Side Channel Analysis Research Framework (SCARF)

Mefford, Greg

11 October 2012

No description available.

Computer Engineering

cryptography

side-channel

power-analysis

security

software

research

The geology of Kelleys Island

Fisher, Mildred

January 1922

No description available.

IIII

quarry

Shore

limestone

ISLAND

Lucas

Side quarry

Electrolytic In Process Dressing (ELID) Applied To Double Side Grinding of Ceramic Materials

Spanu, Cristian E.

25 May 2004

No description available.

Grinding

Double Side Grinding

Ceramics

Electrolytic In-Process Dressing

Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization

Li, Mengyuan

29 September 2022

No description available.

Computer Science

Dataset for Machine Learning Based Cache Timing Attacks and Mitigation

Kalidasan, Vishnu Kumar

05 June 2024

Cache side-channel attacks have evolved alongside increasingly complex microprocessor architectural designs. The attacks and their prevention mechanisms, such as cache partitioning, OS kernel isolation, and various hardware/operating system enhancements, have similarly progressed. Nonetheless, side-channel attacks necessitate effective and efficient prevention mechanisms or alterations to hardware architecture. Recently, machine learning (ML) is an emerging method for detecting and defending such attacks. However, The effectiveness of machine learning relies on the dataset it is trained on. The datasets for training these ML models today are not vast enough to enhance the robustness and consistency of the model performance. This thesis aims to enhance the ML method for exploring various cache side-channel attacks and defenses by offering a more reasonable and potentially realistic dataset to distinguish between the attacker and the victim process. The dataset is gathered through a computer system simulation model, which is subsequently utilized to train both the attacker and detector agents of the model. Different ways to collect datasets using the system simulation are explored. A New Dataset for training and detecting cache side-channel attacks is also explored and methodized. Lastly, the effectiveness of the dataset is studied by training a Flush+Reload attacker and detector model performance. / Master of Science / Imagine a spy trying to steal secret information from a computer by listening to its clicks and whirs. That's kind of what a side-channel attack is. The computer uses a special memory called a cache to speed things up, but attackers can spy on this cache to learn bits and pieces of what the computer is working on. Numerous ways to mitigate such attacks have been proposed, but they were either costly to implement in terms of resources or the performance offset of the computer is large. New types of attacks are also being researched and discovered. More recently, Machine learning (ML) models are used for detecting or defending cache side-channel attacks. Currently the training ground truth or the input dataset for the ML models is not vast enough to enhance the robustness and consistency of the model performance. This thesis project aims to enhance the ML approach for exploring and detecting existing and unknown Cache side-channel attacks by offering a more reasonable and potentially realistic training ground (dataset). The dataset is gathered through a computer system simulation model, which is subsequently utilized to train the ML models. Different ways to collect datasets using the computer system simulation are explored. A New Dataset for training and detecting Cache side-channel attacks is also explored and methodised. Lastly, the effectiveness of the dataset is studied by training a Flush+Reload attacker performance.

Cache timing-attack

Cache side-channel

gem5

Autocat

Macta

Development of Nitrogen rate Recommendations for No-till Dryland Grain Sorghum in Virginia

Khosla, Rajiv

12 November 1998

Little research has been done in the humid mid-Atlantic region to develop full-season N fertilizer recommendations for dryland no-tillage grain sorghum (Sorghum bicolor L. Moench) production. The objectives of this study were: (i) to determine the optimum rate of band-placed starter N fertilizer needed in combination with side-dress N applications to achieve economic grain yields, (ii) to investigate if pre-plant broadcast N applications are as efficient as band-placed plus side-dress N applications, (iii) to evaluate the response of grain sorghum yield to partitioned side-dress N applications, and (iv) to study the influence of residual soil profile mineral-N (nitrate and ammonium) on sorghum response to applied N fertilization. Multi-location field studies were conducted over three years. A range of N treatments of various starter-band and side-dress N rates were applied. The experimental data indicate that an optimum rate of N fertilization depends on residual soil mineral-N. Little or zero starter-band-N in conjunction with side-dress-N applications of 130 kg of N ha-1 for soils testing high in mineral-N ( 50 kg N ha-1 in the top 0.3m of surface soil) at planting, and a starter-band-N supplement of 40 kg N ha-1 in conjunction with 130 kg N ha-1 side-dress N for soils testing low in mineral-N at planting, optimized the grain sorghum yields in these experiments. Broadcast N applications were observed to be as efficient as band placed N applications when followed by rainfall soon after application. Grain sorghum yields did respond to the partitioned side-dress N applications. However, partitioning of side-dress N application again depends on the residual mineral-N level present in the soil. In order to consider residual soil mineral-N in making N fertilizer recommendations "Associated Nitrogen Fertilizer Equivalency" (ANFE) values were calculated. ANFE is the amount of applied N that has potential to produce the same yield as that produced by the residual soil mineral-N. The N fertilizer recommendations based on ANFE values were quite close for two out of four sites as compared to the N rates at which the maximum yields were obtained in this study. / Ph. D.

Side-dress

Soil mineral-N

Sorghum

Nitrogen

Broadcast

Starter-band.

Cyber-Physical Security for Additive Manufacturing Systems

Sturm, Logan Daniel

16 December 2020

Additive manufacturing (AM) is a growing section of the advanced manufacturing field and is being used to fabricate an increasing number of critical components, from aerospace components to medical implants. At the same time, cyber-physical attacks targeting manufacturing systems have continued to rise. For this reason, there is a need to research new techniques and methods to ensure the integrity of parts fabricated on AM systems. This work seeks to address this need by first performing a detailed analysis of vulnerabilities in the AM process chain and how these attack vectors could be used to execute malicious part sabotage attacks. This work demonstrated the ability of an internal void attack on the .STL file to reduce the yield load of a tensile specimen by 14% while escaping detection by operators. To mitigate these vulnerabilities, a new impedance-based approach for in situ monitoring of AM systems was created. Two techniques for implementing this approach were investigated, direct embedding of sensors in AM parts, and the use of an instrumented fixture as a build plate. The ability to detect changes in material as small as 1.38% of the printed volume (53.8 mm3) on a material jetting system was demonstrated. For metal laser powder bed fusion systems, a new method was created for representing side-channel meltpool emissions. This method reduces the quantity of data while remaining sensitive enough to detect changes to the toolpath and process parameters caused by malicious attacks. To enable the SCMS to validate part quality during fabrication required a way to receive baseline part quality information across an air-gap. To accomplish this a new process noise tolerant method of cyber-physical hashing for continuous data sets was presented. This method was coupled with new techniques for the storage, transmission, and reconstructing of the baseline quality data was implemented using stacks of "ghost" QR codes stored in the toolpath to transmit information through the laser position. A technique for storing and transmitting quality information in the toolpath files of parts using acoustic emissions was investigated. The ATTACH (additive toolpath transmission of acoustic cyber-physical hash) method used speed modulation of infill roads in a material extrusion system to generate acoustic tones containing quality information about the part. These modulations were able to be inserted without affecting the build time or requiring additional material and did not affect the quality of the part that contained them. Finally, a framework for the design and implementation of a SCMS for protecting AM systems against malicious cyber-physical part sabotage attacks was created. The IDEAS (Identify, Define, Establish, Aggregate, Secure) framework provides a detailed reference for engineers to use to secure AM systems by leveraging the previous work in vulnerability assessment, creation of new side-channel monitoring techniques, concisely representing quality data, and securely transmitting information to air-gapped systems through physical emissions. / Doctor of Philosophy / Additive manufacturing (AM), more widely known as 3D printing, is a growing field of manufacturing where parts are fabricated by building layers of material on top of each other. This layer-based approach allows the production of parts with complex shapes that cannot be made using more traditional approaches such as machining. This capability allows for great freedom in designing parts, but also means that defects can be created inside of parts during fabrication. This work investigates ways that an adversary might seek to sabotage AM parts through a cyber-physical attack. To prevent attacks seeking to sabotage AM parts several new approaches for security are presented. The first approach uses tiny vibrations to detect changes to part shape or material by attaching a small sensor either directly to the parts or to the surface that they are built on. Because an attack that sabotages an AM system (3D printer) could also affect the systems used to detect part defects these systems should be digitally separated from each other. By using a series of QR codes fabricated by the AM system along with the parts, information can be sent from the AM system to the monitoring system through its sensors. This prevents a cyber-attack from jumping from the AM system to the monitoring system. By temporarily turning off the laser power and tracking the movements of the guiding mirrors the QR code information can be sent to the monitoring system without having to actually print the QR code. The information stored in the QR code is compared to the emission generated when fabricating the parts and is used to detect if an attack has occurred since that would change the emissions from the part, but not from the QR code. Another approach for sending information from the AM system using physical emissions is by using sounds generated during part fabrication. Using a desktop scale 3D printer, the speed of certain movements was increased or decreased. The change in speed causes the sound emitted from the printer to change, while not affecting the actual quality of the print. By using a series of tones, similar to Morse code, information can be sent from the printer. Research was performed on the best settings to use to transmit the information as well as how to automatically receive and decode the information using a microphone. The final step in this work is a framework that serves as a guide for designing and implementing monitoring systems that can detect sabotage attacks on AM parts. The framework covers how to evaluate a system for potential vulnerabilities and how to use this information to choose sensors and data processing techniques to reduce the risk of cyber-physical attacks.

Additive Manufacturing

Cyber-physical Security

Side-channels

In Situ Monitoring

Assessing Negative Side Effects in Virtual Environments

McGee, Michael K.

11 February 1998

Virtual environment (VE) systems have been touted as exciting new technologies with many varied applications. Today VEs are used in telerobotics, training, simulation, medicine, architecture, and entertainment. The future use of VEs seems limited only by the creativity of its designers. However, as with any developing technology, some difficulties need to be overcome. Certain users of VEs experience negative side effects from being immersed into the graphically rendered virtual worlds. Some side effects that have been observed include: disorientation, headaches, and difficulties with vision. These negative side effects threaten the safety and effectiveness of VE systems. Negative side effects have been found to develop in a variety of environments. The research focus on VE side effects thus far has been on the symptoms and not the causes. The main goals of this research is fourfold: 1) to compare a new measure for side effects with established ones; 2) begin analyzing the causes of side effects with an analysis of head-tracking; 3) to examine any adaptation that may occur within a session and between days of a session; and, 4) to examine possible predictors for users who may experience side effects. An experiment was conducted using two different VEs with either head-tracking on or head-tracking off over four days. A questionnaire, a balance test, a vision test, and magnitude estimations of side effects were used to assess the incidence and severity of sickness experienced in the VEs. Other assessments, including a mental rotation test, perceptual style, and a questionnaire on pre-existing susceptibility to motion sickness were administered. All factors were analyzed to determine what their relationships were with the incidence and severity of negative side effects that result from immersion into the VEs. Results showed that head-tracking induces more negative side effects than no head-tracking. The maze task environment induces more negative side effects than the office task environment. Adaptation did not occur from day to day throughout the four testing sessions. The incidence and severity of negative side effects increased at a constant rate throughout the 30 minute immersive VE sessions, but did not show any significant changes from day to day. No evidence was found for a predictor that would foretell who might be susceptible to motion sickness in VEs. / Master of Science

side effects

virtual environments

head-tracking

mental rotation

magnitude estimation

Supervoxel Based Object Detection and Seafloor Segmentation Using Novel 3d Side-Scan Sonar

Patel, Kushal Girishkumar

12 November 2021

Object detection and seafloor segmentation for conventional 2D side-scan sonar imagery is a well-investigated problem. However, due to recent advances in sensing technology, the side-scan sonar now produces a true 3D point cloud representation of the seafloor embedded with echo intensity. This creates a need to develop algorithms to process the incoming 3D data for applications such as object detection and segmentation, and an opportunity to leverage advances in 3D point cloud processing developed for terrestrial applications using optical sensors (e.g. LiDAR). A bottleneck in deploying 3D side-scan sonar sensors for online applications is attributed to the complexity in handling large amounts of data which requires higher memory for storing and processing data on embedded computers. The present research aims to improve data processing capabilities on-board autonomous underwater vehicles (AUVs). A supervoxel-based framework for over-segmentation and object detection is proposed which reduces a dense point cloud into clusters of similar points in a neighborhood. Supervoxels extracted from the point cloud are then described using feature vectors which are computed using geometry, echo intensity and depth attributes of the constituent points. Unsupervised density based clustering is applied on the feature space to detect objects which appear as outliers. / Master of Science / Acoustic imaging using side-scan sonar sensors has proven to be useful for tasks like seafloor mapping, mine countermeasures and habitat mapping. Due to advancements in sensing technology, a novel type of side-scan sonar sensor is developed which provides true 3D representation of the seafloor along with the echo intensity image. To improve the usability of the novel sensors on-board the carrying vehicles, efficient algorithms needs to be developed. In underwater robotics, limited computational and data storage capabilities are available which poses additional challenges in online perception applications like object detection and segmentation. In this project, I investigate a clustering based approach followed by an unsupervised machine learning method to perform detection of objects on the seafloor using the novel side scan sonar. I also show the usability of the approach for performing segmentation of the seafloor.

side-scan sonar

point clouds

supervoxels

feature extraction

object detection

The Art of SRAM Security: Tactics for Remanence-based Attack and Strategies for Defense

Mahmod, Jubayer

02 May 2024

The importance of securing hardware, particularly in the context of the Internet of Things (IoT), cannot be overstated in light of the increasing prevalence of low-level attacks. As the IoT industry continues to expand, security has become a more holistic concern, as evidenced by the wide range of attacks that we observed, from large-scale distributed denial-of-service attacks to data theft through monitoring a device's low-level behavior, such as power consumption. Traditional software-based security measures fall short in defending against the full spectrum of attacks, particularly those involving physical tampering with system hardware. This underscores the critical importance of proactively integrating attack vectors that encompass both hardware and software domains, with a particular emphasis on considering both the analog and digital characteristics of hardware. This thesis investigates system security from a hardware perspective, specifically examining how low-level circuit behavior and architectural design choices impact SRAM's data remanence and its implications for security. This dissertation not only identifies new vulnerabilities due to SRAM data remanence but also paves the way for novel security solutions in the ongoing "security arms race". I present an attack, volt boot, that executes cold-boot style short-term data remanence in on-chip SRAM without using temperature effect. This attack exploits the fact that SRAM's power bus is externally accessible and allows data retention using a simple voltage probe. Next, I present a steganography method that hides information in the SRAM exploiting long-term data remanence. This approach leverages aging-induced degradation to imprint data in SRAM's analog domain, ultimately resulting in hidden and plausibly deniable information storage in the hardware. Finally, I show how an adversary weaponizes SRAM data remanence to develop an attack on a hardware-backed security isolation mechanism. The following provides a brief overview of the three major contributions of this thesis: 1. Volt boot is an attack that demonstrates the vulnerability of on-chip SRAM due to the physical separation common in modern SoCs' power distribution networks. By probing external power pins (to the cache) of an SoC while simultaneously shutting down the main system power, Volt boot creates data retention across power cycles. On-chip SRAM can be a safe memory when the threat model considers traditional off-chip cold-boot-style attacks. This research demonstrates an alternative method for preserving information in on-chip SRAM through power cycles, expanding our understanding of data retention capabilities. Volt boot leverages asymmetrical power states (e.g., on vs. off) to force SRAM state retention across power cycles, eliminating the need for traditional cold boot attack enablers, such as low-temperature or intrinsic data retention time. 2. Invisible Bits is a hardware steganography technique that hides secret messages in the analog domain of SRAM embedded within a computing device. Exploiting accelerated transistor aging, Invisible Bits stores hidden data along with system data in an on-chip cache and provides a plausible deniability guarantee from statistical analysis. Aging changes the transistor's behavior which I exploit to store data permanently (ie long-term data remanence) in an SRAM. Invisible Bits presents unique opportunities for safeguarding electronic devices when subjected to inspections by authorities. 3. UntrustZone utilizes long-term data remanence to exfiltrate secrets from on-chip SRAM. An attacker application must be able to read retained states in the SRAM upon power cycles, but this needs changing the security privilege. Hardware security schemes, such as ARM TrustZone, erase a memory block before changing its security attributes and releasing it to other applications, making short-term data remanence attacks ineffective. That is, attacks such as Volt boot fail when hardware-backed isolation such as TEE is enforced. UntrustZone unveils a new threat to all forms of on-chip SRAM even when backed by hardware isolation: long-term data remanence. I show how an attacker systematically accelerates data imprinting on SRAM's analog domain to effectively burn in on-chip secrets and bypass TrustZone isolation. / Doctor of Philosophy / In computing systems, hardware serves as the fundamental bulwark against security breaches. The evolution in software security has compelled adversaries to seek potential vulnerabilities in the hardware.The infamous cold boot attack exemplifies such vulnerabilities, showcasing how adversaries exploit hardware to access runtime secrets, even when cryptographic algorithms protect the system's disk. In this attack, volatile main memory (DRAM) is `frozen' at extremely cold temperatures, allowing it to retain information even when disconnected from the victim machine. Subsequently, an adversary transfers this `frozen memory' to another machine to extract the victim's secrets. This classic case is among numerous sophisticated hardware vulnerabilities identified in recent years, highlighting the evolving challenge of securing hardware against ingenious attacks. This rise in hardware-based attacks across industry and academia underscores the importance of adopting a comprehensive approach to safeguard computing systems. This approach must encompass secure processor design, ensuring a trusted distribution chain, rigorous software security vetting, and protection against runtime side-channel leakage. Consequently, there is a growing emphasis in both industry and academia on prioritizing security in design decisions. My dissertation delves into the low-level hardware behaviors, particularly focusing on the data remanence phenomena of Static Random Access Memory (SRAM). By discovering new security vulnerabilities and proposing effective mitigation strategies, this thesis contributes to the ongoing effort to fortify computing systems against evolving threats that are rooted in the hardware. SRAM stands as a ubiquitous form of volatile memory found in most processors and microcontrollers, serving as a crucial component for temporary storage of instructions and data to facilitate rapid access. By design, SRAM forgets its contents upon a processor's power cycle and defaults to a state determined by low-level circuit behavior. However, this dissertation unveils the possibility of retaining on-chip information even after power cycling, leveraging inherent low-level circuit behaviors to create data retention. This revelation exposes major security implications, resulting in the following three key contributions: Firstly, I introduce the volt boot attack, which exploits the vulnerability of on-chip SRAM, particularly to physical separation in modern System on Chip (SoC) power distribution networks. We conventionally assume that on-chip SRAM is secure against off-chip cold-boot attacks, but volt boot demonstrates the feasibility of achieving a similar state without traditional prerequisites such as low temperatures or long intrinsic data retention times. Subsequently, I propose a data hiding technique---invisible Bits, which leverages accelerated device wear out to embed data into the transistors of SRAM. This method introduces a novel form of hardware-based steganography, concealing data within the analog domain alongside digital system data. Lastly, I show how accelerated device aging can be weaponized to design a sophisticated attack aimed at extracting secrets from a Trusted Execution Environment (TEE) like ARM TrustZone. While short-term data remanence attacks such as Volt boot are rendered ineffective against hardware-backed isolation enforced by TEEs, UntrustZone harnesses the methodologies and tools from preceding works to induce long-term data remanence. This poses a new threat to on-chip cryptography that stores secrets on chip, even when fortified by hardware isolation mechanisms, such as ARM TrustZone.

On-chip SRAM attacks

aging side channel

data remanence