21 |
Discovery and Evaluation of Finite State Machines in Hardware SecurityGeist, James 01 January 2023 (has links) (PDF)
In the decades since the invention of the integrated circuit (IC), IC's have become ubiquitous, complex, and networked. High transistor density and the low cost of production at scale have made it economically feasible to use complex custom IC's in almost any engineering application. While IC's provide a powerful tool for solving many engineering problems, the low cost comes from outsourcing production and reusing existing design components. Both of these dependencies introduce security risk; unwanted functionality may be inserted either from opaque third party libraries used in a design or by any outside vendor involved in the fabrication process. As it is far easier to verify that specified functionality works as intended than to discover unwanted functionality, verifying that a design has not been tampered with is an important, difficult problem. In stateful designs, Finite State Machines (FSM's) choreograph the operation of the design. With knowledge of the primary inputs and the current state, an FSM instructs other subsystems what to do next. Given this central role, an FSM is an obvious target for malicious exploitation. A bad actor can add states to an FSM that may only be entered via a non-obvious sequence of inputs; these states may then leak information via a side channel, or corrupt operation of the device in a denial of service attack. Such exploitation can be avoided both proactively and reactively. This dissertation introduces methods for discovering, extracting, modifying, and analyzing FSM's in post-compilation netlists. Such netlists may be acquired either in house directly after a design is compiled, or recovered by microscopy techniques post-fabrication. This dissertation introduces several methods applicable to the problem. In order to study FSM's in a netlist, the FSM's must first be located. One method to find FSM's is to search for the control signals which drive it. A proposed algorithm for discovering control signals, RELIC-FUN, provides more accurate results than other algorithms on specific designs. Once an FSM is discovered, state transition enumeration is key to comparing the FSM's behavior to the original design. This dissertation introduces two new tools, RECUT and REFSM-SAT, which provide significantly better performance than existing enumeration algorithms. Noting that FSM's, both structurally and semantically, are graph theoretical constructs, a new graphical environment, NetViz, is introduced. NetViz is an environment for hardware security which allows chaining of analysis algorithms and graphical display of, and interaction with, analysis results. Finally, an existing logic locking algorithm, SANSCrypt, is shown to be insecure due to structural FSM analysis techniques.
|
22 |
A Semi-Autonomous Credit/Debit Card Transaction Fraud Defense Framework for Online MerchantsLaurens, Roy 01 January 2023 (has links) (PDF)
The majority of online credit/debit card fraud research focuses on the defense by back-end entities, such as card issuer or processor (i.e., payment processing company), and overlooks the fraud defense initiated by online merchants. This is problematic because the merchants – especially online merchants – are the ones generally held responsible for covering any loss due to transaction fraud. Thus they have a great incentive to detect and defend against card fraud. But at the same time, compared with card issuers, they also lack access to large samples needed for data mining (such as existing purchase data of a cardholder). This dissertation presents a novel semi-autonomous framework for online merchants to defend against such fraud by utilizing three interrelated components: a supervised classifier based on existing fraud pattern and our newly developed DNS fingerprinting, an unsupervised anomaly detection method using diversity index, and a novel soft descriptor based verification system. The classifier and the anomaly detection work together to allow our framework to detect known fraud patterns and adapt to the previously undetected patterns. Afterward, suspicious transactions can be autonomously verified by requesting the customer to provide a unique identifier that was previously embedded in the soft descriptor during the card transaction processing. This verification process greatly improves fraud detection accuracy without adding a burden on most legitimate customers. Our framework can be readily implemented and we have deployed several aspects of our framework at a real-world e-commerce Merchant website, with the real testing results explained in this dissertation.
|
23 |
Towards Secure and Trustworthy IoT SystemsLuo, Lan 01 January 2022 (has links) (PDF)
The boom of the Internet of Things (IoT) brings great convenience to the society by connecting the physical world to the cyber world, but it also attracts mischievous hackers for benefits. Therefore, understanding potential attacks aiming at IoT systems and devising new protection mechanisms are of great significance to maintain the security and privacy of the IoT ecosystem. In this dissertation, we first demonstrate potential threats against IoT networks and their severe consequences via analyzing a real-world air quality monitoring system. By exploiting the discovered flaws, we can impersonate any victim sensor device and polluting its data with fabricated data. It is a great challenge to fight against runtime software attacks targeting IoT devices based on microcontrollers (MCUs) due to the heterogeneity and constrained computational resources of MCUs. An emerging hardware-based solution is TrustZone-M, which isolates the trusted execution environment from the vulnerable rich execution environment. Though TrustZone-M provides the platform for implementing various protection mechanisms, programming TrustZone-M may introduce a new attack surface. We explore the feasibility of launching five exploits in the context of TrustZone-M and validate these attacks using SAM L11, a Microchip MCU with TrustZone-M enabled. We then propose a security framework for IoT devices using TrustZone-M enabled MCUs, in which device security is protected in five dimensions. The security framework is implemented and evaluated with a full-fledged secure and trustworthy air quality monitoring device using SAM L11 as its MCU. Based on TrustZone-M, a function-based ASLR (fASLR) scheme is designed for runtime software security of IoT devices. fASLR is capable of trapping and modifying control flow upon a function call and randomizing the callee function before its execution. Evaluation results show that fASLR achieves high entropy with low overheads.
|
24 |
Improving the Security of Critical Infrastructure: Metrics, Measurements, and AnalysisPark, Jeman 01 January 2020 (has links) (PDF)
In this work, we propose three important contributions needed in the process of improving the security of the critical infrastructure: metrics, measurement, and analysis. To improve security, metrics are key to ensuring the accuracy of the assessment and evaluation. Measurements are the core of the process of identifying the causality and effectiveness of various behaviors, and accurate measurement with the right assumptions is a cornerstone for accurate analysis. Finally, contextualized analysis essential for understanding measurements. Different results can be derived for the same data according to the analysis method, and it can serve as a basis for understanding and improving systems security. In this dissertation, we look at whether these key concepts are well demonstrated in existing (networked) systems and research products. In the first thrust, we verified the validity of volume-based contribution evaluation metrics used in threat information sharing systems. Further, we proposed a qualitative evaluation as an alternative to supplement the shortcomings of the volume-based evaluation method. In the second thrust, we measured the effectiveness of the low-rate DDoS attacks in a realistic environment to highlight the importance of establishing assumptions grounded in reality for measurements. Moreover, we theoretically analyzed the low-rate DDoS attacks and conducted additional experiments to validate them. In the last thrust, we conducted a large-scale measurement and analyzed the behaviors of open resolvers, to estimate the potential threats of them. We then went beyond just figuring out the number of open resolvers and explored new implications that the behavioral analysis could provide. We also experimentally shown the existence of forwarding resolvers and their behavior by precisely analyzing DNS resolution packets.
|
25 |
FPGA-Augmented Secure Crash-Consistent Non-Volatile MemoryZou, Yu 01 January 2021 (has links) (PDF)
Emerging byte-addressable Non-Volatile Memory (NVM) technology, although promising superior memory density and ultra-low energy consumption, poses unique challenges to achieving persistent data privacy and computing security, both of which are critically important to the embedded and IoT applications. Specifically, to successfully restore NVMs to their working states after unexpected system crashes or power failure, maintaining and recovering all the necessary security-related metadata can severely increase memory traffic, degrade runtime performance, exacerbate write endurance problem, and demand costly hardware changes to off-the-shelf processors. In this thesis, we summarize and expand upon two of our innovative works, ARES and HERMES, to design a new FPGA-assisted processor-transparent security mechanism aiming at efficiently and effectively achieving all three aspects of a security triad—confidentiality, integrity, and recoverability—in modern embedded computing. Given the growing prominence of CPU-FPGA heterogeneous computing architectures, ARES leverages FPGA's hardware reconfigurability to offload performance-critical and security-related functions to the programmable hardware without microprocessors' involvement. In particular, recognizing that the traditional Merkle tree caching scheme cannot fully exploit FPGA's parallelism due to its sequential and recursive function calls, ARES proposed a new Merkle tree cache architecture and a novel Merkle tree scheme which flattened and reorganized the computation in the traditional Merkle tree verification and update processes to fully exploit the parallel cache ports and to fully pipeline time-consuming hashing operations. To further optimize the throughput of BMT operations, HERMES proposed an optimally efficient dataflow architecture by processing multiple outstanding counter requests simultaneously. Specifically, HERMES explored and addressed three technical challenges when exploiting task-level parallelism of BMT and proposed a speculative execution approach with both low latency and high throughput.
|
26 |
High Performance and Secure Execution Environments for Emerging ArchitecturesAlwadi, Mazen 01 January 2020 (has links) (PDF)
Energy-efficiency and performance have been the driving forces of system architectures and designers in the last century. Given the diversity of workloads and the significant performance and power improvements when running workloads on customized processing elements, system vendors are drifting towards new system architectures (e.g., FAM or HMM). Such architectures are being developed with the purpose of improving the system's performance, allow easier data sharing, and reduce the overall power consumption. Additionally, current computing systems suffer from a very wide attack surface, mainly due to the fact that such systems comprise of tens to hundreds of sub-systems that could be manufactured by different vendors. Vulnerabilities, backdoors, and potentially hardware trojans injected anywhere in the system form a serious risk for confidentiality and integrity of data in computing systems. Thus, adding security features is becoming an essential requirement in modern systems. In the purpose of achieving these performance improvements and power consumption reduction, the emerging NVMs stand as a very appealing option to be the main memory building block or a part of it. However, integrating the NVMs in the memory system can lead to several challenges. First, if the NVM is used as the sole memory, incorporating security measures can exacerbate the NVM's write endurance and reduce its lifetime. Second, integrating the NVM as a part of the main memory as in DRAM-NVM hybrid memory systems can lead to higher performance overheads of persistent applications. Third, Integrating the NVM as a memory extension as in fabric-attached memory architecture can cause a high contention over the security metadata cache. Additionally, in FAM architectures, the memory sharing can lead to security metadata coherence problems. In this dissertation, we study these problems and propose novel solutions to enable secure and efficient integration of NVMs in the emerging architectures.
|
27 |
Understanding the Security of Emerging Systems: Analysis, Vulnerability Management, and Case StudiesAnwar, Afsah 01 January 2021 (has links) (PDF)
The Internet of Things (IoT) integrates a wide range of devices into a network to provide intelligent services. The lack of security mechanisms in such systems can cause an exposure of sensitive private data. Moreover, a networks of compromised IoT devices can allow adversaries the ability to bring down crucial systems. Indeed, adversaries have exploited software vulnerabilities in these devices for their benefit, and to execute various malicious intents. Therefore, understanding the software of these emerging systems is of the utmost importance. Building towards this goal, in this dissertation, we undertake a comprehensive analysis of the IoT software by employing different analysis techniques. To analyze the emerging IoT software systems, we first perform an in-depth and thorough analysis of the IoT binaries through static analysis. Through efficient and scalable static analysis, we extract artifacts that highlight the dynamics of the malware. In particular, by analyzing the strings, functions, and Control Flow Graphs (CFGs) of the IoT malware, we uncover their execution strategy, unique textual characteristics, and network dependencies. Additionally, through analysis of CFGs, we show the ability to approximate the main function. Using the extracted static artifacts, we design an effective malware detector. Noting that IoT malware have increased their sophistication and impact, the static approaches are prone to obfuscation that aims to evade analysis attempts. Acknowledging these attempts and to mitigate such threats, it is essential to profile the shared and exclusive behavior of these threats, such that they are easily achievable and aware of the capabilities of the widely-used IoT devices. To that end, we introduce MALInformer, an integrated dynamic and static analysis framework to analyze Linux-based IoT software and identify behavioral patterns for effective threat profiling. Leveraging an iterative signatures selection method, by taking into account the normalized frequency, cardinality, and programs covered by the signatures, MALInformer identifies distinctive and interpretable behaviors for every threat category. The static and dynamic analyses show the exploitability of the emerging systems. These weaknesses are typically reported to vulnerability databases along with the information that enable their reproduction and subsequent patching in other and related software. These weaknesses are assigned a Common Vulnerabilities and Exposures (CVE) number. We explore the quality of the reports in the National Vulnerability Database (NVD), unveiling their inconsistencies which we eventually fix. We then conduct case studies, including a large-scale evaluation of the cost of software vulnerabilities, revealing that the consumer product, software, and the finance industry are more likely to be negatively impacted by vulnerabilities. Overall, our work builds tools to analyze and detect the IoT malware and extract behavior unique to malware families. Additionally, our consistent NVD streamlines vulnerability management in emerging internet-connected systems, highlighting the economics aspects of vulnerabilities.
|
28 |
Exploring the Privacy Dimension of Wearables Through Machine Learning-Enabled InferenceMeteriz Yildiran, Ulku 01 January 2022 (has links) (PDF)
Today's hyper-connected consumers demand convenient ways to tune into information without switching between devices, which led the industry leaders to the wearables. Wearables such as smartwatches, fitness trackers, and augmented reality (AR) glasses can be comfortably worn on the body. In addition, they offer limitless features, including activity tracking, authentication, navigation, and entertainment. Wearables that provide digestible information stimulate even higher consumer demand. However, to keep up with the ever-growing user expectations, developers keep adding new features and interaction methods to augment the use cases without considering their privacy impacts. In this dissertation, we explore the privacy dimension of wearables through inference attacks facilitated by machine learning approaches. We start our investigation by exploring the attack surface introduced by fitness trackers. We propose an inference attack that breaches location privacy through the elevation profiles collected by fitness trackers. Our attack highlights that adversaries can infer the location from elevation profiles collected via fitness trackers. Second, we investigated the attack surface introduced by the smartwatches. We introduce an inference attack that exploits the smartwatch microphone to capture the acoustic emanations of physical keyboards and successfully infers what the user has been typing. With this attack, we showed that smartwatches add yet another privacy dimension to be considered. Third, we examined the privacy of AR domain. We designed an inference attack exploiting the geometric projection of hand movements in air. The attack framework predicts the typed text on an in-air tapping keyboard, which is only visible to the user. Our studies uncover various attack surfaces introduced by wearables that have not been studied in literature before. For each attack, we propose possible countermeasures to diminish the ramifications of the risks. We hope that our findings shed light to the privacy risks of wearables and guide the research community to more aware solutions.
|
29 |
A Value Sensitive Design Approach to Adolescent Mobile Online SafetyGhosh, Arup Kumar 01 January 2018 (has links)
With the rise of adolescent smartphone use, concerns about teen online safety are also on the rise. A number of parental control apps are available for mobile devices, but adoption of these apps has been markedly low. To better understand these apps, their users, and design opportunities in the space of mobile online safety for adolescents, we have conducted four studies informed by the principles of Value Sensitive Design (VSD). In Study 1 (Chapter 2), we conducted a web-based survey of 215 parents and their teens (ages 13-17) using two separate logistic regression models (parent and teen) to examine the factors that predicted parental use of technical monitoring apps on their teens' mobile devices. Both parent and teen models confirmed that low autonomy granting (e.g., authoritarian) parents were the most likely to use parental control apps. The teen model revealed additional nuances, indicating that teens who were victimized online and had peer problems were more likely to be monitored by their parents. Overall, increased parental control was associated with more (not fewer) online risks. In Study 2 (Chapter 3), we conducted a structured, qualitative feature analysis of 75 Android mobile apps designed for promoting adolescent online safety. We found that the available apps overwhelmingly supported parental control through restriction and monitoring over teen self-regulation or parental active mediation. In Study 3 (Chapter 4), we conducted a qualitative analysis of 736 reviews of 37 mobile online safety apps from Google Play that were publicly posted and written by teens. Our results indicate that teen ratings were significantly lower than that of parents with 76% of the teen reviews giving apps a single star. Teens felt that the apps were overly restrictive and invasive of their personal privacy, negatively impacting their relationships with their parents. For our final study (Chapter 5), we developed a mobile app prototype suggesting alternative designs for keeping teens safe online and conducted a user study which showed that parents and children (ages 10-17) both significantly preferred our new app design over existing parental control apps. Both parents and children reported that our VSD informed design is less privacy-invasive for children and would improve communication and trust relationship between them. Yet, more work needs to be done to improve approaches for risk detection and mediation that support online safety. In summary, this research will enable researchers and designers to create more effective solutions for teen online safety that will help promote more positive parent-teen relationships.
|
30 |
A Study of Perceptions on Incident Response Exercises, Information Sharing, Situational Awareness, and Incident Response Planning in Power Grid UtilitiesGarmon, Joseph 01 January 2019 (has links)
The power grid is facing increasing risks from a cybersecurity attack. Attacks that shut off electricity in Ukraine have already occurred, and successful compromises of the power grid that did not shut off electricity to customers have been privately disclosed in North America. The objective of this study is to identify how perceptions of various factors emphasized in the electric sector affect incident response planning. Methods used include a survey of 229 power grid personnel and the use of partial least squares structural equation modeling to identify causal relationships. This study reveals the relationships between perceptions by personnel responsible for cybersecurity, regarding incident response exercises, information sharing, and situational awareness, and incident response planning. The results confirm that the efforts by the industry on these topics have advanced planning for a potential attack.
|
Page generated in 0.0558 seconds