Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854391
Z. Kazemi, Athanasios Papadimitriou, I. Souvatzoglou, Ehsan Aerabi, Mosabbah Mushir Ahmed, D. Hély, V. Beroulle
Fault injection methods as a type of physical attack have gained significant importance in the security of MCU-based Internet-of-Things (IoTs) systems and they continue to become more and more important as the value of assets continues to increase. These attacks can pose severe security risks to the entire IoT system and their effects can quickly lead to security breaches. However, embedded software developers most often do not have the necessary expertise concerning existing vulnerabilities against such attacks. This makes it necessary to have a practical evaluation platform for measuring the degree of security, in a rapid and accurate way. These platforms are important not only from the performance and capability point of view, but also they need to be cost-effective, which is a critical factor to consider during their design. We present in this work a generic low cost and open platform, called HackMyMCU framework. While this platform offers both side channel and fault injection capabilities, this paper focuses on its clock glitch attacks. A first review of existing clock-based fault injectors is initially performed. Then we present two different clock glitchers and we use them to evaluate a modern MCU. The suggested methods consider the necessary parameters for the development of cost-effective and easy to use evaluation platforms which utilize easily accessible equipment. The findings show that a common and low-cost evaluation platform can be implemented with the goal to validate appropriate countermeasures against such attacks.
{"title":"On a Low Cost Fault Injection Framework for Security Assessment of Cyber-Physical Systems: Clock Glitch Attacks","authors":"Z. Kazemi, Athanasios Papadimitriou, I. Souvatzoglou, Ehsan Aerabi, Mosabbah Mushir Ahmed, D. Hély, V. Beroulle","doi":"10.1109/IVSW.2019.8854391","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854391","url":null,"abstract":"Fault injection methods as a type of physical attack have gained significant importance in the security of MCU-based Internet-of-Things (IoTs) systems and they continue to become more and more important as the value of assets continues to increase. These attacks can pose severe security risks to the entire IoT system and their effects can quickly lead to security breaches. However, embedded software developers most often do not have the necessary expertise concerning existing vulnerabilities against such attacks. This makes it necessary to have a practical evaluation platform for measuring the degree of security, in a rapid and accurate way. These platforms are important not only from the performance and capability point of view, but also they need to be cost-effective, which is a critical factor to consider during their design. We present in this work a generic low cost and open platform, called HackMyMCU framework. While this platform offers both side channel and fault injection capabilities, this paper focuses on its clock glitch attacks. A first review of existing clock-based fault injectors is initially performed. Then we present two different clock glitchers and we use them to evaluate a modern MCU. The suggested methods consider the necessary parameters for the development of cost-effective and easy to use evaluation platforms which utilize easily accessible equipment. The findings show that a common and low-cost evaluation platform can be implemented with the goal to validate appropriate countermeasures against such attacks.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114717324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854455
Batya Karp, O. Amrani, O. Keren
Multi-dimensional codes using a coset based code as one of the base codes have been suggested to increase the code distance and at the same time simplify the encoding and decoding of long codes. We show that while these codes provide sufficient reliability, they can not provide security. We then present two-dimensional product codes using robust codes as the base codes which provide both reliability and security.
{"title":"Nonlinear Product Codes for Reliability and Security","authors":"Batya Karp, O. Amrani, O. Keren","doi":"10.1109/IVSW.2019.8854455","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854455","url":null,"abstract":"Multi-dimensional codes using a coset based code as one of the base codes have been suggested to increase the code distance and at the same time simplify the encoding and decoding of long codes. We show that while these codes provide sufficient reliability, they can not provide security. We then present two-dimensional product codes using robust codes as the base codes which provide both reliability and security.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117121574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854417
D. Fellner
Over the last fifteen years, hardware security and trust has evolved into a major new area of research at the intersection of semiconductor manufacturing, VLSI design and test, computer-aided design, architecture and system security. During the same period, machine learning has experience a major revival in interest and has flourished from a nearly forgotten area to the talk of the town. In this presentation, we will first briefly review various machine learning-based solutions which have been developed to address a number of concerns in hardware security and trust, including hardware Trojan detection, counterfeit IC identification, provenance attestation, hardware-based malware detection, side-channel attacks, PUF modeling, etc. Then, we will examine the key attributes of these problems which make them amenable to machine learning-based solutions and we will discuss the potential and the fundamental limitations of such approaches. Lastly, we will ponder the role of and necessity for advanced contemporary machine learning methods in the context of hardware security and we will conclude with suggestions for avoiding common pitfalls when employing such methods.
{"title":"Keynotes","authors":"D. Fellner","doi":"10.1109/IVSW.2019.8854417","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854417","url":null,"abstract":"Over the last fifteen years, hardware security and trust has evolved into a major new area of research at the intersection of semiconductor manufacturing, VLSI design and test, computer-aided design, architecture and system security. During the same period, machine learning has experience a major revival in interest and has flourished from a nearly forgotten area to the talk of the town. In this presentation, we will first briefly review various machine learning-based solutions which have been developed to address a number of concerns in hardware security and trust, including hardware Trojan detection, counterfeit IC identification, provenance attestation, hardware-based malware detection, side-channel attacks, PUF modeling, etc. Then, we will examine the key attributes of these problems which make them amenable to machine learning-based solutions and we will discuss the potential and the fundamental limitations of such approaches. Lastly, we will ponder the role of and necessity for advanced contemporary machine learning methods in the context of hardware security and we will conclude with suggestions for avoiding common pitfalls when employing such methods.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128403626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1109/ivsw.2019.8854382
2019 IEEE 4th International Verification and Security Workshop (IVSW 2019)
2019 IEEE第四届国际验证与安全研讨会(IVSW 2019)
{"title":"2019 IEEE 4th International Verification and Security Workshop (IVSW 2019)","authors":"","doi":"10.1109/ivsw.2019.8854382","DOIUrl":"https://doi.org/10.1109/ivsw.2019.8854382","url":null,"abstract":"2019 IEEE 4<sup>th</sup> International Verification and Security Workshop (IVSW 2019)","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"34 9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123144862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: