash Table Network

Gupta, Chirag

03 January 2024

This thesis presents an innovative strategy for distributed Graph Neural Network (GNN) training, leveraging a peer-to-peer network of heterogeneous edge devices interconnected through a Distributed Hash Table (DHT). As GNNs become increasingly vital in analyzing graph-structured data across various domains, they pose unique challenges in computational demands and privacy preservation, particularly when deployed for training on edge devices like smartphones. To address these challenges, our study introduces the Adaptive Load- Balanced Partitioning (ALBP) technique in the GraphDHT system. This approach optimizes the division of graph datasets among edge devices, tailoring partitions to the computational capabilities of each device. By doing so, ALBP ensures efficient resource utilization across the network, significantly improving upon traditional participant selection strategies that often overlook the potential of lower-performance devices. Our methodology's core is weighted graph partitioning and model aggregation in GNNs, based on partition ratios, improving training efficiency and resource use. ALBP promotes inclusive device participation in training, overcoming computational limits and privacy concerns in large-scale graph data processing. Utilizing a DHT-based system enhances privacy in the peer-to-peer setup. The GraphDHT system, tested across various datasets and GNN architectures, shows ALBP's effectiveness in distributed GNN training and its broad applicability in different domains and structures. This contributes to applied machine learning, especially in optimizing distributed learning on edge devices. / Master of Science / Graph Neural Networks (GNNs) are a type of machine learning model that focuses on analyzing data structured like a network, such as social media connections or biological systems. These models can help identify patterns and make predictions in various tasks, but training them on large-scale datasets can require significant computing power and careful handling of sensitive data. This research proposes a new method for training GNNs on small devices, like smartphones, by dividing the data into smaller pieces and using a peer-to-peer (p2p) network for communication between devices. This approach allows the devices to work together and learn from the data while keeping sensitive information private. The main contributions of this research are threefold: (1) examining existing ways to divide network data and how they can be used for training GNNs on small devices, (2) improving the training process by creating a localized, decentralized network of devices that can communicate and learn together, and (3) testing the method on different types of datasets and GNN models, showing that it works well across a variety of situations. To sum up, this research offers a novel way to train GNNs on small devices, allowing for more efficient learning and better protection of sensitive information.

Graph Neural Networks

Graph Partitioning

Distributed Hash Table

Federated Learning

Peer-to-peer (P2P) Overlay Network

Scaled: Scalable Federated Learning via Distributed Hash Table Based Overlays

Kim, Taehwan

14 April 2022

In recent years, Internet-of-Things (IoT) devices generate a large amount of personal data. However, due to the privacy concern, collecting the private data in cloud centers for training Machine Learning (ML) models becomes unrealistic. To address this problem, Federated Learning (FL) is proposed. Yet, central bottleneck has become a severe concern since the central node in traditional FL is responsible for the communication and aggregation of mil- lions of edge devices. In this paper, we propose Scalable Federated Learning via Distributed Hash Table Based Overlays for network (Scaled) to conduct multiple concurrently running FL-based applications over edge networks. Specifically, Scaled adopts a fully decentral- ized multiple-master and multiple-slave architecture by exploiting Distributed Hash Table (DHT) based overlay networks. Moreover, Scaled improves the scalability and adaptability by involving all edge nodes in training, aggregating, and forwarding. Overall, we make the following contributions in the paper. First, we investigate the existing FL frameworks and discuss their drawbacks. Second, we improve the existing FL frameworks from centralized master-slave architecture by using DHT-based Peer-to-Peer (P2P) overlay networks. Third, we implement the subscription-based application-level hierarchical forest for FL training. Finally, we demonstrate Scaled's scalability and adaptability over large scale experiments. / Master of Science / In recent years, Internet-of-Things (IoT) devices generate a large amount of personal data. However, due to privacy concerns, collecting the private data in central servers for training Machine Learning (ML) models becomes unrealistic. To address this problem, Federated Learning (FL) is proposed. In traditional ML, data from edge devices (i.e. phones) should be collected to the central server to start model training. In FL, training results, instead of the data, are collected to perform training. The benefit of FL is that private data can never be leaked during the training. However, there is a major problem in traditional FL: a single point of failure. When power to a central server goes down or the central server is disconnected from the system, it will lose all the data. To address this problem, Scaled: Scalable Federated Learning via Distributed Hash Table Based Overlays is proposed. Instead of having one powerful main server, Scaled launches many different servers to distribute the workload. Moreover, since Scaled is able to build and manage multiple trees at the same time, it allows multi-model training.

Federated Learning

Machine Learning

Distributed Hash Table

Edge Computing

Peer-to-peer (P2P) Overlay Network

Cryptographic hash functions : cryptanalysis, design and applications

Gauravaram, Praveen Srinivasa

January 2007

Cryptographic hash functions are an important tool in cryptography to achieve certain security goals such as authenticity, digital signatures, digital time stamping, and entity authentication. They are also strongly related to other important cryptographic tools such as block ciphers and pseudorandom functions. The standard and widely used hash functions such as MD5 and SHA-1 follow the design principle of Merkle-Damgard iterated hash function construction which was presented independently by Ivan Damgard and Ralph Merkle at Crypto'89. It has been established that neither these hash functions nor the Merkle-Damgard construction itself meet certain security requirements. This thesis aims to study the attacks on this popular construction and propose schemes that offer more resistance against these attacks as well as investigating alternative approaches to the Merkle-Damgard style of designing hash functions. This thesis aims at analysing the security of the standard hash function Cellular Authentication and Voice Encryption Algorithm (CAVE) used for authentication and key-derivation in the second generation (2G) North American IS-41 mobile phone system. In addition, this thesis studies the analysis issues of message authentication codes (MACs) designed using hash functions. With the aim to propose some efficient and secure MAC schemes based on hash functions. This thesis works on three aspects of hash functions: design, cryptanalysis and applications with the following significant contributions: * Proposes a family of variants to the Damgard-Merkle construction called 3CG for better protection against specific and generic attacks. Analysis of the linear variant of 3CG called 3C is presented including its resistance to some of the known attacks on hash functions. * Improves the known cryptanalytical techniques to attack 3C and some other similar designs including a linear variant of GOST, a Russian standard hash function. * Proposes a completely novel approach called Iterated Halving, alternative to the standard block iterated hash function construction. * Analyses provably secure HMAC and NMAC message authentication codes (MACs) based on weaker assumptions than stated in their proofs of security. Proposes an efficient variant for NMAC called NMAC-1 to authenticate short messages. Proposes a variant for NMAC called M-NMAC which offers better protection against the complete key-recovery attacks than NMAC. As well it is shown that M-NMAC with hash functions also resists side-channel attacks against which HMAC and NMAC are vulnerable. Proposes a new MAC scheme called O-NMAC based on hash functions using just one secret key. * Improves the open cryptanalysis of the CAVE algorithm. * Analyses the security and legal implications of the latest collision attacks on the widely used MD5 and SHA-1 hash functions.

cryptography

hash functions

cryptanalysis

design

applications

Merkle-Damgard construction

CAVE

3CG

3C

GOST-L

F-Hash

NMAC

HMAC

O-NMAC

M-NMAC

NMAC-1

iterated halving

digital signatures

side-channel attacks

practical and legal implications

Uma arquitetura de nomeação para a internet utilizando redes virtuais

Sousa, Joelle Quaini

26 November 2007

Made available in DSpace on 2016-06-02T19:05:31Z (GMT). No. of bitstreams: 1 2017.pdf: 2776743 bytes, checksum: cc39daf3470ef4356480296d650d108c (MD5) Previous issue date: 2007-11-26 / Regarding new computational and networking requisites such as wireless networks, mutihoming interfaces, load-balancing mechanisms and several other middleboxes [1] present today, these facts, allied to the static and conservative nature of the Internet and its sheer size turn the capability to correct these problems an almost impossible attempt, as it demands structural changes. In the Internet inception, in the late 70th, neither mobility nor multihoming where foreseen in its original intents. In this sense, the proposition of a novel naming architecture for the Internet to identify univocally services and data, irrespective to its node characteristics, would have an acute changing effect and will allow its elements to be precisely represented and authenticated. In order to achieve these purposes, the use of Virtual Networks was considered as it allows the incremental introduction of new technologies, protocols and applications being itself a more viable alternative when compared to several failed attempts to introduce new structural changes to the Internet [2; 3]. A proposal for a taxonomy for Virtual Networks was described here as a result of a site survey that was conducted to function as subject to this architecture proposition. Besides, a literature investigation of related projects followed by a network testbed of several protocols originated the proposition of a Layered Naming Architecture for the Internet using Virtual Networks. / Face a vários novos requisitos de comunicação demandados por equipamentos em desenvolvimento constante, tais como computadores móveis portadores de múltiplas interfaces comunicantes, devido à inserção de diversos middleboxes [1], o modelo arquitetural TCP/IP necessita ser aprimorado para suportar novas tecnologias e protocolos. Originalmente, quando a Internet foi projetada, no final dos anos 70 nem mobilidade nem multihoming (i.e. equipamento com diversas conectividades físicas simultâneas) foram considerados. Pela proposição de uma nova arquitetura de nomeação para a Internet, que seja capaz de identificar univocamente qualquer entidade comunicante, bem como proporcionar suporte às tecnologias já extensamente utilizadas, este trabalho objetivou promover a mobilidade e o suporte a diversos middleboxes para a Internet, principalmente no que diz respeito à identificação e à autenticação de nós e objetos (i.e. serviços, dados e usuários). Almejando atingir tal objetivo utilizou-se a tecnologia de Redes Virtuais, que permite uma adesão incremental de suas funcionalidades, protocolos e aplicações. Esta abordagem não representa, portanto, um modelo cujas mudanças à arquitetura da Internet causam-lhe transformações estruturais, diferentemente de outras propostas que abordaram este problema desta forma sem sucesso [2; 3]. Para tanto, uma taxonomia de Redes Virtuais foi proposta e avaliada por um estudo de caso que compreendeu a sua aplicação prática. Além disso, realizou-se uma análise de bancada de redes de diversos protocolos e o estudo das propostas da literatura associada. Tais realizações culminaram na proposta de uma Arquitetura de Nomeação para a Internet utilizando Redes Virtuais Overlay.

Redes de computação protocolos

DNS

Internet (Redes de computação)

Banco de dados

Arquitetura TCP/IP

Overlays

Redes virtuais

Tabelas hash distribuídas

Distributed hash table

TCP/IP architecture

Virtual networks

Elektronický podpis a jeho využití v účetnictví / Electronic signature and its use in accounting

Guzý, Ladislav

January 2013

Diploma thesis is focused on matters of electronic signatures and their possible usage in accounting and business process. The paper is divided into two parts. Subject of the first part is general analysis of terminology and characteristics of electronic signature, certificates and certification authorities and time stamps, including analysis of strengths and weaknesses of these services. At the end of this theory part are outlined some of the most common choices of using electronic signature in accounting system. In second part are analysed results of research, which was performed by sending questionnaire to a number of randomly chosen companies.

Kryptografie na výpočetně omezených zařízeních / Cryptography on Computationally Limited Devices

Hampl, Dalibor

January 2012

The thesis focuses on cryptographic algorithms of low performance devices, and mutual authentication of authentication server and user using smart cards. In the first part of this thesis the cryptography, cryptographic primitives, cryptographic goals, security models and cryptographic algorithms of low performance devices are presented. The second part focuses on low performance devices as RFID tags, NFC technology, microcontrollers and smart cards (.NET cards, java cards, MIFARE cards). The practical part deals with the comparison of chosen low performance devices and measure the time required for encryption and decryption using different cryptographic algorithms on Gemalto .NET Smart Card V2+. This thesis describes and explains the three authentication schemes for mutual authentication of remote server and user using smart cards. The new authentication scheme, which is based on the second related scheme, attempts to eliminate possible security attacks and keeps efficiency. For all four authentication schemes the application is implemented to test required time for authentication of server and user using smart cards.

Urychlení těžby Bitcoinů / Bitcoin Mining Acceleration

Novotný, Jan

January 2014

This master's thesis deals with virtual currency called Bitcoin. It describes the functioning of the currency of technical perspective especially the implementation of the transaction, the way of its validation and ensuring the integrity by using cryptographic functions. Furthermore, it describes the principle of the Bitcoin creation, particularly mining method called pooled mining. The thesis also describes the communication protocols and design of architecture to acceleration of the bitcoin mining. Finally, there are described tests, assessment and proposals for the continuation of work.

Efficient External-Memory Graph Search for Model Checking

Lamborn, Peter C

17 May 2014

Model checking problems suffer from state space explosion. State space explosion is the number of states in the graph increases exponentially with the number of variables in the state description. Searching the large graphs required in model checking requires an efficient algorithm. This dissertation explores several methods to improve an externalmemory search algorithm for model checking problems. A tool implementing these methods is built on top of the Murphi model checker. One improvement is a state cache for immediate detection leveraging the properties of state locality. A novel type of locality, intralayer locality is explained and shown to exist in a variety of search spaces. Another improvement, partial delayed duplicate detection, exploits interlayer locality to reduce search times. An automatic partitioning function is described that allows hash-based delayed duplicate detection to be used without domain knowledge of the state space. A phased delayed duplicate detection algorithm combining features of hash-based delayed duplicate detection and sorting-based delayed duplicate detection is explained and compared to the other methods.

Model Checking

External Memory

Search

Delayed Duplicate Detection

Interlayer Locality

Hash-based Delayed Duplicate Detection

State Cache

Intralayer Locality

Immediate Duplicate Detection

Phased Delayed Duplicate Detection

Partial Delayed Duplicate Detection

Automatic Hash Function