Identifying and understanding the historical extent of side channels on the Missouri River

Hook, Lisa

January 1900

Master of Arts / Department of Geography / Melinda Daniels / The US Army Corps of Engineers (USACE) has begun side channel restoration projects on the Missouri River as part of the Missouri River Recovery Program. The USACE acquires land on the Missouri River needed to develop fish and wildlife habitat. There is a need to prioritize which land to purchase on the Missouri River. High priority land would be areas that had side channels and can be constructed to restore ecosystems to a more natural state. Much of the river has since been dammed, straightened, and channelized starting heavily in the mid 1890’s, and historical side channels have been eliminated, leaving little information to guide USACE efforts to restore them. My thesis documents the historical distribution of side channels on the Missouri River between St. Louis and Kansas City and explores the relationships between side channel location and a variety of potential driving variables, including channel sinuosity, valley width, valley slope and the presence of large confluences. This is the first know study to document the historical extent of side channels on a major river system, and it is also the first to quantitatively explore driving variables of side channel formation. The historical analysis revealed abundant side channels in the late 1800’s, with a dramatic decline into the early 1920’s as engineering works on the river began in earnest. Results also show that high channel sinuosity and the presence of a large confluences are the two variables most correlated with side channel formation. Based on documented frequencies and locations of historical side channels, recommendations for specific side channel restoration opportunities are also highlighted.

Side channels

Missouri River

Geography (0366)

Black-, grey-, and white-box side-channel programming for software integrity checking

Liu, Hong

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Eugene Vasserman / Checking software integrity is a fundamental problem of system security. Many approaches have been proposed trying to enforce that a device runs the original code. Software-based methods such as hypervisors, separation kernels, and control flow integrity checking often rely on processors to provide some form of separation such as operation modes and memory protection. Hardware-based methods such as remote attestation, secure boot, and watchdog coprocessors rely on trusted hardware to execute attestation code such as verifying memory content and examining signatures appearing on buses. However, many embedded systems do not possess such sophisticated capabilities due to prohibitive hardware costs, unacceptably high power consumption, or the inability to update fielded components. Further, security assumption may become invalid as time goes by. For Systems-on-Chip (SoCs), in particular, internal activities cannot be observed directly, while in non-SoCs, sniffing bus traffic between constituent components may suffice for integrity checking. A promising approach to check software integrity for resource-constrained SoCs is through side-channels. Side-channels have been used mostly for attacks, such as eavesdropping from vibration of glass or plant leaves, fingerprinting machines from traffic patterns, or extracting secret key materials of cryptographic routines using power consumption measurements. In this work, side-channels are used to enhance rather than undercut security. First, we study the relationships between the internal states of a target device and side-channel information. We use the uncovered relationships to monitor the internal state of a running device and determine whether the internal state is an expected one. An unexpected state may be a sign of incorrect execution or malicious activity. To further explore the possibilities inherent in side-channel-based software integrity checking, we investigate various hardware platforms, representative of different degrees of knowledge of the hardware from the side-channel profiling point of view. In other words, side-channel information is extracted by black-, grey-, and white-box analysis. Each one involves unique challenges requiring different techniques to successfully derive “side-channel profiles”. We can use these profiles to detect unexpected states with extremely high probability, even when an adversary knows that their code may be subject to side-channel analysis, i.e., the methodology is robust to side-channel-aware adversaries. The research includes: (1) Constructing systematic approaches for black- and grey-box profiling of side channels (and comparing them to white-box analysis); (2) Designing custom measurement instrumentation; and (3) Developing techniques for monitoring and enforcing software integrity utilizing side-channel profiles. We introduce the term “side-channel programming” to refer to techniques we design in which developers explicitly utilize side-channel characteristics of existing hardware to optimize run-time software integrity checking, creating executable code which is more conducive to side-channel-based monitoring. Compared with other software integrity checking techniques, our approach has numerous benefits. Among them are that the measurement process is non-invasive, non-interruptive, and backward-compatible in that it does not require any hardware modification, meaning our approach works with processors that do not include security features. Our method can even be used to augment existing protection mechanism, as it works even when all security mechanisms internal to the device fail.

Security

Embedded systems

FPGA

Side-channels

Software integrity

Cyber-Physical Security for Additive Manufacturing Systems

Sturm, Logan Daniel

16 December 2020

Additive manufacturing (AM) is a growing section of the advanced manufacturing field and is being used to fabricate an increasing number of critical components, from aerospace components to medical implants. At the same time, cyber-physical attacks targeting manufacturing systems have continued to rise. For this reason, there is a need to research new techniques and methods to ensure the integrity of parts fabricated on AM systems. This work seeks to address this need by first performing a detailed analysis of vulnerabilities in the AM process chain and how these attack vectors could be used to execute malicious part sabotage attacks. This work demonstrated the ability of an internal void attack on the .STL file to reduce the yield load of a tensile specimen by 14% while escaping detection by operators. To mitigate these vulnerabilities, a new impedance-based approach for in situ monitoring of AM systems was created. Two techniques for implementing this approach were investigated, direct embedding of sensors in AM parts, and the use of an instrumented fixture as a build plate. The ability to detect changes in material as small as 1.38% of the printed volume (53.8 mm3) on a material jetting system was demonstrated. For metal laser powder bed fusion systems, a new method was created for representing side-channel meltpool emissions. This method reduces the quantity of data while remaining sensitive enough to detect changes to the toolpath and process parameters caused by malicious attacks. To enable the SCMS to validate part quality during fabrication required a way to receive baseline part quality information across an air-gap. To accomplish this a new process noise tolerant method of cyber-physical hashing for continuous data sets was presented. This method was coupled with new techniques for the storage, transmission, and reconstructing of the baseline quality data was implemented using stacks of "ghost" QR codes stored in the toolpath to transmit information through the laser position. A technique for storing and transmitting quality information in the toolpath files of parts using acoustic emissions was investigated. The ATTACH (additive toolpath transmission of acoustic cyber-physical hash) method used speed modulation of infill roads in a material extrusion system to generate acoustic tones containing quality information about the part. These modulations were able to be inserted without affecting the build time or requiring additional material and did not affect the quality of the part that contained them. Finally, a framework for the design and implementation of a SCMS for protecting AM systems against malicious cyber-physical part sabotage attacks was created. The IDEAS (Identify, Define, Establish, Aggregate, Secure) framework provides a detailed reference for engineers to use to secure AM systems by leveraging the previous work in vulnerability assessment, creation of new side-channel monitoring techniques, concisely representing quality data, and securely transmitting information to air-gapped systems through physical emissions. / Doctor of Philosophy / Additive manufacturing (AM), more widely known as 3D printing, is a growing field of manufacturing where parts are fabricated by building layers of material on top of each other. This layer-based approach allows the production of parts with complex shapes that cannot be made using more traditional approaches such as machining. This capability allows for great freedom in designing parts, but also means that defects can be created inside of parts during fabrication. This work investigates ways that an adversary might seek to sabotage AM parts through a cyber-physical attack. To prevent attacks seeking to sabotage AM parts several new approaches for security are presented. The first approach uses tiny vibrations to detect changes to part shape or material by attaching a small sensor either directly to the parts or to the surface that they are built on. Because an attack that sabotages an AM system (3D printer) could also affect the systems used to detect part defects these systems should be digitally separated from each other. By using a series of QR codes fabricated by the AM system along with the parts, information can be sent from the AM system to the monitoring system through its sensors. This prevents a cyber-attack from jumping from the AM system to the monitoring system. By temporarily turning off the laser power and tracking the movements of the guiding mirrors the QR code information can be sent to the monitoring system without having to actually print the QR code. The information stored in the QR code is compared to the emission generated when fabricating the parts and is used to detect if an attack has occurred since that would change the emissions from the part, but not from the QR code. Another approach for sending information from the AM system using physical emissions is by using sounds generated during part fabrication. Using a desktop scale 3D printer, the speed of certain movements was increased or decreased. The change in speed causes the sound emitted from the printer to change, while not affecting the actual quality of the print. By using a series of tones, similar to Morse code, information can be sent from the printer. Research was performed on the best settings to use to transmit the information as well as how to automatically receive and decode the information using a microphone. The final step in this work is a framework that serves as a guide for designing and implementing monitoring systems that can detect sabotage attacks on AM parts. The framework covers how to evaluate a system for potential vulnerabilities and how to use this information to choose sensors and data processing techniques to reduce the risk of cyber-physical attacks.

Additive Manufacturing

Cyber-physical Security

Side-channels

In Situ Monitoring

Ice, wood and rocks : regulating elements in riverine ecosystems

Engström, Johanna

January 2010

Riparian ecosystems are of great importance in the landscape, connecting landscape elements longitudinally and laterally and often encompassing sharp environmental gradients in ecological processes and communities. They are influenced by fluvial disturbances such as flooding, erosion and sediment deposition, which create dynamic and spatially heterogeneous habitats that support a high diversity of species. Riverine ecosystems belong among the world’s most threatened systems. In rivers throughout the world, human alterations to fluvial disturbance regimes have resulted in degraded ecosystems and species loss. For example, in Sweden, watercourses of all sizes have been channelized to facilitate timber floating, but in the last 10–20 years the impacts in some of the affected rivers have been reduced by restoration actions. The objectives of this thesis are to evaluate how riverine ecosystems in general, with specific focus on riparian communities, are affected by (1) restoration of channelized reaches by boulder replacement, (2) ice formation, and (3) restoration of in-stream wood abundance in the stream channel. Objective (1) was assessed by quantifying the retention of plant propagules in channelized and restored stream reaches and by evaluating effects on riparian plant and bryophyte communities in disconnected and re-opened side channels. Retention of plant propagule mimics was highest at low flows and in sites where boulders and large wood had been replaced into the channel. Propagules are however unlikely to establish unless they can be further dispersed during subsequent spring high flows to higher riparian elevations suitable for establishment. Thus, immigration to new suitable sites may occur stepwise. Our study demonstrates that restoration of channel complexity through replacement of boulders and wood can enhance retention of plant propagules, but also highlights the importance of understanding how restoration effects vary with flow. We detected no differences in riparian diversity between re-opened and disconnected side channels, but we did observe significant differences in species composition of both vascular plant and bryophyte communities. Disconnected sites had more floodplain species, whereas restored sites had more species characteristic of upland forest. This suggests that the reopening of side channels resulted in increased water levels, resulting in new riparian zones developing in former upland areas, but that the characteristic floodplain communities have not had time to develop in response to the restored fluvial regime. Objective (2) was approached by evaluating the effect of both natural anchor ice formation and experimentally created ice in the riparian zone. Riparian plant species richness and evenness proved to be higher in plots affected by anchor ice. Plants with their over-wintering organs above the ice sheet suffered from the treatment but the overall species richness increased in ice-treated plots. Objective (3) was evaluated by studying wood recruitment and movement, channel hydraulics, propagule retention and fish abundance in streams restored with large wood. Only one stream experienced reduced velocities after large wood addition. The large size and reduced velocity were probably also the reasons why this stream proved to be the best one in trapping natural, drifting wood. Increased retention and decreased mechanical fragmentation in large wood sites will lead to decreased loss of detritus from the site and therefore higher availability of coarse particulate organic matter which can result in more species rich shredder communities. Our study did not show that the occurrence of large wood had an important role in controlling density or biomass of brown trout.

riparian zone

timber floating

river restoration

cut-off side channels

hydrochory

large wood

anchor ice

fish

Útok elektromagnetickým postranním kanálem / Electromagnetic side channel attack

Nečas, Ondřej

January 2011

The aim of this thesis is, firstly, to design and create the measuring environment for the research of electromagnetic side-channel attacks in cryptography; and secondly, to inform readers about the basics of electromagnetic and power side-channel attacks which present effective ways of the modern cryptosystems’ cryptoanalysis. In the theoretical part, the basic side-channel attacks, including their history and models, are described. The main part is focused on the explanation of the basic principles of power and electromagnetic side-channel attacks. Then, the work describes the basic physical principles of electromagnetic fields; and also the methods which can be used to measure the electromagnetic field. An example of the origination of the electromagnetic field in microprocessors is included. In the next part of the work the theoretical foundation necessary for successful implementation of the measurement of electromagnetic fields on the PIC microprocessor is presented. Next part of the chapter is devoted to the AES encryption standard, the activity of which is examined in the practical part. Furthermore, the magnetic probes, designed according to the theoretical knowledge are described. Also the research environment is described in this chapter. The list of measuring instruments used in the practical part is also included. The practical part of the work deals with the implementation aspects designed to achieve the ideal measurement conditions, such as the choice of appropriate probe, the appropriate location and distance between the probe and the measured system, setup of the oscilloscope and signal synchronization. Furthermore, the measured electromagnetic waveforms for selected instructions are presented. After that follows an analysis of the individual rounds of the AES encryption standard; the analysis of whole AES standard is also included. Then, the methods of simple and differential electromagnetic analysis are implemented. With regard to the knowledge gained in the practical part of the work, the possible countermeasures implemented against the power and electromagnetic side channel attacks are described. The final part of the work comprises a brief review of results.

Side-channel Threats on Modern Platforms: Attacks and Countermeasures

Zhang, Xiaokuan

January 2021

No description available.

Computer Science

Computer Engineering

side channels

ARM cache attacks

smartphones

differential privacy

Hardware Security Threat and Mitigation Techniques for Network-on-Chips

Boraten, Travis Henry

17 September 2020

No description available.

Computer Engineering

Electrical Engineering

Network-on-Chip

Hardware Security

Hardware Trojans

Side-Channels

Denial-of-Service

Towards attack-tolerant trusted execution environments : Secure remote attestation in the presence of side channels

Crone, Max

January 2021

In recent years, trusted execution environments (TEEs) have seen increasing deployment in computing devices to protect security-critical software from run-time attacks and provide isolation from an untrustworthy operating system (OS). A trusted party verifies the software that runs in a TEE using remote attestation procedures. However, the publication of transient execution attacks such as Spectre and Meltdown revealed fundamental weaknesses in many TEE architectures, including Intel Software Guard Exentsions (SGX) and Arm TrustZone. These attacks can extract cryptographic secrets, thereby compromising the integrity of the remote attestation procedure. In this work, we design and develop a TEE architecture that provides remote attestation integrity protection even when confidentiality of the TEE is compromised. We use the formally verified seL4 microkernel to build the TEE, which ensures strong isolation and integrity. We offload cryptographic operations to a secure co-processor that does not share any vulnerable microarchitectural hardware units with the main processor, to protect against transient execution attacks. Our design guarantees integrity of the remote attestation procedure. It can be extended to leverage co-processors from Google and Apple, for wide-scale deployment on mobile devices. / Under de senaste åren används betrodda exekveringsmiljöer (TEE) allt mera i datorutrustning för att skydda säkerhetskritisk programvara från attacker och för att isolera dem från ett opålitligt operativsystem. En betrodd part verifierar programvaran som körs i en TEE med hjälp av fjärrattestering. Nyliga mikroarkitekturella anfall, t.ex. Spectre och Meltdown, har dock visat grundläggande svagheter i många TEE-arkitekturer, inklusive Intel SGX och Arm TrustZone. Dessa attacker kan avslöja kryptografiska hemligheter och därmed äventyra integriteten av fjärrattestning. I det här arbetet utvecklar vi en arkitektur för en betrodd exekveringsmiljö (TEE) som ger integritetsskydd genom fjärrattestering även när TEE:s konfidentialitet äventyras. Vi använder den formellt verifierade seL4-mikrokärnan för att bygga TEE:n som garanterar stark isolering och integritet. För att skydda kryptografiska operationer, overför vi dem till en säker samprocessor som inte delar någon sårbar mikroarkitektur med huvudprocessorn. Vår arktektur garanterar fjärrattesteringens integritet och kan utnyttja medprocessorer från Google och Apple för att användas i stor skala på mobila enheter.

trusted execution environment

remote attestation

sel4

microkernel

arm trustzone

intel sgx

side-channels

transient execution attacks

trusted execution environment

remote attestation

sel4

microkernel

arm trustzone

intel sgx

side-channels

transient execution attacks

Computer and Information Sciences

Data- och informationsvetenskap

Sécurisation matérielle pour la cryptographie à base de courbes elliptiques / Hardware security for cryptography based on elliptic curves

Pontie, Simon

21 November 2016

De nombreuses applications imposent des contraintes de sécurité élevées (notamment au sens confidentialité et intégrité des informations manipulées). Ma thèse s'intéresse à l'accélération matérielle du système de cryptographie asymétrique basé sur les courbes elliptiques (ECC). L'environnement des systèmes visés étant rarement maîtrisé, je prends en compte l'existence potentielle d'attaquants avec un accès physique au circuit.C’est dans ce contexte qu’un crypto-processeur très flexible, compatible aussi bien avec des cibles ASIC que FPGA, a été développé. Dans le but de choisir des protections contre les attaques dites matérielles (analyse de consommation, génération de fautes, etc.), j’évalue la sécurité vis-à-vis des attaques par canaux cachés et le coût de la contre-mesure basée sur l'unification des opérations élémentaires sur des courbes elliptiques. En montant une nouvelle attaque contre un circuit mettant en œuvre des courbes quartiques de Jacobi, je montre qu’il est possible de détecter la réutilisation d’opérandes. Des expérimentations réelles m’ont permis de retrouver le secret en exploitant seulement quelques traces de puissance consommée. Je présente aussi une nouvelle protection permettant de choisir un compromis entre le niveau de sécurité, les performances et le coût. Elle est basée sur une accélération par fenêtrage aléatoire et l'utilisation optimisée d'opérations fictives. / Many applications require achieving high security level (confidentiality or integrity). My thesis is about hardware acceleration of asymmetric cryptography based on elliptic curves (ECC). These systems are rarely in a controlled environment. With this in mind, I consider potential attackers with physical access to the cryptographic device.In this context, a very flexible crypto-processor was developed that can be implemented as an ASIC or on FPGAs. To choose protections against physical attacks (power consumption analysis, fault injection, etc), I evaluate the security against side-channel attacks and the cost of the counter-measure based on operation unification. By mounting a new attack against a chip using Jacobi quartic curves, I show that re-using operands is detectable. By exploiting only some power consumption traces, I manage to recover the secret. I present also a new counter-measure allowing finding a compromise between security level, performances, and overheads. It uses random windows to accelerate computation, mixed to an optimized usage of dummy operations.

Sécurité matérielle

Courbes elliptiques

Canaux auxiliaires

Puissance consommée

Hardware security

Elliptic curves

Side channels

Power Consumption

620

Performance of Deep Geothermal Energy Systems

Manikonda, Nikhil

29 August 2012

Geothermal energy is an important source of clean and renewable energy. This project deals with the study of deep geothermal power plants for the generation of electricity. The design involves the extraction of heat from the Earth and its conversion into electricity. This is performed by allowing fluid deep into the Earth where it gets heated due to the surrounding rock. The fluid gets vaporized and returns to the surface in a heat pipe. Finally, the energy of the fluid is converted into electricity using turbine or organic rankine cycle (ORC). The main feature of the system is the employment of side channels to increase the amount of thermal energy extracted. A finite difference computer model is developed to solve the heat transport equation. The numerical model was employed to evaluate the performance of the design. The major goal was to optimize the output power as a function of parameters such as thermal diffusivity of the rock, depth of the main well, number and length of lateral channels. The sustainable lifetime of the system for a target output power of 2 MW has been calculated for deep geothermal systems with drilling depths of 8000 and 10000 meters, and a financial analysis has been performed to evaluate the economic feasibility of the system for a practical range of geothermal parameters. Results show promising an outlook for deep geothermal systems for practical applications.

deep geothermal energy

main well

side channels

lateral

temperature gradient

diffusivity

thermal conductivity

demand curve

cost analysis

drilling length

total depth

finite difference

typical demand curve