MAC-layer spoofing, also known as identity spoofing, is recognized as a serious problem in many practical wireless systems. IoT systems are particularly vulnerable to this type of attack as IoT devices (due to their various limitations) are often incapable of deploying advanced MAC-layer spoofing prevention and detection techniques, such as cryptographic authentication. Signal-level device fingerprinting is an approach to identity spoofing detection that is highly suitable for sensor-based IoT networks but can be also utilized in many other types of wireless systems. Previous research works on signal-level device fingerprinting have been based on rather simplistic assumptions about both the adversary’s behavior and the operation of the defense system. The goal of our work was to examine the effectiveness of a novel system that combines signal-level device fingerprinting with the principles of Randomized Moving Target Defense (RMTD) when dealing with a very advanced adversary. The obtained results show that our RMTD-enhanced signal-level device fingerprinting technique exhibits far superior defense performance over the non-RMTD techniques previously discussed in the literature and, as such, could be of great value for practical wireless systems subjected to identity spoofing attacks. We have also introduced a novel proof-of-concept adaptive parameter tuning approach for system practitioners with the ability to encode their risk profile and compute the most efficient hyper-parameters of our proposed defense system.
{"title":"Randomized Moving Target Approach for MAC-Layer Spoofing Detection and Prevention in IoT Systems","authors":"Pooria Madani, N. Vlajic, I. Maljevic","doi":"10.1145/3477403","DOIUrl":"https://doi.org/10.1145/3477403","url":null,"abstract":"MAC-layer spoofing, also known as identity spoofing, is recognized as a serious problem in many practical wireless systems. IoT systems are particularly vulnerable to this type of attack as IoT devices (due to their various limitations) are often incapable of deploying advanced MAC-layer spoofing prevention and detection techniques, such as cryptographic authentication. Signal-level device fingerprinting is an approach to identity spoofing detection that is highly suitable for sensor-based IoT networks but can be also utilized in many other types of wireless systems. Previous research works on signal-level device fingerprinting have been based on rather simplistic assumptions about both the adversary’s behavior and the operation of the defense system. The goal of our work was to examine the effectiveness of a novel system that combines signal-level device fingerprinting with the principles of Randomized Moving Target Defense (RMTD) when dealing with a very advanced adversary. The obtained results show that our RMTD-enhanced signal-level device fingerprinting technique exhibits far superior defense performance over the non-RMTD techniques previously discussed in the literature and, as such, could be of great value for practical wireless systems subjected to identity spoofing attacks. We have also introduced a novel proof-of-concept adaptive parameter tuning approach for system practitioners with the ability to encode their risk profile and compute the most efficient hyper-parameters of our proposed defense system.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"262 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115481768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Louise Axon, Katherine Fletcher, Arianna Schuler Scott, Marcel Stolz, R. Hannigan, A. Kaafarani, M. Goldsmith, S. Creese
Internet of Things (IoT)-enabled devices are becoming integrated into a significant and increasing proportion of critical infrastructures, changing the cybersecurity-risk landscape. Risk is being introduced to industry sectors such as transport, energy, and manufacturing, with new attack surfaces exposed and potential for increased harm. Furthermore, risk and harm arising in the Industrial IoT (IIoT) could propagate across interconnected organisations and sectors, resulting in systemic risk. Aspects of this changing risk landscape are not addressed by current cybersecurity approaches, leaving cybersecurity-capability gaps. In this article, we show how current and emerging cybersecurity needs in the IIoT align with a key industry cybersecurity standard, the NIST Cyber Security Framework. The key capability gaps emerging in the IIoT are identified based on our findings from a series of workshops with over 100 expert participants. We present a comprehensive research agenda to enable researchers to prioritise research focus to address these gaps; this research agenda covers the full lifecycle of IIoT development (design, implementation, use and decommission). Furthermore, we conclude that there is a significant gap in understanding of the nature of systemic risk, which should be a key priority if we are to develop effective solutions for cybersecurity and safety in IIoT environments.
{"title":"Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research Agenda","authors":"Louise Axon, Katherine Fletcher, Arianna Schuler Scott, Marcel Stolz, R. Hannigan, A. Kaafarani, M. Goldsmith, S. Creese","doi":"10.1145/3503920","DOIUrl":"https://doi.org/10.1145/3503920","url":null,"abstract":"Internet of Things (IoT)-enabled devices are becoming integrated into a significant and increasing proportion of critical infrastructures, changing the cybersecurity-risk landscape. Risk is being introduced to industry sectors such as transport, energy, and manufacturing, with new attack surfaces exposed and potential for increased harm. Furthermore, risk and harm arising in the Industrial IoT (IIoT) could propagate across interconnected organisations and sectors, resulting in systemic risk. Aspects of this changing risk landscape are not addressed by current cybersecurity approaches, leaving cybersecurity-capability gaps. In this article, we show how current and emerging cybersecurity needs in the IIoT align with a key industry cybersecurity standard, the NIST Cyber Security Framework. The key capability gaps emerging in the IIoT are identified based on our findings from a series of workshops with over 100 expert participants. We present a comprehensive research agenda to enable researchers to prioritise research focus to address these gaps; this research agenda covers the full lifecycle of IIoT development (design, implementation, use and decommission). Furthermore, we conclude that there is a significant gap in understanding of the nature of systemic risk, which should be a key priority if we are to develop effective solutions for cybersecurity and safety in IIoT environments.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"144 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124598740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Patrick McCorry, M. Mehrnezhad, Ehsan Toreini, S. F. Shahandashti, F. Hao
� This article discusses secure methods to conduct e-voting over a blockchain in three different settings: decentralized voting, centralized remote voting, and centralized polling station voting. These settings cover almost all voting scenarios that occur in practice. A proof-of-concept implementation for decentralized voting over Ethereum’s blockchain is presented. This work demonstrates the suitable use of a blockchain not just as a public bulletin board but, more importantly, as a trustworthy computing platform that enforces the correct execution of the voting protocol in a publicly verifiable manner. We also discuss scaling up a blockchain-based voting application for national elections. We show that for national-scale elections the major verifiability problems can be addressed without having to depend on any blockchain. However, a blockchain remains a viable option to realize a public bulletin board, which has the advantage of being a “preventive” measure to stop retrospective changes on previously published records as opposed to a “detective” measure like the use of mirror websites. CCS Concepts: • � Security and privacy� ;�
{"title":"On Secure E-Voting over Blockchain","authors":"Patrick McCorry, M. Mehrnezhad, Ehsan Toreini, S. F. Shahandashti, F. Hao","doi":"10.1145/3461461","DOIUrl":"https://doi.org/10.1145/3461461","url":null,"abstract":"\u0000 This article discusses secure methods to conduct e-voting over a blockchain in three different settings: decentralized voting, centralized remote voting, and centralized polling station voting. These settings cover almost all voting scenarios that occur in practice. A proof-of-concept implementation for decentralized voting over Ethereum’s blockchain is presented. This work demonstrates the suitable use of a blockchain not just as a public bulletin board but, more importantly, as a trustworthy computing platform that enforces the correct execution of the voting protocol in a publicly verifiable manner. We also discuss scaling up a blockchain-based voting application for national elections. We show that for national-scale elections the major verifiability problems can be addressed without having to depend on any blockchain. However, a blockchain remains a viable option to realize a public bulletin board, which has the advantage of being a “preventive” measure to stop retrospective changes on previously published records as opposed to a “detective” measure like the use of mirror websites. CCS Concepts: • \u0000 Security and privacy\u0000 ;\u0000","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133364965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dimitrios Georgoulias, J. Pedersen, M. Falch, Emmanouil Vasilomanolakis
COVID-19 vaccines have been rolled out in many countries and with them a number of vaccination certificates. For instance, the EU is utilizing a digital certificate in the form of a QR-code that is digitally signed and can be easily validated throughout all EU countries. In this article, we document the current state of the COVID-19 vaccination certificate market in the darkweb with a focus on the EU Digital Green Certificate (DGC). We investigate 17 marketplaces and 10 vendor shops that include vaccination certificates in their listings, and discover that a multitude of sellers in both types of platforms are advertising forging capabilities. According to their claims, it is possible to buy fake vaccination certificates issued in many countries worldwide. We demonstrate some examples of such sellers, including how they advertise their services, and we develop a taxonomy of EU COVID-19 certificate forging capabilities, describing the potential methods that the vendors are utilizing to generate certificates. We highlight two particular cases of vendor shops, with one of them showing an elevated degree of professionalism, showcasing forged valid certificates, the validity of which we verify using two different national mobile COVID-19 applications.
{"title":"COVID-19 Vaccination Certificates in the Darkweb","authors":"Dimitrios Georgoulias, J. Pedersen, M. Falch, Emmanouil Vasilomanolakis","doi":"10.1145/3530877","DOIUrl":"https://doi.org/10.1145/3530877","url":null,"abstract":"COVID-19 vaccines have been rolled out in many countries and with them a number of vaccination certificates. For instance, the EU is utilizing a digital certificate in the form of a QR-code that is digitally signed and can be easily validated throughout all EU countries. In this article, we document the current state of the COVID-19 vaccination certificate market in the darkweb with a focus on the EU Digital Green Certificate (DGC). We investigate 17 marketplaces and 10 vendor shops that include vaccination certificates in their listings, and discover that a multitude of sellers in both types of platforms are advertising forging capabilities. According to their claims, it is possible to buy fake vaccination certificates issued in many countries worldwide. We demonstrate some examples of such sellers, including how they advertise their services, and we develop a taxonomy of EU COVID-19 certificate forging capabilities, describing the potential methods that the vendors are utilizing to generate certificates. We highlight two particular cases of vendor shops, with one of them showing an elevated degree of professionalism, showcasing forged valid certificates, the validity of which we verify using two different national mobile COVID-19 applications.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124202721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is possible to forecast the volume of CVEs released within a time frame with a given prediction interval. For example, the number of CVEs published between now and a year from now can be forecast within 8% of the actual value. Different predictive algorithms perform well at different lookahead values other than 365 days, such as monthly, quarterly, and half year. It is also possible to estimate the proportions of that total volume belonging to specific vendors, software, CVSS scores, or vulnerability types. Some vendors and products can be predicted with accuracy, others with too much uncertainty to be practically useful. This article documents which vendors are amenable to being forecasted. Strategic patch management should become much easier with these tools, and further uncertainty reductions can be built from the methodologies in this article.
{"title":"Vulnerability Forecasting: Theory and Practice","authors":"É. Leverett, Matilda Rhode, Adam Wedgbury","doi":"10.1145/3492328","DOIUrl":"https://doi.org/10.1145/3492328","url":null,"abstract":"It is possible to forecast the volume of CVEs released within a time frame with a given prediction interval. For example, the number of CVEs published between now and a year from now can be forecast within 8% of the actual value. Different predictive algorithms perform well at different lookahead values other than 365 days, such as monthly, quarterly, and half year. It is also possible to estimate the proportions of that total volume belonging to specific vendors, software, CVSS scores, or vulnerability types. Some vendors and products can be predicted with accuracy, others with too much uncertainty to be practically useful. This article documents which vendors are amenable to being forecasted. Strategic patch management should become much easier with these tools, and further uncertainty reductions can be built from the methodologies in this article.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128888747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Common Vulnerability Scoring System is at the core of vulnerability management for systems of private corporations to highly classified government networks, allowing organizations to prioritize remediation in descending order of risk. With a lack of justification for its underlying formula, inconsistencies in its specification document, and no correlation to exploited vulnerabilities in the wild, it is unable to provide a meaningful metric for describing a vulnerability’s severity, let alone risk. As it stands, this standard compromises the security of America’s most sensitive information systems.
{"title":"CVSS: Ubiquitous and Broken","authors":"Henry Howland","doi":"10.1145/3491263","DOIUrl":"https://doi.org/10.1145/3491263","url":null,"abstract":"The Common Vulnerability Scoring System is at the core of vulnerability management for systems of private corporations to highly classified government networks, allowing organizations to prioritize remediation in descending order of risk. With a lack of justification for its underlying formula, inconsistencies in its specification document, and no correlation to exploited vulnerabilities in the wild, it is unable to provide a meaningful metric for describing a vulnerability’s severity, let alone risk. As it stands, this standard compromises the security of America’s most sensitive information systems.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115701397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Detecting anomalous behavior on smartphones is challenging since malware evolution. Other methodologies detect malicious behavior by analyzing static features of the application code or dynamic data samples obtained from hardware or software. Static analysis is prone to code’s obfuscation while dynamic needs that malicious activities to cease to be dormant in the shortest possible time while data samples are collected. Triggering and capturing malicious behavior in data samples in dynamic analysis is challenging since we need to generate an efficient combination of user’s inputs to trigger these malicious activities. We propose a general model which uses a data collector and analyzer to unveil malicious behavior by analyzing the device’s power consumption since this summarizes the changes in software. The data collector uses an automated tool to generate user inputs. The data analyzer uses changepoint analysis to extract features from power consumption and machine learning techniques to train these features. The data analyzer stage contains two methodologies that extract features using parametric and non-parametric changepoint. Our methodologies are efficient in data collection time than a manual method and the data analyzer provides higher accuracy compared to other techniques, reaching over 94% F1-measure for emulated and real malware.
{"title":"Detection of Anomalous Behavior of Smartphone Devices using Changepoint Analysis and Machine Learning Techniques","authors":"Ricardo Alejandro Manzano Sanchez, Kshirasagar Naik, Abdurhman Albasir, Marzia Zaman, N. Goel","doi":"10.1145/3492327","DOIUrl":"https://doi.org/10.1145/3492327","url":null,"abstract":"Detecting anomalous behavior on smartphones is challenging since malware evolution. Other methodologies detect malicious behavior by analyzing static features of the application code or dynamic data samples obtained from hardware or software. Static analysis is prone to code’s obfuscation while dynamic needs that malicious activities to cease to be dormant in the shortest possible time while data samples are collected. Triggering and capturing malicious behavior in data samples in dynamic analysis is challenging since we need to generate an efficient combination of user’s inputs to trigger these malicious activities. We propose a general model which uses a data collector and analyzer to unveil malicious behavior by analyzing the device’s power consumption since this summarizes the changes in software. The data collector uses an automated tool to generate user inputs. The data analyzer uses changepoint analysis to extract features from power consumption and machine learning techniques to train these features. The data analyzer stage contains two methodologies that extract features using parametric and non-parametric changepoint. Our methodologies are efficient in data collection time than a manual method and the data analyzer provides higher accuracy compared to other techniques, reaching over 94% F1-measure for emulated and real malware.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129953027","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Advancements in machine learning and data science deal with the collection of a tremendous amount of data for research and analysis, following which there is a growing awareness among a large number of users about their sensitive data, and hence privacy protection has seen significant growth. Differential privacy is one of the most popular techniques to ensure data protection. However, it has two major issues: first, utility-privacy tradeoff, where users are asked to choose between them; second, the real-time implementation of such a system on high-dimensional data is missing. In this work, we propose BUDS+, a novel differential privacy framework that achieves an impressive privacy budget of 0.03. It introduces iterative shuffling, embedding for data encoding, converger function into a novel comparison system to converge the privacy threshold among the aggregated differentially private and noisy reports to further minimize the attack model’s time.
{"title":"BUDS+: Better Privacy with Converger and Noisy Shuffling","authors":"Poushali Sengupta, Sudipta Paul, Subhankar Mishra","doi":"10.1145/3491259","DOIUrl":"https://doi.org/10.1145/3491259","url":null,"abstract":"Advancements in machine learning and data science deal with the collection of a tremendous amount of data for research and analysis, following which there is a growing awareness among a large number of users about their sensitive data, and hence privacy protection has seen significant growth. Differential privacy is one of the most popular techniques to ensure data protection. However, it has two major issues: first, utility-privacy tradeoff, where users are asked to choose between them; second, the real-time implementation of such a system on high-dimensional data is missing. In this work, we propose BUDS+, a novel differential privacy framework that achieves an impressive privacy budget of 0.03. It introduces iterative shuffling, embedding for data encoding, converger function into a novel comparison system to converge the privacy threshold among the aggregated differentially private and noisy reports to further minimize the attack model’s time.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128225922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As an analytical tool in cyber-security, an attack graph (AG) is capable of discovering multi-stage attack vectors on target computer networks. Cyber-physical systems (CPSs) comprise a special type of network that not only contains computing devices but also integrates components that operate in the continuous domain, such as sensors and actuators. Using AGs on CPSs requires that the system models and exploit patterns capture both token- and real-valued information. In this article, we describe a hybrid AG model for security analysis of CPSs and computer networks. Specifically, we focus on two issues related to applying the model in practice: efficient hybrid AG generation and techniques for information extraction from them. To address the first issue, we present an accelerated hybrid AG generator that employs parallel programming and high performance computing (HPC). We conduct performance tests on CPU and GPU platforms to characterize the efficiency of our parallel algorithms. To address the second issue, we introduce an analytical regimen based on centrality analysis and apply it to a hybrid AG generated for a target CPS system to discover effective vulnerability remediation solutions.
{"title":"Strategies for Practical Hybrid Attack Graph Generation and Analysis","authors":"Ming Li, P. Hawrylak, J. Hale","doi":"10.1145/3491257","DOIUrl":"https://doi.org/10.1145/3491257","url":null,"abstract":"As an analytical tool in cyber-security, an attack graph (AG) is capable of discovering multi-stage attack vectors on target computer networks. Cyber-physical systems (CPSs) comprise a special type of network that not only contains computing devices but also integrates components that operate in the continuous domain, such as sensors and actuators. Using AGs on CPSs requires that the system models and exploit patterns capture both token- and real-valued information. In this article, we describe a hybrid AG model for security analysis of CPSs and computer networks. Specifically, we focus on two issues related to applying the model in practice: efficient hybrid AG generation and techniques for information extraction from them. To address the first issue, we present an accelerated hybrid AG generator that employs parallel programming and high performance computing (HPC). We conduct performance tests on CPU and GPU platforms to characterize the efficiency of our parallel algorithms. To address the second issue, we introduce an analytical regimen based on centrality analysis and apply it to a hybrid AG generated for a target CPS system to discover effective vulnerability remediation solutions.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126364516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Logic locking is a circuit obfuscation technique that inserts additional key gates to the original circuit in order to prevent potential threats such as circuit overproduction, piracy, and counterfeiting. The encrypted circuit generates desired outputs only when the correct keys are applied to the key gates. Previous works have identified the vulnerability of logic locking to satisfiability (SAT)-based attacks. However, SAT attacks are unscalable and have limited effectiveness on circuits with SAT-hard structures. To address the above constraints, we propose GALU, the first genetic algorithm-based logic unlocking framework that is parallelizable and significantly faster than the conventional SAT-based counterparts. GALU works by formulating circuit deobfuscation (i.e., identifying the correct keys) as a combinatorial optimization problem and approaches it using genetic algorithms (GAs). We consider key sequences as individuals in distinct populations and propose an adaptive, diversity-guided GA framework consisting of four main steps: circuit fitness evaluation, population selection, crossover, and mutation. In each iteration, the key sequences with high fitness scores are selected and transformed into the offspring key sequences. As a result of evolutionary key searching, GALU is highly scalable, effective, and efficient. To optimize the runtime overhead of logic unlocking, we integrate the design of GALU’s algorithm, software and hardware in a closed loop. In particular, we identify circuit fitness evaluation as the performance bottleneck and employ hardware emulation on programmable hardware for runtime optimization. To this end, GALU framework automatically constructs customized auxiliary circuitry to pipeline the computation in constraints checking, sorting, crossover, and mutation. GALU is the first adaptive and scalable attack framework that provides the flexibility/trade-off between runtime overhead and key usability. This is achieved by producing a group of approximate keys with improving quality over time. We perform a comprehensive evaluation of GALU’s performance on various benchmarks and demonstrate that GALU achieves up to 1089.2× speedup and 4268.6× more energy-efficiency compared to the state-of-the-art SAT attacks for circuit logic unlocking.
{"title":"GALU: A Genetic Algorithm Framework for Logic Unlocking","authors":"Huili Chen, Cheng Fu, Jishen Zhao, F. Koushanfar","doi":"10.1145/3491256","DOIUrl":"https://doi.org/10.1145/3491256","url":null,"abstract":"Logic locking is a circuit obfuscation technique that inserts additional key gates to the original circuit in order to prevent potential threats such as circuit overproduction, piracy, and counterfeiting. The encrypted circuit generates desired outputs only when the correct keys are applied to the key gates. Previous works have identified the vulnerability of logic locking to satisfiability (SAT)-based attacks. However, SAT attacks are unscalable and have limited effectiveness on circuits with SAT-hard structures. To address the above constraints, we propose GALU, the first genetic algorithm-based logic unlocking framework that is parallelizable and significantly faster than the conventional SAT-based counterparts. GALU works by formulating circuit deobfuscation (i.e., identifying the correct keys) as a combinatorial optimization problem and approaches it using genetic algorithms (GAs). We consider key sequences as individuals in distinct populations and propose an adaptive, diversity-guided GA framework consisting of four main steps: circuit fitness evaluation, population selection, crossover, and mutation. In each iteration, the key sequences with high fitness scores are selected and transformed into the offspring key sequences. As a result of evolutionary key searching, GALU is highly scalable, effective, and efficient. To optimize the runtime overhead of logic unlocking, we integrate the design of GALU’s algorithm, software and hardware in a closed loop. In particular, we identify circuit fitness evaluation as the performance bottleneck and employ hardware emulation on programmable hardware for runtime optimization. To this end, GALU framework automatically constructs customized auxiliary circuitry to pipeline the computation in constraints checking, sorting, crossover, and mutation. GALU is the first adaptive and scalable attack framework that provides the flexibility/trade-off between runtime overhead and key usability. This is achieved by producing a group of approximate keys with improving quality over time. We perform a comprehensive evaluation of GALU’s performance on various benchmarks and demonstrate that GALU achieves up to 1089.2× speedup and 4268.6× more energy-efficiency compared to the state-of-the-art SAT attacks for circuit logic unlocking.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130170558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: