Design and Characterization of a Hardware Encryption Management Unit for Secure Computing Platforms

Mahar, Anthony J.

18 August 2005

Software protection is increasingly necessary for a number of applications, ranging from commercial systems and digital content distributors, to military systems exposed in the field of operations. As computing devices become more pervasive, and software more complex, insufficiencies with current software protection mechanisms have arisen. Software--only and data--only protection systems have resulted in broken systems that are vulnerable to loss of software confidentiality and integrity. A growing number of researchers have suggested that hardware encryption mechanisms be employed to enforce software protection. Although there are several competing architectures, few offer the necessary protection while remaining compatible with modern computing systems and models. The Virginia Tech Secure Software Platform is the first architecture to achieve both increased protection and usability. This thesis presents the design and implementation of a fast, flexible Encryption Management Unit (EMU) for Virginia Tech Secure Software and compatible platforms. The design is capable of providing decryption of program instructions residing in page--sized sections of memory, without modification to the core processor. The effect of the EMU is modeled with varying application types and system loads. Lastly, a benchmark designed to measure actual performance was created to measure the actual performance of the EMU and validate the models. / Master of Science

encryption

cryptography

secure processors

secure computing

Trustworthy Embedded Computing for Cyber-Physical Control

Lerner, Lee Wilmoth

20 February 2015

A cyber-physical controller (CPC) uses computing to control a physical process. Example CPCs can be found in self-driving automobiles, unmanned aerial vehicles, and other autonomous systems. They are also used in large-scale industrial control systems (ICSs) manufacturing and utility infrastructure. CPC operations rely on embedded systems having real-time, high-assurance interactions with physical processes. However, recent attacks like Stuxnet have demonstrated that CPC malware is not restricted to networks and general-purpose computers, rather embedded components are targeted as well. General-purpose computing and network approaches to security are failing to protect embedded controllers, which can have the direct effect of process disturbance or destruction. Moreover, as embedded systems increasingly grow in capability and find application in CPCs, embedded leaf node security is gaining priority. This work develops a root-of-trust design architecture, which provides process resilience to cyber attacks on, or from, embedded controllers: the Trustworthy Autonomic Interface Guardian Architecture (TAIGA). We define five trust requirements for building a fine-grained trusted computing component. TAIGA satisfies all requirements and addresses all classes of CPC attacks using an approach distinguished by adding resilience to the embedded controller, rather than seeking to prevent attacks from ever reaching the controller. TAIGA provides an on-chip, digital, security version of classic mechanical interlocks. This last line of defense monitors all of the communications of a controller using configurable or external hardware that is inaccessible to the controller processor. The interface controller is synthesized from C code, formally analyzed, and permits run-time checked, authenticated updates to certain system parameters but not code. TAIGA overrides any controller actions that are inconsistent with system specifications, including prediction and preemption of latent malwares attempts to disrupt system stability and safety. This material is based upon work supported by the National Science Foundation under Grant Number CNS-1222656. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. We are grateful for donations from Xilinx, Inc. and support from the Georgia Tech Research Institute. / Ph. D.

Trustworthy Computing

Secure Computing

Autonomic Computing

Cybersecurity

Embedded Systems

Cyber-Physical Systems

Process Control Systems

Enhancing Trust in Reconfigurable Hardware Systems

Venugopalan, Vivek

01 March 2017

A Cyber-Physical System (CPS) is a large-scale, distributed, embedded system, consisting of various components that are glued together to realize control, computation and communication functions. Although these systems are complex, they are ubiquitous in the Internet of Things (IoT) era of autonomous vehicles/drones, smart homes, smart grids, etc. where everything is connected. These systems are vulnerable to unauthorized penetration due to the absence of proper security features and safeguards to protect important information. Examples such as the typewriter hack involving subversive chips resulting in leakage of keystroke data and hardware backdoors crippling anti-aircraft guns during an attack demonstrate the need to protect all system functions. With more focus on securing a system, trust in untrusted components at the integration stage is of a higher priority. This work builds on a red-black security system, where an architecture testbed is developed with critical and non-critical IP cores and subjected to a variety of Hardware Trojan Threats (HTTs). These attacks defeat the classic trusted hardware model assumptions and demonstrate the ability of Trojans to evade detection methods based on physical characteristics. A novel metric is defined for hardware Trojan detection, termed as HTT Detectability Metric (HDM) that leverages a weighted combination of normalized physical parameters. Security analysis results show that using HDM, 86% of the implemented Trojans were detected as compared to using power consumption, timing variation and resource utilization alone. This led to the formulation of the security requirements for the development of a novel, distributed and secure methodology for enhancing trust in systems developed under untrusted environments called FIDelity Enhancing Security (FIDES). FIDES employs a decentralized information flow control (DIFC) model that enables safe and distributed information flows between various elements of the system such as IP cores, physical memory and registers. The DIFC approach annotates/tags each data item with its sensitivity level and the identity of the participating entities during the communication. Trust enhanced FIDES (TE-FIDES) is proposed to address the vulnerabilities arising from the declassification process during communication between third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the confidentiality of the sensitive information in the system. TE-FIDES is evaluated by targeting an IoT-based smart grid CPS application, where malicious third-party soft IP cores are prevented from causing a system blackout. The resulting hardware implementation using TE-FIDES is found to be resilient to multiple hardware Trojan attacks. / Ph. D.

Secure Computing

Trusted Computing

Resilient Computing

Root of Trust

Hardware Trojans

Cyber Physical System Security

Embedded Systems

Reconfigurable Hardware

A Secure Architecture for Distributed Control of Turbine Engine Systems

Eise, Justin

30 May 2019

No description available.

Electrical Engineering

Computer Engineering

雙方相等性驗證機制的設計及其應用 / A study on the design of Two-Party equality testing protocol and its applications

吳承峰, Wu, Cheng Feng

Unknown Date

雙方相等性驗證即是在不洩漏任何自身私密資訊的情況下，進行秘密計算來了解彼此的資訊是否相等。然而在大多數的現有協議之中，多數為不公平的協定，也就是說其中的一方(被告知方)只能相信另一方(告知方)所告知的比較結果，而無從驗證。雖然邱等學者在2011 年提出的〝具隱私保護功能之兩方相等性驗證機制之提案〞已經提供了具雙方驗證的協定，但此方案因為在加密演算法上的限制導致實作較為困難。因此，在本論文中，將利用ElGamal 的加密機制，提出了一套新的雙方相等性驗證的協議，具備相同的雙方相等性驗證的功能，但對加密演算法的限制較少，實作及運算也較為有效率。另外，搭配模糊傳輸的協定，讓使用者藉由本研究所提出的協定跟伺服器端溝通，來獲得所欲取得的資料，並同時保障使用者以及伺服器端的隱私。同時除了理論的證明安全性及正確性之外，也撰寫程式模擬並證實協定的正確性及討論其效能。 / Two-party equality testing protocol allows two entities to compare their secrete information without leaking any information except the comparison result. In previous works, the comparison result can only be obtained by one entity (ie. informer) and then the entity informs the result to the other entity (ie. receiver). The receiver has to accept the received result since he has no way to verify its correctness. Ciou et al. in 2011 first mentioned this problem and proposed a new protocol to solve the aforementioned problem. However, their protocol has some specific restrictions which making it unpractical. In this paper, based on the ElGamal encryption, we propose a new two-party equality testing protocol. Our protocol has the same feature (ie. allows the two entries to test the correctness of the comparison result) as Ciou et al.’s protocol but is more efficient and practical than theirs. On the other hand, combining our protocol with an oblivious transfer protocol can let users communicate with servers and to get the data in a private way. It is useful on the issue of privacy protection. Finally, the security and correctness are discussed and proved. The efficiency of the protocol is also provided.

密碼學

ElGamal加密系統

同態加密

模糊傳輸

秘密計算

Cryptography

ElGamal encryption

Homomorphic encryption

Oblivious transfer

Secure computing