5.4 Special Session: Lightweight Security for Resources-Constrained Internet-of-Things Applications

Time	Label	Presentation Title Authors
08:30	5.4.1	COST EFFICIENT DESIGN OF MODELLING ATTACKS-RESISTANT PHYSICAL UNCLONABLE FUNCTIONS Speaker: Basel Halak, Southampton University, GB Authors: Mohd Syafiq Mispan¹, Haibo Su¹, Mark Zwolinski² and Basel Halak³ ¹Electronics and Computer Science Department, Southampton University, GB; ²University of Southampton, GB; ³Southampton University, GB Abstract Physical Unclonable Functions (PUFs) exploit the intrinsic manufacturing process variations to generate a unique signature for each silicon chip; this technology allows building lightweight cryptographic primitive suitable for resource-constrained devices. However, the vast majority of existing PUF design is susceptible to modeling attacks using machine learning technique, this means it is possible for an adversary to build a mathematical clone of the PUF that have the same challenge/response behavior of the device. Existing approaches to solve this problem include the use of hash functions, which can be prohibitively expensive and render PUF technology as the suitable candidate for lightweight security. This work presents a challenge permutation and substitution techniques which are both area and energy efficient. We implemented two examples of the proposed solution in 65-nm CMOS technology, the first using a delay-based structure design (an Arbiter-PUF), and the second using sub-threshold current design (two-choose-one PUF or TCO-PUF). The resiliency of both architectures against modeling attacks is tested using an artificial neural network machine learning algorithm. The experiment results show that it is possible to reduce the predictability of PUFs to less than 70% and a fractional area and power costs compared to existing hash function approaches. Download Paper (PDF; Only available from the DATE venue WiFi)
08:52	5.4.2	DEVICE ATTESTATION: PAST, PRESENT, AND FUTURE Speaker: Yier Jin, University of Florida, US Authors: Orlando Arias¹, Dean Sullivan¹, Fahim Rahman², Mark M. Teranipoor² and Yier Jin² ¹University of Central Florida, US; ²University of Florida, US Abstract In recent years we have seen a rise in popularity of networked devices. From traffic signals in a city's busiest intersection and energy metering appliances, to internet-connected security cameras, these embedded devices have become entrenched in everyday life. As a consequence, a need to ensure secure and reliable operation of these devices has also risen. Device attestation is a promising solution to the operational demands of embedded devices, especially those widely used in Internet of Things and Cyber-Physical System. In this paper, we summarize the basics of device attestation. We then present a summary of attestation approaches by classifying them based on their functionality and reliability guarantees they provide to networked devices. Lastly, we discuss the limitations and potential issues current mechanisms exhibit and propose new research directions. Download Paper (PDF; Only available from the DATE venue WiFi)
09:14	5.4.3	A RECONFIGURABLE SCAN NETWORK BASED IC IDENTIFICATION FOR EMBEDDED DEVICES Speaker: Omid Aramoon, University of Maryland, US Authors: Omid Aramoon¹, Xi Chen¹ and Gang Qu² ¹University of Maryland, US; ²Univ. of Maryland, College Park, US Abstract Most of the Internet of Things (IoT) and embedded devices are resource constrained, making it impractical to secure them with the traditional computationally expensive crypto-based solutions. However, security and privacy are crucial in many IoT applications such as health monitoring. In this paper, we consider one of the most fundamental security problems: how to identify and authenticate an embedded device. We consider the fact that embedded devices are designed by reusing IP cores with reconfigurable scan network (RSN) as the standard testing facility and propose to generate unique integrated circuit (IC) identifications (IDs) based on different configurations for the RSN. These circuit IDs not only solve the IC and device identification and authentication problems, they can also be considered as a lightweight security primitive in other applications such as IC metering and IP fingerprinting. We demonstrate through the ITC'02 benchmarks that the proposed approach can easily create from 107 to 10186 unique IDs without any overhead. Finally, our method complies with the IEEE standards and thus has high practical value. Download Paper (PDF; Only available from the DATE venue WiFi)
09:36	5.4.4	EARLY DETECTION OF SYSTEM-LEVEL ANOMALOUS BEHAVIOUR USING HARDWARE PERFORMANCE COUNTERS Speaker: Mark Zwolinski, University of Southampton, GB Authors: Lai Leng Woo¹, Basel Halak² and Mark Zwolinski³ ¹Electronics and Computer Science Department, Southampton University, GB; ²Southampton University, GB; ³University of Southampton, GB Abstract Embedded systems suffer from reliability issues such as variations in temperature and voltage, single event effects and component degradation, as well as being exposed to various security attacks such as control hijacking, malware, reverse engineering, eavesdropping and many others. Both reliability problems and security attacks can cause the system to behave anomalously. In this paper, we will present a detection technique that is able to detect a change in the system before the system encounters a failure, by using data from Hardware Performance Counters (HPCs). Previously, we have shown how HPC data can be used to create an execution profile of a system based on measured events and any deviation from this profile indicates an anomaly has occurred in the system. The first step in developing a detector is to analyse the HPC data and extract the features from the collected data to build a forecasting model. Anomalies are assumed to happen if the observed value falls outside a given confidence interval, which is calculated based on the forecast values and prediction confidence. The detector is designed to provide a warning to the user if anomalies that are detected occur consecutively for a certain number of times. We evaluate our detection algorithm on benchmarks that are affected by single bit flip faults. Our initial results show that the detection algorithm is suitable for use for this kind of univariate time series data and is able to correctly identify anomalous data from normal data. Download Paper (PDF; Only available from the DATE venue WiFi)
10:00		End of session Coffee Break in Exhibition Area Coffee Breaks in the Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area (Terrace Level of the ICCD). Lunch Breaks (Großer Saal + Saal 1) On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the rooms "Großer Saal" and "Saal 1" (Saal Level of the ICCD) to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area. Tuesday, March 20, 2018 Coffee Break 10:30 - 11:30 Lunch Break 13:00 - 14:30 Awards Presentation and Keynote Lecture in "Saal 2" 13:50 - 14:20 Coffee Break 16:00 - 17:00 Wednesday, March 21, 2018 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:30 Awards Presentation and Keynote Lecture in "Saal 2" 13:30 - 14:20 Coffee Break 16:00 - 17:00 Thursday, March 22, 2018 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:00 Keynote Lecture in "Saal 2" 13:20 - 13:50 Coffee Break 15:30 - 16:00

Time

Label

Presentation Title
Authors

08:30

5.4.1

COST EFFICIENT DESIGN OF MODELLING ATTACKS-RESISTANT PHYSICAL UNCLONABLE FUNCTIONS
Speaker:
Basel Halak, Southampton University, GB
Authors:
Mohd Syafiq Mispan¹, Haibo Su¹, Mark Zwolinski² and Basel Halak³
¹Electronics and Computer Science Department, Southampton University, GB; ²University of Southampton, GB; ³Southampton University, GB
Abstract
Physical Unclonable Functions (PUFs) exploit the intrinsic manufacturing process variations to generate a unique signature for each silicon chip; this technology allows building lightweight cryptographic primitive suitable for resource-constrained devices. However, the vast majority of existing PUF design is susceptible to modeling attacks using machine learning technique, this means it is possible for an adversary to build a mathematical clone of the PUF that have the same challenge/response behavior of the device. Existing approaches to solve this problem include the use of hash functions, which can be prohibitively expensive and render PUF technology as the suitable candidate for lightweight security. This work presents a challenge permutation and substitution techniques which are both area and energy efficient. We implemented two examples of the proposed solution in 65-nm CMOS technology, the first using a delay-based structure design (an Arbiter-PUF), and the second using sub-threshold current design (two-choose-one PUF or TCO-PUF). The resiliency of both architectures against modeling attacks is tested using an artificial neural network machine learning algorithm. The experiment results show that it is possible to reduce the predictability of PUFs to less than 70% and a fractional area and power costs compared to existing hash function approaches.
Download Paper (PDF; Only available from the DATE venue WiFi)

08:52

5.4.2

DEVICE ATTESTATION: PAST, PRESENT, AND FUTURE
Speaker:
Yier Jin, University of Florida, US
Authors:
Orlando Arias¹, Dean Sullivan¹, Fahim Rahman², Mark M. Teranipoor² and Yier Jin²
¹University of Central Florida, US; ²University of Florida, US
Abstract
In recent years we have seen a rise in popularity of networked devices. From traffic signals in a city's busiest intersection and energy metering appliances, to internet-connected security cameras, these embedded devices have become entrenched in everyday life. As a consequence, a need to ensure secure and reliable operation of these devices has also risen. Device attestation is a promising solution to the operational demands of embedded devices, especially those widely used in Internet of Things and Cyber-Physical System. In this paper, we summarize the basics of device attestation. We then present a summary of attestation approaches by classifying them based on their functionality and reliability guarantees they provide to networked devices. Lastly, we discuss the limitations and potential issues current mechanisms exhibit and propose new research directions.
Download Paper (PDF; Only available from the DATE venue WiFi)

09:14

5.4.3

A RECONFIGURABLE SCAN NETWORK BASED IC IDENTIFICATION FOR EMBEDDED DEVICES
Speaker:
Omid Aramoon, University of Maryland, US
Authors:
Omid Aramoon¹, Xi Chen¹ and Gang Qu²
¹University of Maryland, US; ²Univ. of Maryland, College Park, US
Abstract
Most of the Internet of Things (IoT) and embedded devices are resource constrained, making it impractical to secure them with the traditional computationally expensive crypto-based solutions. However, security and privacy are crucial in many IoT applications such as health monitoring. In this paper, we consider one of the most fundamental security problems: how to identify and authenticate an embedded device. We consider the fact that embedded devices are designed by reusing IP cores with reconfigurable scan network (RSN) as the standard testing facility and propose to generate unique integrated circuit (IC) identifications (IDs) based on different configurations for the RSN. These circuit IDs not only solve the IC and device identification and authentication problems, they can also be considered as a lightweight security primitive in other applications such as IC metering and IP fingerprinting. We demonstrate through the ITC'02 benchmarks that the proposed approach can easily create from 107 to 10186 unique IDs without any overhead. Finally, our method complies with the IEEE standards and thus has high practical value.
Download Paper (PDF; Only available from the DATE venue WiFi)

09:36

5.4.4

EARLY DETECTION OF SYSTEM-LEVEL ANOMALOUS BEHAVIOUR USING HARDWARE PERFORMANCE COUNTERS
Speaker:
Mark Zwolinski, University of Southampton, GB
Authors:
Lai Leng Woo¹, Basel Halak² and Mark Zwolinski³
¹Electronics and Computer Science Department, Southampton University, GB; ²Southampton University, GB; ³University of Southampton, GB
Abstract
Embedded systems suffer from reliability issues such as variations in temperature and voltage, single event effects and component degradation, as well as being exposed to various security attacks such as control hijacking, malware, reverse engineering, eavesdropping and many others. Both reliability problems and security attacks can cause the system to behave anomalously. In this paper, we will present a detection technique that is able to detect a change in the system before the system encounters a failure, by using data from Hardware Performance Counters (HPCs). Previously, we have shown how HPC data can be used to create an execution profile of a system based on measured events and any deviation from this profile indicates an anomaly has occurred in the system. The first step in developing a detector is to analyse the HPC data and extract the features from the collected data to build a forecasting model. Anomalies are assumed to happen if the observed value falls outside a given confidence interval, which is calculated based on the forecast values and prediction confidence. The detector is designed to provide a warning to the user if anomalies that are detected occur consecutively for a certain number of times. We evaluate our detection algorithm on benchmarks that are affected by single bit flip faults. Our initial results show that the detection algorithm is suitable for use for this kind of univariate time series data and is able to correctly identify anomalous data from normal data.
Download Paper (PDF; Only available from the DATE venue WiFi)

10:00

End of session
Coffee Break in Exhibition Area

Coffee Breaks in the Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area (Terrace Level of the ICCD).

Lunch Breaks (Großer Saal + Saal 1)

On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the rooms "Großer Saal" and "Saal 1" (Saal Level of the ICCD) to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area.

Tuesday, March 20, 2018