Global ETD Search

51	Logic Encryption Methods for Hardware Security Sekar, Sanjana January 2017 (has links) No description available. Engineering Logic Encryption SAT Attack SAT Tolerant Encryption Hardware Security Probabilistic Sub-circuit selection sub-circuit hiding
52	BDD Based Synthesis Flow for Design of DPA Resistant Cryptographic Circuits Chakkaravarthy, Manoj 19 April 2012 (has links) No description available. Computer Engineering Hardware Security Differential Power Analysis (BDD) Side channel Attacks (SCA) Cryptographic Circuits BDD Based Synthesis Flow DPA Countermeasures
53	Finding vulnerabilities in connected devices Qvick, Matilda, Harnesk, Saga January 2022 (has links) This thesis covers the security testing of a system with connected devices. In a world with an ever-growing number of connected devices, it is crucial to be mindful of the consequences unprotected systems can cause. The thesis aim to shine light on the issues of not having sufficient security measures in place. The test target was a system with a battery charger, gateway and cloud service. The testing was done with two different approaches, penetration testing and threat modelling, covering different parts of the system. Only a small fraction of the system was exploited in the report and overall the security was deemed to be alright. The main vulnerabilities found were that the username and password were found unencrypted when attempting to log into the gateway. The traffic between the battery charger and the gateway was also unencrypted and possibly vulnerable to replay attacks. For evaluation of the penetration testing and threat modelling there were found to be advantages and disadvantages to both methods. For a thoroughly analysis of the methods it would have needed further investigation. The system itself has potential for valuable findings with further investigations as well. / Denna rapport inkluderar säkerhetstestning av ett system med uppkopplade enheter. Antalet uppkopplade enheter (Sakernas Internet) runt om i världen fortsätter att växa med hög hastighet. Det är av stor vikt att se till att enheterna i dessa system har de säkerhetsåtgärder som krävs. Att belysa detta problem är ett utav målen med denna rapport. I rapporten testas ett batteriladdarsystem med tillhörande gateway och cloud-tjänst. Testen utfördes med två olika metoder, penetrationstest och hotmodellering, uppdelat på två olika delar av systemet. På grund av de begränsningar som fanns kunde endast en liten del av systemet testas och exploateras. Till största del ansågs säkerheten vara okej. De främsta sårbarheterna som hittades var bland annat okrypterade användarnamn och lösenord vid försök att logga in på gatewayen. All traffik mellan batteriladdaren och gatewayen var orkypterad och med stor risk för att inte kunna stå emot en replayattack. Utvärdering av de två metoderna som användes konstaterades för och nackdelar med båda metoderna. För att kunna göra en ordentlig jämförelse av metoderna skulle det behövas en djupare undersökning. Det finns även stort värde i en vidare undersökning av systemet. Penetration Testing Threat Modelling Connected Devices Vulnerabilities Hardware Security Penetrationstestning Hotmodellering Uppkopplade Enheter Sårbarheter Hårdvarusäkerhet Computer and Information Sciences Data- och informationsvetenskap
54	Practical Mitigations Against Memory Corruption and Transient Execution Attacks Ismail, Mohannad Adel Abdelmoniem Ahmed 31 May 2024 (has links) Memory corruption attacks have existed in C and C++ for more than 30 years, and over the years many defenses have been proposed. In addition to that, a new class of attacks, Spectre, has emerged that abuse speculative execution to leak secrets and sensitive data through micro-architectural side channels. Many defenses have been proposed to mitigate Spectre as well. However, with every new defense a new attack emerges, and then a new defense is proposed. This is an ongoing cycle between attackers and defenders. There exists many defenses for many different attack avenues. However, many suffer from either practicality or effectiveness issues, and security researchers need to balance out their compromises. Recently, many hardware vendors, such as Intel and ARM, have realized the extent of the issue of memory corruption attacks and have developed hardware security mechanisms that can be utilized to defend against these attacks. ARM, in particular, has released a mechanism called Pointer Authentication in which its main intended use is to protect the integrity of pointers by generating a Pointer Authentication Code (PAC) using a cryptographic hash function, as a Message Authentication Code (MAC), and placing it on the top unused bits of a 64-bit pointer. Placing the PAC on the top unused bits of the pointer changes its semantics and the pointer cannot be used unless it is properly authenticated. Hardware security features such as PAC are merely mechanisms not full fledged defences, and their effectiveness and practicality depends on how they are being utililzed. Naive use of these defenses doesn't alleviate the issues that exist in many state-of-the-art software defenses. The design of the defense that utilizes these hardware security features needs to have practicality and effectiveness in mind. Having both practicality and effectiveness is now a possible reality with these new hardware security features. This dissertation describes utilizing hardware security features, namely ARM PAC, to build effective and practical defense mechanisms. This dissertation first describes my past work called PACTight, a PAC based defense mechanism that defends against control-flow hijack- ing attacks. PACTight defines three security properties of a pointer such that, if achieved, prevent pointers from being tampered with. They are: 1) unforgeability: A pointer p should always point to its legitimate object; 2) non-copyability: A pointer p can only be used when it is at its specific legitimate location; 3) non-dangling: A pointer p cannot be used after it has been freed. PACTight tightly seals pointers and guarantees that a sealed pointer cannot be forged, copied, or dangling. PACTight protects all sensitive pointers, which are code pointers and pointers that point to code pointers. This completely prevents control-flow hijacking attacks, all while having low performance overhead. In addition to that, this dissertation proposes Scope-Type Integrity (STI), a new defense policy that enforces pointers to conform to the programmer's intended manner, by utilizing scope, type, and permission information. STI collects information offline about the type, scope, and permission (read/write) of every pointer in the program. This information can then be used at runtime to ensure that pointers comply with their intended purpose. This allows STI to defeat advanced pointer attacks since these attacks typically violate either the scope, type, or permission. We present Runtime Scope-Type Integrity (RSTI). RSTI leverages ARM Pointer Authentication (PA) to generate Pointer Authentication Codes (PACs), based on the information from STI, and place these PACs at the top bits of the pointer. At runtime, the PACs are then checked to ensure pointer usage complies with STI. RSTI overcomes two drawbacks that were present in PACTight: 1) PACTight relied on a large external metadata for protection, whereas RSTI uses very little metadata. 2) PACTight only protected a subset of pointers, whereas RSTI protects all pointers in a program. RSTI has large coverage with relatively low overhead. Also, this dissertation proposes sPACtre, a new and novel defense mechanism that aims to prevent Spectre control-flow attacks on existing hardware. sPACtre is an ARM-based defense mechanism that prevents Spectre control-flow attacks by relying on ARM's Pointer Authentication hardware security feature, annotations added to the program on the secrets that need to be protected from leakage and a dynamic tag-based bounds checking mechanism for arrays. We show that sPACtre can defend against these attacks. We evaluate sPACtre on a variety of cryptographic libraries with several cryptographic algorithms, as well as a synthetic benchmark, and show that it is eﬀicient and has low performance overhead Finally, this dissertation explains a new direction for utilizing hardware security features to protect energy harvesting devices from checkpoint-recovery errors and malicious attackers. / Doctor of Philosophy / In recent years, cyber-threats against computer systems have become more and more preva- lent. In spite of many recent advancements in defenses, these attacks are becoming more threatening. However, many of these defenses are not implemented in the real-world. This is due to their high performance overhead. This limited eﬀiciency is not acceptable in the real-world. In addition to that, many of these defenses have limited coverage and do not cover a wide variety of attacks. This makes the performance tradeoff even less convincing. Thus, there is a need for effective and practical defenses that can cover a wide variety of attacks. This dissertation first provides a comprehensive overview of the current state-of-the-art and most dangerous attacks. More specifically, three types of attacks are examined. First, control-flow hijacking attacks, which are attacks that divert the proper execution of a pro- gram to a malicious execution. Second, data oriented attacks. These are attacks that leak sensitive data in a program. Third, Spectre attacks, which are attacks that rely on sup- posedly hidden processor features to leak sensitive data. These "hidden" features are not entirely hidden. This dissertation explains these attacks in detail and the corresponding state-of-the-art defenses that have been proposed by the security research community to mitigate them. This dissertation then discusses effective and practical defense mechanisms that can mitigate these attacks. The dissertation discusses past work, PACTight, as well as its contributions, RSTI and sPACtre, presenting the full design, threat model, implementation, security eval- uation and performance evaluation of each one of these mechanisms. The dissertation relies on insights derived from the nature of the attack and compiler techniques. A compiler is a tool that transforms human-written code into machine code that is understandable by the computer. The compiler can be modified and used to make programs more secure with compiler techniques. The past work, PACTight, is a defense mechanism that defends against the first type of attacks, control-flow hijacking attacks, by preventing an attacker from abusing specific code in the program to divert the program to a malicious execution. Then, this dissertation presents RSTI, a new defense mechanism that overcomes the limitations of PACTight and extends it to cover data oriented attacks and prevent attackers from leaking sensitive data from the program. In addition to that, this dissertation presents sPACtre, a novel defesnse mechanism that defends against Spectre attacks, and prevents an attacker from abusing a processor's hidden features. Finally, this dissertation briefly discusses a possible future direction to protect a different class of devices, referred to as energy-harvesting devices, from attackers. Hijacking Data Oriented Attacks Hardware Security Features Speculative Execution Compiler-enabled Defenses Practical Design System Software Control-flow Spectre
55	Secure Satellite Communication : A system design for cybersecurity in space Wallin, Lucas January 2024 (has links) This thesis presents an in-depth exploration of designing a cybersecurity system for satellitecommunication, addressing cyberthreats as the space industry transitions from security byobscurity in mission specific designs to the use of mass-produced components. To counteract these threats, a comprehensive security system must be implemented,considering all facets of satellite communication, from key management and encryption to digitalsignatures, digital certificates, and hardware security modules (HSMs). The role of HSMs insecurely storing cryptographic keys and performing cryptographic operations is emphasized,highlighting their importance in protecting sensitive data. A partial implementation of the digital signature component demonstrates the practicalimportance of using HSMs for key storage, underscoring the feasibility of the proposed systemin real-world applications. The findings indicate that established protocols and algorithms, when combined effectively, can provide robust security solutions for satellite communication. This research contributes to the development of secure satellite communication systems byoffering a detailed security design tailored to the specific needs and challenges of the spaceenvironment. It provides a framework for future implementations, ensuring that satellite systemscan operate securely and efficiently in an increasingly interconnected and vulnerable digitallandscape. Cybersecurity satellite communication key management digital signatures encryption digital certificates hardware security module Computer and Information Sciences Data- och informationsvetenskap
56	Assuring Post Processed Telemetry Data Integrity With a Secure Data Auditing Appliance Kalibjian, Jeff, Wierenga, Steven 10 1900 (has links) ITC/USA 2005 Conference Proceedings / The Forty-First Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2005 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Recent federal legislation (e.g. Sarbanes Oxley, Graham Leach Bliley) has introduced requirements for compliance including records retention and records integrity. Many industry sectors (e.g. Energy, under the North American Energy Reliability Council) are also introducing their own voluntary compliance mandates to avert possible additional federal regulation. A trusted computer appliance device dedicated to data auditing may soon be required in all corporate IT infrastructures to accommodate various compliance directives. Such an auditing device also may have application in telemetry post processing environments, as it maybe used to guarantee the integrity of post-processed telemetry data. Compliance Audit Hardware Security Modules (HSM) Common Criteria (CC) security boundary key management
57	Emerging Non-Volatile Memory Technologies for Computing and Security Govindaraj, Rekha 31 May 2018 (has links) With CMOS technology scaling reaching its limitations rigorous research of alternate and competent technologies is paramount to push the boundaries of computing. Spintronic and resistive memories have proven to be effective alternatives in terms of area, power and performance to CMOS because of their non-volatility, ability for logic computing and easy integration with CMOS. However, deeper investigations to understand their physical phenomenon and improve their properties such as writability, stability, reliability, endurance, uniformity with minimal device-device variations is necessary for deployment as memories in commercial applications. Application of these technologies beyond memory and logic are investigated in this thesis i.e. for security of integrated circuits and systems and special purpose memories. We proposed a spintonic based special purpose memory for search applications, present design analysis and techniques to improve the performance for larger word lengths upto 256 bits. Salient characteristics of RRAM is studied and exploited in the design of widely accepted hardware security primitives such as Physically Unclonable Function (PUF) and True Random Number Generators (TRNG). Vulnerability of these circuits to adversary attacks and countermeasures are proposed. Proposed PUF can be implemented within 1T-1R conventional memory architecture which offers area advantages compared to RRAM memory and cross bar array PUFs with huge number of challenge response pairs. Potential application of proposed strong arbiter PUF in the Internet of things is proposed and performance is evaluated theoretically with valid assumptions on the maturity of RRAM technology. Proposed TRNG effectively utilizes the random telegraph noise in RRAM current to generate random bit stream. TRNG is evaluated for sufficient randomness in the random bit stream generated. Vulnerability and countermeasures to adversary attacks are also studied. Finally, in thesis we investigated and extended the application of emerging non-volatile memory technologies for search and security in integrated circuits and systems. Content Addressable Memory Hardware Security Magnetic Tunnel Junction Random Telegraph Noise Resistive Random Access Memory Spintronic Memory Computer Engineering Computer Sciences
58	GDPR: Securing Personal Data in Compliance with new EU-Regulations Bitar, Hadi, Jakobsson, Björn January 2017 (has links) New privacy regulations bring new challenges to organizations that are handling and processing personal data regarding persons within the EU. These challenges come mainly in the form of policies and procedures but also with some opportunities to use technology often used in other sectors to solve problems. In this thesis, we look at the new General Data Protection Regulation (GDPR) in the EU that comes into full effect in May of 2018, we analyze what some of the requirements of the regulation means for the industry of processing personal data, and we look at the possible solution of using hardware security modules (HSMs) to reach compliance with the regulation. We also conduct an empirical study using the Delphi method to ask security professionals what they think the most important aspects of securing personal data, and put that data in relation to the identified compliance requirements of the GDPR to see what organizations should focus on in their quest for compliance with the new regulation. We found that a successful implementation of HSMs based on industry standards and best practices address four of the 35 identified GDPR compliance requirements, mainly the aspects concerning compliance with anonymization through encryption, and access control. We also deduced that the most important aspect of securing personal data according to the experts of the Delphi study is access control followed by data inventory and classification. GDPR General Data Protection Regulation Data Protection Personal Data EU European Union Encryption Key Management Hardware Security Module HSM Delphi Study Compliance Computer and Information Sciences Data- och informationsvetenskap
59	Autenticação de circuitos integrados usando physical unclonable functions / Authentication of integrated circuits using physical unclonable functions Santana, Marcelo Fontes, 1983- 21 August 2018 (has links) Orientadores: Guido Costa Souza de Araújo, Mario Lúcio Côrtes / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T20:47:12Z (GMT). No. of bitstreams: 1 Santana_MarceloFontes_M.pdf: 4262688 bytes, checksum: 3e2635e36cd3272eb4bd09c07b05bf63 (MD5) Previous issue date: 2012 / Resumo: O resumo, poderá ser visualizado no texto completo da tese digital / Abstract The abstract is available with the full electronic document / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Funções físicas inclonáveis Autenticação (Circuitos integrados) Variações do processo de fabricação Par de desafio-resposta Physical unclonable function Authentication (Integrated circuits) Manufacturing process variations Hardware security measures Challenge-response pairs
60	Data Security Architecture Considerations for Telemetry Post Processing Environments Kalibjian, Jeff 10 1900 (has links) Telemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted. After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data. encryption key management data security disk encryption file encryption database encryption application encryption Hardware Security Module FIPS 140-2 Common Criteria tokenization Format Preserving Encryption (FPE)

Search results