Global ETD Search

11	Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization Li, Mengyuan 29 September 2022 (has links) No description available. Computer Science
12	Detecting Electromagnetic Injection Attack on FPGAs Using In Situ Timing Sensors Gujar, Surabhi Satyajit 29 August 2018 (has links) Nowadays, security is one of the foremost concerns as the confidence in a system is mostly dependent on its ability to protect itself against any attack. The area of Electromagnetic Fault Injection (EMFI) wherein attackers can use electromagnetic (EM) pulses to induce faults has started garnering increasing attention. It became crucial to understand EM attacks and find the best countermeasures. In this race to find countermeasures, different researchers proposed their ideas regarding the generation of EM attacks and their detection. However, it is difficult to see a universal agreement on the nature of these attacks. In this work, we take a closer look at the analysis of the primary EMFI fault models suggested earlier. Initial studies had shown that EM glitches caused timing violations, but recently it was proposed that EM attacks can create bit sets and bit resets. We performed a detailed experimental evaluation of the existing detection schemes on two different FPGA platforms. We present their comparative design analysis concerning their accuracy, precision, and cost. We propose an in situ timing sensor to overcome the disadvantages of the previously proposed detection approaches. This sensor can successfully detect most of the electromagnetic injected faults with high precision. We observed that the EM attack behaves like a localized timing attack in FPGAs which can be identified using the in situ timing sensors. / MS / When computers are built only for a specific application, they are called embedded systems. Over the past decade, there has been an incredible increase in the number of embedded systems around us. Right from washing machines to electronic locks, we can see embedded systems in almost every aspect of our lives. There is an increasing integration of embedded systems in applications such as cars and buildings with the advent of smart technologies. Due to our heavy reliance on such devices, it is vital to protect them against intentional attacks. Apart from the software attacks, it is possible for an attacker to disrupt or control the functioning of a system by physically attacking its hardware using various techniques. We look at one such technique that uses electromagnetic pulses to create faults in a system. We experimentally evaluate two of the previously suggested methods to detect electromagnetic injection attacks. We present a new sensor for this detection which we believe is more effective than the previously discussed detection schemes. Hardware Security Field programmable gate arrays Electromagnetic Injection Fault Attacks
13	Securing Telemetry Post Processing Applications with Hardware Based Security Kalibjian, Jeff 10 1900 (has links) International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, California / The use of hardware security for telemetry in satellites utilized for intelligence and defense applications is well known. Less common is the use of hardware security in ground-based computers hosting applications that post process telemetry data. Analysis reveals vulnerabilities in software only security solutions that can result in the compromise of telemetry data housed on ground-based computer systems. Such systems maybe made less susceptible to compromise with the use of hardware based security. Hardware Security Modules (HSM) Hardware Security Module Hybrids (HSMH) Common Criteria (CC) security boundary key management
14	Sécurité pour les réseaux du futur : gestion sécurisée des identités / Security for future networks : secure identity management Aissaoui Mehrez, Hassane 10 July 2015 (has links) Aujourd'hui, l'Internet change radicalement nos habitudes, avec l'arrivée massive du nomadisme, l'internet des objets, l'utilisation croissante de l'informatique en grille, les services Web, les réseaux sociaux et l'émergence de nouvelles approches dans ces dernières années. La virtualisation des infrastructures informatiques et le Cloud Computing ont particulièrement, permis de définir des nouveaux paradigmes, appelés X as a Service (XaaS), introduisant ainsi une rupture assez franche avec les modèles traditionnels, qui sont perçus comme une étape préparatoire vers l'Internet du Futur. En effet, la mise en œuvre de ces paradigmes, permet de mutualiser et de réorganiser le système informatique de manière différente, de dématérialiser les infrastructures physiques, de déporter les systèmes ou les applications sur des conteneurs virtuels distants. Par conséquent, l'architecture globale de l'Internet doit évoluer, en s'appuyant fortement sur ces nouvelles approches, en particulier, le Cloud Computing et la virtualisation. Malheureusement, comme toute technologie nouvelle, elle crée de nouveaux risques, qui viennent se greffer aux problèmes traditionnels : la séparation des privilèges, la gestion des accès, la gestion de l'identité, les failles des logiciels de virtualisation, l'isolation des machines virtuelles (VM), la protection des données personnelles, la vie privée, la réversibilité pendant l'externalisation (Outsourcing), etc. Les services basés sur les Clouds requièrent des fonctions de collaboration inter-fonctionnelles sécurisées ainsi que des systèmes de protection contre l'utilisation abusive des ressources. Ces systèmes doivent être équilibrés de façon raisonnable avec les besoins de confidentialité, d’intégrité, de protection de la vie privée des utilisateurs. Ils doivent permettre l’authentification des utilisateurs sans révéler des informations sur leur identité. Ainsi, une offre de services personnalisés aux clients dans un environnement virtuel et/ou transorganisationnel, en utilisant des mécanismes de sécurité adaptés à des infrastructures traditionnelles, peut prendre une dimension très complexe dans le modèle Cloud Computing, et peut constituer des défis à soulever pour les fournisseurs de ces services. Parmi ces défis à résoudre, la gestion d’identités des ressources, qui constitue un élément crucial pour authentifier les services à consommer, minimiser le risque d’accès frauduleux à des données personnelles, qui peut conduire à des conséquences désastreuses pour une entreprise ou un client. Les solutions existantes sont insuffisantes pour répondre aux défis soulevés par ces nouvelles approches. La mise en œuvre de ces modèles et ces outils posent des défis sécuritaires à la fois d’ordre organisationnel, architectural et protocolaire, pour garantir à chaque client des niveaux de sécurité. Ces niveaux doivent être identifiés pour guider les choix architecturaux et techniques à prendre, pour répondre en particulier aux exigences (LoA : Level of Assurance) et (LoT : Level of Trust), qu’un fournisseur de Cloud doit mettre en place pour garantir et protéger ses ressources. En effet, ces verrous et ces défis sécuritaires vont être relevés dans ce travail de recherche qui se situe dans le cadre du projet sécurité pour les réseaux du futur (SecFuNet : Security for Future Networks). C’est un projet collaboratif entre l’Europe et le Brésil, qui implique neuf partenaires européens répartis sur (la France, la Pologne, l'Allemagne et le Portugal) et 7 partenaires académiques brésiliens. Ce projet a pour ambition de proposer une nouvelle infrastructure de sécurité générale pour la communication des informations des utilisateurs sur Internet. L’objectif principal est de concevoir et développer une nouvelle architecture de sécurité cohérente pour les réseaux virtuels. / Today, the Internet is changing radically our habits, especially with the massive influx of the nomadic techniques, the Internet of objects, the growing use of grid computing, wireless networks and the emergence of new approaches in recent years. In particular, the virtualization of the computing infrastructures, which allowed defining a new model called Cloud Computing, introducing an enough frank breakdown with the traditional models, can be perceived as a preparatory stage towards the Internet of future.The implementation of these approaches allows, in a different way : mutualization and organization of the computer system. It allows to dematerialize the physical infrastructures and to deport applications on distant containers. Therefore, the global architecture of Internet should be evolved. It will rely strongly on these new approaches and in particular, Cloud Computing and virtualization. However, no system is infallible especially if resources are distributed and mutualized. They raise a number of problems and involve directly security issues, which remain one of the main barriers to the adoption of these technologies.Like any new technology, Cloud Computing and virtualization create new risks, which come to graft to traditional threats of the outsourcing management of the privilege separation, the identity and accesses management, the robustness of the virtualization software, the virtual machine isolation, the personal data protection, reversibility, privacy... The traditional Internet architecture cannot provide the adequate solutions to the challenges raised by these new approaches: mobility, flexibility, security requirements, reliability and robustness. Thus, a research project (SecFuNet : Security For Future Networks) was validated by the European Commission, to provide some answers, to make a state of the art of these security mechanisms and a comprehensive study of orchestration and integration techniques based on protection components within overall security architecture. Internet Trust as a Service Grille de cartes à puce Hardware Security Module Eap-Tls Identity User-Centric Management Cloud Computing Trust as a Service Hardware Security Module 004.67
15	Systematic Analysis and Methodologies for Hardware Security Moein, Samer 18 December 2015 (has links) With the increase in globalization of Integrated Circuit (IC) design and production, hardware trojans have become a serious threat to manufacturers as well as consumers. These trojans could be intensionally or accidentally embedded in ICs to make a system vulnerable to hardware attacks. The implementation of critical applications using ICs makes the effect of trojans an even more serious problem. Moreover, the presence of untrusted foundries and designs cannot be eliminated since the need for ICs is growing exponentially and the use of third party software tools to design the circuits is now common. In addition if a trusted foundry for fabrication has to be developed, it involves a huge investment. Therefore, hardware trojan detection techniques are essential. Very Large Scale Integration (VLSI) system designers must now consider the security of a system against internal and external hardware attacks. Many hardware attacks rely on system vulnerabilities. Moreover, an attacker may rely on deprocessing and reverse engineering to study the internal structure of a system to reveal the system functionality in order to steal secret keys or copy the system. Thus hardware security is a major challenge for the hardware industry. Many hardware attack mitigation techniques have been proposed to help system designers build secure systems that can resist hardware attacks during the design stage, while others protect the system against attacks during operation. In this dissertation, the idea of quantifying hardware attacks, hardware trojans, and hardware trojan detection techniques is introduced. We analyze and classify hardware attacks into risk levels based on three dimensions Accessibility/Resources/Time (ART). We propose a methodology and algorithms to aid the attacker/defender to select/predict the hardware attacks that could use/threaten the system based on the attacker/defender capabilities. Because many of these attacks depends on hardware trojans embedded in the system, we propose a comprehensive hardware trojan classification based on hardware trojan attributes divided into eight categories. An adjacency matrix is generated based on the internal relationship between the attributes within a category and external relationship between attributes in different categories. We propose a methodology to generate a trojan life-cycle based on attributes determined by an attacker/defender to build/investigate a trojan. Trojan identification and severity are studied to provide a systematic way to compare trojans. Trojan detection identification and coverage is also studied to provide a systematic way to compare detection techniques and measure their e effectiveness related to trojan severity. We classify hardware attack mitigation techniques based on the hardware attack risk levels. Finally, we match these techniques to the attacks the could countermeasure to help defenders select appropriate techniques to protect their systems against potential hardware attacks. / Graduate / 0544 / 0984 / samerm@uvic.ca Hardware Attack Mitigation Hardware Attacks Hardware Security Hardware Trojan Detection Hardware Trojans 3D-ART Schema
16	Cryptographic techniques for hardware security Tselekounis, Ioannis January 2018 (has links) Traditionally, cryptographic algorithms are designed under the so-called black-box model, which considers adversaries that receive black-box access to the hardware implementation. Although a "black-box" treatment covers a wide range of attacks, it fails to capture reality adequately, as real-world adversaries can exploit physical properties of the implementation, mounting attacks that enable unexpected, non-black-box access, to the components of the cryptographic system. This type of attacks is widely known as physical attacks, and has proven to be a significant threat to the real-world security of cryptographic systems. The present dissertation is (partially) dealing with the problem of protecting cryptographic memory against physical attacks, via the use of non-malleable codes, which is a notion introduced in a preceding work, aiming to provide privacy of the encoded data, in the presence of adversarial faults. In the present thesis we improve the current state-of-the-art on non-malleable codes and we provide practical solutions for protecting real-world cryptographic implementations against physical attacks. Our study is primarily focusing on the following adversarial models: (i) the extensively studied split-state model, which assumes that private memory splits into two parts, and the adversary tampers with each part, independently, and (ii) the model of partial functions, which is introduced by the current thesis, and models adversaries that access arbitrary subsets of codeword locations, with bounded cardinality. Our study is comprehensive, covering one-time and continuous, attacks, while for the case of partial functions, we manage to achieve a stronger notion of security, that we call non-malleability with manipulation detection, that in addition to privacy, it also guarantees integrity of the private data. It should be noted that, our techniques are also useful for the problem of establishing, private, keyless communication, over adversarial communication channels. Besides physical attacks, another important concern related to cryptographic hardware security, is that the hardware fabrication process is assumed to be trusted. In reality though, when aiming to minimize the production costs, or whenever access to leading-edge manufacturing facilities is required, the fabrication process requires the involvement of several, potentially malicious, facilities. Consequently, cryptographic hardware is susceptible to the so-called hardware Trojans, which are hardware components that are maliciously implanted to the original circuitry, having as a purpose to alter the device's functionality, while remaining undetected. Part of the present dissertation, deals with the problem of protecting cryptographic hardware against Trojan injection attacks, by (i) proposing a formal model for assessing the security of cryptographic hardware, whose production has been partially outsourced to a set of untrusted, and possibly malicious, manufacturers, and (ii) by proposing a compiler that transforms any cryptographic circuit, into another, that can be securely outsourced.
17	Assuring Intellectual Property Through Physical and Functional Comparisons Hastings, Adam Kendall 01 December 2018 (has links) Hardware trojans pose a serious threat to trusted computing. However, hardware trojan detection methods are both numerous and onerous, making hardware trojan detection a difficult and time-consuming procedure. This thesis introduces the IP Assurance Framework, which drastically improves the time it takes design teams to test for hardware trojans. The IP Assurance Framework is implemented in two ways: The first method, Physical Assurance, compares instantiated IP blocks to a golden model via physical-level comparisons, while the second method, Functional Assurance, compares IP to a golden model using logical-level comparisons. Both methods are demonstrated to distinguish between tampered and untampered IP blocks, with a tolerable effect on IP timing and area. hardware security hardware trojans intellectual property IP assurance Electrical and Computer Engineering
18	Understanding Security Threats of Emerging Computing Architectures and Mitigating Performance Bottlenecks of On-Chip Interconnects in Manycore NTC System Rajamanikkam, Chidhambaranathan 01 May 2019 (has links) Emerging computing architectures such as, neuromorphic computing and third party intellectual property (3PIP) cores, have attracted significant attention in the recent past. Neuromorphic Computing introduces an unorthodox non-von neumann architecture that mimics the abstract behavior of neuron activity of the human brain. They can execute more complex applications, such as image processing, object recognition, more efficiently in terms of performance and energy than the traditional microprocessors. However, focus on the hardware security aspects of the neuromorphic computing at its nascent stage. 3PIP core, on the other hand, have covertly inserted malicious functional behavior that can inflict range of harms at the system/application levels. This dissertation examines the impact of various threat models that emerges from neuromorphic architectures and 3PIP cores. Near-Threshold Computing (NTC) serves as an energy-efficient paradigm by aggressively operating all computing resources with a supply voltage closer to its threshold voltage at the cost of performance. Therefore, STC system is scaled to many-core NTC system to reclaim the lost performance. However, the interconnect performance in many-core NTC system pose significant bottleneck that hinders the performance of many-core NTC system. This dissertation analyzes the interconnect performance, and further, propose a novel technique to boost the interconnect performance of many-core NTC system. Hardware Security Neuromorphic Computing Network-on-Chips Near-Threshold Computing Memristors Electrical and Computer Engineering
19	Detecting RTL Trojans Using Artificial Immune Systems and High Level Behavior Classification Zareen, Farhath 20 February 2019 (has links) Security assurance in a computer system can be viewed as distinguishing between self and non-self. Artificial Immune Systems (AIS) are a class of machine learning (ML) techniques inspired by the behavior of innate biological immune systems, which have evolved to accurately classify self-behavior from non-self-behavior. This work aims to leverage AIS-based ML techniques for identifying certain behavioral traits in high level hardware descriptions, including unsafe or undesirable behaviors, whether such behavior exists due to human error during development or due to intentional, malicious circuit modifications, known as hardware Trojans, without the need fora golden reference model. We explore the use of Negative Selection and Clonal Selection Algorithms, which have historically been applied to malware detection on software binaries, to detect potentially unsafe or malicious behavior in hardware. We present a software tool which analyzes Trojan-inserted benchmarks, extracts their control and data-flow graphs (CDFGs), and uses this to train an AIS behavior model, against which new hardware descriptions may be tested. Clonal Selection Algorithm, Control/Data-Flow Graphs Hardware Security Hardware Trojans Negative Selection Algorithm Computer Sciences
20	ADVANCED LOW-COST ELECTRO-MAGNETIC AND MACHINE LEARNING SIDE-CHANNEL ATTACKS Josef A Danial (9520181) 16 December 2020 (has links) Side-channel analysis (SCA) is a prominent tool to break mathematically secure cryptographic engines, especially on resource-constrained devices. SCA attacks utilize physical leakage vectors like the power consumption, electromagnetic (EM) radiation, timing, cache hits/misses, that reduce the complexity of determining a secret key drastically, going from 2<sup>128</sup> for brute force attacks to 2<sup>12</sup> for SCA in the case of AES-128. Additionally, EM SCA attacks can be performed non-invasively without any modifications to the target under attack, unlike power SCA. To develop defenses against EM SCA, designers must evaluate the cryptographic implementations against the most powerful side-channel attacks. In this work, systems and techniques that improve EM side-channel analysis have been explored, making it lower-cost and more accessible to the research community to develop better countermeasures against such attacks. The first chapter of this thesis presents SCNIFFER, a platform to perform efficient end-to-end EM SCA attacks. SCNIFFER introduces leakage localization – an often-overlooked step in EM attacks – into the loop of an attack. Following SCNIFFER, the second chapter presents a practical machine learning (ML) based EM SCA attack on AES-128. This attack addresses issues dealing with low signal-to-noise ratio (SNR) EM measurements, proposing training and pre-processing techniques to perform an efficient profiling attack. In the final chapter, methods for mapping from power to EM measurements, are analyzed, which can enable training a ML model with much lower number of encryption traces. Additionally, SCA evaluation of high-level synthesis (HLS) based cryptographic algorithms is performed, along with the study of futuristic neural encryption techniques. Computer Engineering Computer System Security Hardware Security Side-channel analysis Side-channel attacks Machine Learning

Search results