Detecting Unauthorized Activity in Lightweight IoT Devices

January 2020

abstract: The manufacturing process for electronic systems involves many players, from chip/board design and fabrication to firmware design and installation. In today's global supply chain, any of these steps are prone to interference from rogue players, creating a security risk. Manufactured devices need to be verified to perform only their intended operations since it is not economically feasible to control the supply chain and use only trusted facilities. It is becoming increasingly necessary to trust but verify the received devices both at production and in the field. Unauthorized hardware or firmware modifications, known as Trojans, can steal information, drain the battery, or damage battery-driven embedded systems and lightweight Internet of Things (IoT) devices. Since Trojans may be triggered in the field at an unknown instance, it is essential to detect their presence at run-time. However, it isn't easy to run sophisticated detection algorithms on these devices due to limited computational power and energy, and in some cases, lack of accessibility. Since finding a trusted sample is infeasible in general, the proposed technique is based on self-referencing to remove any effect of environmental or device-to-device variations in the frequency domain. In particular, the self-referencing is achieved by exploiting the band-limited nature of Trojan activity using signal detection theory. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, the malicious activity can differentiate without using a golden reference or any knowledge of the Trojan activity attributes. The proposed technique's effectiveness is demonstrated through experiments with collecting and processing side-channel signals, such as involuntarily electromagnetic emissions and power consumption, of a wearable electronics prototype and commercial system-on-chip under a variety of practical scenarios. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2020

Electrical engineering

Computer engineering

Engineering

Flexible Electronic Security

Hardware/Firmware Trojan Detection

IoT Security

Malicious Activity Detection

Side-Channel Analysis

Wearable Electronic Device Security

Malicious Activity Detection in Encrypted Network Traffic using A Fully Homomorphic Encryption Method

Adiyodi Madhavan, Resmi, Sajan, Ann Zenna

January 2022

Everyone is in need for their own privacy and data protection, since encryption transmission was becoming common. Fully Homomorphic Encryption (FHE) has received increased attention because of its capability to execute calculations over the encoded domain. Through using FHE approach, model training can be properly outsourced. The goal of FHE is to enable computations on encrypted files without decoding aside from the end outcome. The CKKS scheme is used in FHE.Network threats are serious danger to credential information, which enable an unauthorised user to extract important and sensitive data by evaluating the information of computations done on raw data. Thus the study provided an efficient solution to the problem of privacy protection in data-driven applications using Machine Learning. The study used an encrypted NSL KDD dataset. Machine learning-based techniques have emerged as a significant trend for detecting malicious attack. Thus, Random Forest (RF) is proposed for the detection of malicious attacks on Homomorphic encrypted data in the cloud server. Logistic Regression (LR) machine learning model is used to predict encrypted data on cloud server. Regardless of the distributed setting, the technique may retain the accuracy and integrity of the previous methods to obtain the final results.

Malicious Activity Detection

Cloud Computing

Network Traffic

Fully Homomorphic Encryption (FHE)

Machine Learning

Random Forest(RF)

Logistic Regession (LR)

Engineering and Technology

Teknik och teknologier