Integrated Security Technologies in Cyber-Physical Systems 2015

 

 
SoS Logo

Integrated Security Technologies

in Cyber-Physical Systems, 2015

 

Cybersecurity has spent the past two decades largely as a “bolt-on” product added as an afterthought. To get to composability, built-in, integrated security will be a key factor. The research cited here was presented in 2015.




H. Hidaka, “How Future Mobility Meets IT: Cyber-Physical System Designs Revisit Semiconductor Technology,” Solid-State Circuits Conference (A-SSCC), 2015 IEEE Asian, Xiamen, 2015, pp. 1-4. doi: 10.1109/ASSCC.2015.7387514

Abstract: Cyber-Physical System (CPS) exemplified by future mobility application systems necessitates unconventional embedded design considerations in embedded systems; multiples latency-aware computing and communication construction, the importance of once non-functional requirements like security and safety to cover physical- and cyber-systems, and VLSI life-time design by ecology. All in all we have to reexamine and re-organize current semiconductor technology to produce platform bases for connected open collaborations to tackle global human challenges.

Keywords: VLSI; circuit analysis computing; cyber-physical systems; integrated circuit design; semiconductor technology; CPS; IT; VLSI life-time design; communication construction; cyber-physical system designs; embedded design; embedded systems; mobility application systems; multiple latency-aware computing; semiconductor technology; Automotive engineering; Cyber-physical systems; Safety; Security; Sensors; System analysis and design; Very large scale integration (ID#: 16-11257)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387514&isnumber=7387429

 

Y. Peng et al., “Cyber-Physical Attack-Oriented Industrial Control Systems (ICS) Modeling, Analysis and Experiment Environment,” 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP),

Adelaide, SA, 2015, pp. 322-326. doi: 10.1109/IIH-MSP.2015.110

Abstract: The most essential difference between information technology (IT) and industrial control systems (ICS) is that ICSs are Cyber-Physical Systems (CPS) and they have direct effects on the physical world. In the context of this paper, the specific attacks which can lead to physical damage via cyber means are named as Cyber-Physical Attacks. In the real world, malware associated events, such as Stuxnet, have proven that this kind of attack is both feasible and destructive. We proposed an ICS-CPS operation dual-loop analysis model (ICONDAM) for analyzing ICS' human-cyber-physical interdependences. And we present an architecture and the features of our CPS-based Critical Infrastructure Integrated Experiment Platform (C2I2EP) ICS experiment environment. Through both theory analysis and experiments over the Cyber-Physical Attacks performed on our ICS experiment environment, we can say that ICONDAM model and C2I2EP experiment environment has a promising prospect in the field of ICS cyber-security research.

Keywords: industrial control; invasive software; production engineering computing; C2I2EP; CPS-based critical infrastructure integrated experiment platform; ICONDAM model; ICS cyber-security research; ICS experiment environment; ICS human-cyber-physical interdependences; ICS modeling; ICS-CPS operation dual-loop analysis model; IT; Stuxnet; cyber-physical attack-oriented industrial control systems; information technology; malware associated events; Analytical models; Biological system modeling; Integrated circuit modeling; Malware; Process control; Sensors; Cyber-Physical Attacks; Cyber-Physical Systems (CPS); Industrial Control Systems (ICS); cyber security; experiment environment (ID#: 16-11258)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7415822&isnumber=7415733

 

L. Vegh and L. Miclea, “A Simple Scheme for Security and Access Control in Cyber-Physical Systems,” 2015 20th International Conference on Control Systems and Computer Science, Bucharest, 2015, pp. 294-299. doi: 10.1109/CSCS.2015.13

Abstract: In a time when technology changes continuously, where things you need today to run a certain system, might not be needed tomorrow anymore, security is a constant requirement. No matter what systems we have, or how we structure them, no matter what means of digital communication we use, we are always interested in aspects like security, safety, privacy. An example of the ever-advancing technology are cyber-physical systems. We propose a complex security architecture that integrates several consecrated methods such as cryptography, steganography and digital signatures. This architecture is designed to not only ensure security of communication by transforming data into secret code, it is also designed to control access to the system and detect and prevent cyber attacks.

Keywords: authorisation; cryptography; digital signatures; steganography; access control; cyber attacks; cyber-physical system; security architecture; security requirement; system security; Computer architecture; Digital signatures; Encryption; Public key; multi-agent systems; (ID#: 16-11259)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7168445&isnumber=7168393

 

M. Heiss, A. Oertl, M. Sturm, P. Palensky, S. Vielguth and F. Nadler, “Platforms for Industrial Cyber-Physical Systems Integration: Contradicting Requirements as Drivers for Innovation,” Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES), 2015 Workshop on, Seattle, WA, 2015, pp. 1-8. doi: 10.1109/MSCPES.2015.7115405

Abstract: The full potential of distributed cyber-physical systems (CPS) can only be leveraged if their functions and services can be flexibly integrated. Challenges like communication quality, interoperability, and amounts of data are massive. The design of such integration platforms therefore requires radically new concepts. This paper shows the industrial view, the business perspective on such envisioned platforms. It turns out that there are not only huge technical challenges to overcome but also fundamental dilemmas. Contradicting requirements and conflicting trends force us to re-think the task of interconnecting services of distributed CPS.

Keywords: embedded systems; manufacturing data processing; business perspective; distributed CPS; distributed cyber-physical system; industrial cyber-physical system integration; Business; Complexity theory; Computer architecture; Optimization; Reliability; Security; Software; IT platforms; complexity management; cyber-physical systems; distributed systems; software integration 

(ID#: 16-11260)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7115405&isnumber=7115373

 

D. Chen, K. Meinke, F. Asplund and C. Baumann, “A Knowledge-in-the-Loop Approach to Integrated Safety & Security for Cooperative System-of-Systems,” 2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS), Cairo, 2015, pp. 13-20. doi: 10.1109/IntelCIS.2015.7397237

Abstract: A system-of-systems (SoS) is inherently open in configuration and evolutionary in lifecycle. For the next generation of cooperative cyber-physical system-of-systems, safety and security constitute two key issues of public concern that affect the deployment and acceptance. In engineering, the openness and evolutionary nature also entail radical paradigm shifts. This paper presents one novel approach to the development of qualified cyber-physical system-of-systems, with Cooperative Intelligent Transport Systems (C-ITS) as one target. The approach, referred to as knowledge-in-the-loop, aims to allow a synergy of well-managed lifecycles, formal quality assurance, and smart system features. One research goal is to enable an evolutionary development with continuous and traceable flows of system rationale from design-time to post-deployment time and back, supporting automated knowledge inference and enrichment. Another research goal is to develop a formal approach to risk-aware dynamic treatment of safety and security as a whole in the context of system-of-systems. Key base technologies include: (1) EAST-ADL for the consolidation of system-wide concerns and for the creation of an ontology for advanced run-time decisions, (2) Learning Based-Testing for run-time and post-deployment model inference, safety monitoring and testing, (3) Provable Isolation for run-time attack detection and enforcement of security in real-time operating systems.

Keywords: cyber-physical systems; evolutionary computation; formal verification; intelligent transportation systems; learning (artificial intelligence); ontologies (artificial intelligence); security of data; C-ITS; EAST-ADL; cooperative intelligent transport systems; cooperative system-of-systems; cyber-physical system-of-systems; evolutionary development; formal quality assurance; integrated safety and security; knowledge-in-the-loop approach; learning based-testing; ontology; risk-aware dynamic treatment; run-time attack detection; safety monitoring; smart system feature; Analytical models; Ontologies; Organizations; Risk management; Roads; Security; System analysis and design; cyber-physical system; knowledge modeling; machine learning; model-based development; ontology; quality-of-service; safety; security; systems-of-systems; verification and validation (ID#: 16-11261)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7397237&isnumber=7397173

 

H. Derhamy, J. Eliasson, J. Delsing, P. P. Pereira and P. Varga, “Translation Error Handling for Multi-Protocol SOA Systems,” 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA), Luxembourg, 2015, pp. 1-8. doi: 10.1109/ETFA.2015.7301473

Abstract: The IoT research area has evolved to incorporate a plethora of messaging protocol standards, both existing and new, emerging as preferred communications means. The variety of protocols and technologies enable IoT to be used in many application scenarios. However, the use of incompatible communication protocols also creates vertical silos and reduces interoperability between vendors and technology platform providers. In many applications, it is important that maximum interoperability is enabled. This can be for reasons such as efficiency, security, end-to-end communication requirements etc. In terms of error handling each protocol has its own methods, but there is a gap for bridging the errors across protocols. Centralized software bus and integrated protocol agents are used for integrating different communications protocols. However, the aforementioned approaches do not fit well in all Industrial IoT application scenarios. This paper therefore investigates error handling challenges for a multi-protocol SOA-based translator. A proof of concept implementation is presented based on MQTT and CoAP. Experimental results show that multi-protocol error handling is possible and furthermore a number of areas that need more investigation have been identified.

Keywords: open systems; protocols; service-oriented architecture; CoAP; MQTT; centralized software bus; communication protocols; industrial IoT; integrated protocol agents; maximum interoperability; messaging protocol standards; multiprotocol SOA systems; multiprotocol SOA-based translator; translation error handling; Computer architecture; Delays; Monitoring; Protocols; Quality of service; Servers; Service-oriented architecture; Arrowhead; Cyber-physical systems; Error handling; Internet of Things; Protocol translation; SOA; Translation (ID#: 16-11262)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301473&isnumber=7301399

 

V. Meza, X. Gomez and E. Perez, “Quantifying Observability in State Estimation Considering Network Infrastructure Failures,” Innovative Smart Grid Technologies Latin America (ISGT LATAM), 2015 IEEE PES, Montevideo, 2015, pp. 171-176. doi: 10.1109/ISGT-LA.2015.7381148

Abstract: Smart grid integrates electrical network, communication systems and information technologies, where increasing architecture interdependency is introducing new challenges in the evaluation of how possible threats could affect security and reliability of power system. While cyber-attacks have been widely studied, consequences of physical failures on real-time applications are starting to receive attention due to implications for power system security. This paper presents a methodology to quantify the impact on observability in state estimation of possible disruptive failures of a common transmission infrastructure. Numerical results are obtained by calculating observability indicators on an IEEE 14-bus test case, considering the simultaneous disconnection of power transmission lines and communication links installed on the same infrastructure.

Keywords: computer network reliability; computer network security; power engineering computing; power system measurement; power system reliability; power system security; smart power grids; state estimation; common transmission infrastructure; communication link disconnection; disruptive failures; network infrastructure failures; observability quantification; physical failure; power transmission lines; smart power grid; Jacobian matrices; Mathematical model; Observability; Power measurement; Power systems; Security; State estimation; Observability; cyber-physical security; power systems; (ID#: 16-11263)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381148&isnumber=7381114

 

C. C. Sun, J. Hong and C. C. Liu, “A Co-Simulation Environment for Integrated Cyber and Power Systems,” 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm), Miami, FL, 2015, pp. 133-138. doi: 10.1109/SmartGridComm.2015.7436289

Abstract: Due to the development of new power technologies, cyber infrastructures have been widely deployed for monitoring, control, and operation of a power grid. Information and Communications Technology (ICT) provides connectivity of the cyber and power systems. As a result, cyber intrusions become a threat that may cause damages to the physical infrastructures. Research on cyber security for the power grid is a high priority subject for the emerging smart grid environment. A cyber-physical testbed is critical for the study of cyber-physical security of power systems. For confidentiality, measurements (e.g., voltages, currents and binary status) and ICT data (e.g., communication protocols, system logs, and security logs) from the power grids are not publicly accessible. Therefore, a realistic testbed is a good alternative for study of the interactions between physical and cyber systems of a power grid.

Keywords: power engineering computing; power system security; security of data; smart power grids; ICT; co-simulation environment; cyber infrastructures; cyber intrusions; cyber systems; cyber-physical security; cyber-physical testbed; information and communications technology; physical infrastructures; power grid; power systems; smart grid environment; Computer security; Protocols; Real-time systems; Smart grids; Substations; Co-simulations; Cyber Security; Cyber-Physical Security; Intrusion Detection System for Substations; Smart Grid Testbed (ID#: 16-11264)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7436289&isnumber=7436263

 

R. Liu and A. Srivastava, “Integrated Simulation to Analyze the Impact of Cyber-Attacks on the Power Grid,” Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES), 2015 Workshop on, Seattle, WA, 2015, pp. 1-6. doi: 10.1109/MSCPES.2015.7115395

Abstract: With the development of the smart grid technology, Information and Communication Technology (ICT) plays a significant role in the smart grid. ICT enables to realize the smart grid, but also brings cyber vulnerabilities. It is important to analyze the impact of possible cyber-attacks on the power grid. In this paper, a real-time, cyber-physical co-simulation testbed with hardware-in-the-loop capability is discussed. Real-time Digital Simulator (RTDS), Synchrophasor devices, DeterLab, and a wide- area monitoring application with closed-loop control are utilized in the developed testbed. Two different real life cyber-attacks, including TCP SYN flood attack, and man-in-the-middle attack, are simulated on an IEEE standard power system test case to analyze the the impact of these cyber-attacks on the power grid.

Keywords: closed loop systems; digital simulation; phasor measurement; power system simulation; smart power grids; DeterLab; ICT; IEEE standard power system test case; RTDS; TCP SYN flood attack; closed loop control; cyber vulnerability; cyber-attack impact analysis; hardware-in-the-loop capability; information and communication technology; integrated simulation; man-in-the-middle attack; real-time cyber-physical cosimulation testbed; real-time digital simulator; smart power grid technology; synchrophasor devices; wide-area monitoring application; Capacitors; Loading; Phasor measurement units; Power grids; Power system stability; Reactive power; Real-time systems; Cyber Security; Cyber-Physical; DeterLab; Real-Time Co-Simulation; Synchrophasor Devices (ID#: 16-11265)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7115395&isnumber=7115373

 

Bowen Zheng, W. Li, P. Deng, L. Gérardy, Q. Zhu and N. Shankar, “Design and Verification for Transportation System Security,” 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), San Francisco, CA, 2015, pp. 1-6. doi: 10.1145/2744769.2747920

Abstract: Cyber-security has emerged as a pressing issue for transportation systems. Studies have shown that attackers can attack modern vehicles from a variety of interfaces and gain access to the most safety-critical components. Such threats become even broader and more challenging with the emergence of vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication technologies. Addressing the security issues in transportation systems requires comprehensive approaches that encompass considerations of security mechanisms, safety properties, resource constraints, and other related system metrics. In this work, we propose an integrated framework that combines hybrid modeling, formal verification, and automated synthesis techniques for analyzing the security and safety of transportation systems and carrying out design space exploration of both in-vehicle electronic control systems and vehicle-to-vehicle communications. We demonstrate the ideas of our framework through a case study of cooperative adaptive cruise control.

Keywords: formal verification; on-board communications; road safety; security of data; traffic engineering computing; automated synthesis techniques; cooperative adaptive cruise control; design space exploration; formal verification; hybrid modeling; in-vehicle electronic control systems; transportation system safety; transportation system security; vehicle-to-vehicle communications; Delays; Safety; Security; Sensors; Vehicles (ID#: 16-11266)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7167280&isnumber=7167177

 

M. S. Mispan, B. Halak, Z. Chen and M. Zwolinski, “TCO-PUF: A Subthreshold Physical Unclonable Function,” Ph.D. Research in Microelectronics and Electronics (PRIME), 2015 11th Conference on, Glasgow, 2015, pp. 105-108. doi: 10.1109/PRIME.2015.7251345

Abstract: A Physical Unclonable Function (PUF) is a promising technology towards comprehensive security protection for integrated circuit applications. It provides a secure method of hardware identification and authentication by exploiting inherent manufacturing process variations to generate a unique response for each device. Subthreshold Current Array PUFs, which are based on the non-linearity of currents and voltages in MOSFETs in the subthreshold region, provide higher security against machine learning-based attacks compared with delay-based PUFs. However, their implementation is not practical due to the low output voltages generated from transistor arrays. In this paper, a novel architecture for a PUF, called the “Two Chooses One” PUF or TCO-PUF, is proposed to improve the output voltage ranges. The proposed PUF shows excellent quality metrics. The average inter-chip Hamming distance is 50.23%. The reliability over the temperature and ±10% supply voltage fluctuations is 91.58%. In terms of security, on average TCO-PUF shows higher security compared to delay-based PUFs and existing designs of Subthreshold Current Array PUFs against machine learning attacks.

Keywords: MOSFET; cryptographic protocols; integrated circuit design; integrated circuit reliability; learning (artificial intelligence); security of data; TCO-PUF; current nonlinearity; hardware authentication; hardware identification; integrated circuit applications; interchip Hamming distance; machine learning-based attacks; security protection; subthreshold current array PUF; two chooses one physical unclonable function; Arrays; Measurement; Reliability; Security; Subthreshold current; Transistors; Modelling attacks; Physical Unclonable Function; Subthreshold (ID#: 16-11267)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7251345&isnumber=7251078

 

V. Casola, A. D. Benedictis and M. Rak, “Security Monitoring in the Cloud: An SLA-Based Approach,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, pp. 749-755. doi: 10.1109/ARES.2015.74

Abstract: In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics associated with the set of security Service Level Objectives (SLOs) that have been specified in the Security SLA. To demonstrate our approach, we discuss a case study related to detection and management of vulnerabilities and illustrate the integration of the popular open source monitoring system Open VAS into our monitoring architecture. We show how the system is configured and activated by means of available Cloud automation technologies and provide a concrete example of related SLOs and metrics.

Keywords: cloud computing; contracts; public domain software; security of data; system monitoring; OpenVAS; SLA-based approach; SLO; cloud automation technologies; monitoring architecture; open source monitoring system; open-source products; security monitoring; security service level objectives; security-related monitoring tools; signed security SLA; vulnerability management; Automation; Computer architecture; Measurement; Monitoring; Protocols; Security; Servers; Cloud security monitoring; Open VAS; Security Service Level Agreements; vulnerability monitoring (ID#: 16-11268)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299988&isnumber=7299862

 

M. Ennahbaoui, H. Idrissi and S. E. Hajji, “Secure and Flexible Grid Computing Based Intrusion Detection System Using Mobile Agents and Cryptographic Traces,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 314-319. doi: 10.1109/INNOVATIONS.2015.7381560

Abstract: Grid Computing is one of the new and innovative information technologies that attempt to make resources sharing global and more easier. Integrated in networked areas, the resources and services in grid are dynamic, heterogeneous and they belong to multiple spaced domains, which effectively enables a large scale collection, sharing and diffusion of data. However, grid computing stills a new paradigm that raises many security issues and conflicts in the computing infrastructures where it is integrated. In this paper, we propose an intrusion detection system (IDS) based on the autonomy, intelligence and independence of mobile agents to record the behaviors and actions on the grid resource nodes to detect malicious intruders. This is achieved through the use of cryptographic traces associated with chaining mechanism to elaborate hashed black statements of the executed agent code, which are then compared to depict intrusions. We have conducted experiments basing three metrics: network load, response time and detection ability to evaluate the effectiveness of our proposed IDS.

Keywords: cryptography; grid computing; mobile agents; IDS; chaining mechanism; cryptographic traces; data collection; data diffusion; data sharing; detection ability metric; intrusion detection system; network load metric; resources sharing; response time metric; security issues; Computer architecture; Cryptography; Grid computing; Intrusion detection; Mobile agents; Monitoring

(ID#: 16-11269)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381560&isnumber=7381480

 

Y. Bi, K. Shamsi, J. S. Yuan, F. X. Standaert and Y. Jin, “Leverage Emerging Technologies for DPA-Resilient Block Cipher Design,” 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 2016, pp. 1538-1543.

doi: (not provided)

Abstract: Emerging devices have been designed and fabricated to extend Moore's Law. While the benefits over traditional metrics such as power, energy, delay, and area certainly apply to emerging device technologies, new devices may offer additional benefits in addition to improvements in the aforementioned metrics. In this sense, we consider how new transistor technologies could also have a positive impact on hardware security. More specifically, we consider how tunneling FETs (TFET) and silicon nanowire FETs (SiNW FETs) could offer superior protection to integrated circuits and embedded systems that are subject to hardware-level attacks — e.g., differential power analysis (DPA). Experimental results on SiNW FET and TFET CML gates are presented. In addition, simulation results of utilizing TFET CML on a light-weight cryptographic circuit, KATAN32, show that TFET-based current mode logic (CML) can both improve DPA resilience and preserve low power consumption in the target design. Compared to the CMOS-based CML designs, the TFET CML circuit consumes 15 times less power while achieving a similar level of DPA resistance.

Keywords: cryptography; current-mode logic; field effect transistors; nanowires; security; silicon; tunnel transistors; CMOS-based CML design; DPA resilience; DPA-resilient block cipher design; KATAN32; Moore law; Si; SiNW FET; TFET CML gate; complementary metal oxide semiconductor; current mode logic; differential power analysis; hardware security; hardware-level attack; integrated circuit; leverage emerging technology; light-weight cryptographic circuit; low power consumption; silicon nanowire FET; transistor technologies; tunneling field effect transistor; CMOS integrated circuits; Cryptography; Logic gates; Power demand; TFETs; Current Mode Logic (CML); Differential Power Analysis (DPA); Emerging Technologies (ID#: 16-11270)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7459558&isnumber=7459269

 

S. R. Sahoo, S. Kumar and K. Mahapatra, “A Modified Configurable RO PUF with Improved Security Metrics,” 2015 IEEE International Symposium on Nanoelectronic and Information Systems, Indore, 2015, pp. 320-324. doi: 10.1109/iNIS.2015.37

Abstract: Physical Unclonable Functions (PUF) are promising security primitives used to produce unique signature for Integrated circuit (IC) which are useful in hardware security and cryptographic applications. Out of several PUF proposed by researcher like Ring Oscillator (RO) PUF, Arbiter PUF, configurable RO (CRO) PUF etc. RO PUF is widely used because of its higher uniqueness. As the frequency of RO is highly susceptible to temperature and voltage fluctuation it affects the reliability of IC signature. So to improve the reliability configurable ROs (CRO) are used. In this paper we present a modified CRO PUF in which inverters used to design RO use different logic styles: static CMOS and Feed through logic (FTL). The FTL based CRO PUF improves the uniqueness as well as the reliability of signature against environmental fluctuation (temperature and voltage) because of its higher leakage current and low switching threshold. The security metrics like uniqueness and reliability are calculated for proposed modified CRO PUF and compared with earlier proposed CRO PUF by carrying out the simulation in 90 nm technology.

Keywords: CMOS logic circuits; copy protection; cryptography; integrated circuit design; integrated circuit reliability; leakage currents; logic design; logic gates; oscillators; CRO PUF;FTL;IC signature; arbiter PUF; configurable RO PUF; cryptographic applications; feed through logic; hardware security; integrated circuit; inverters; leakage current; logic styles; physical unclonable functions; ring oscillator; security metrics; size 90 nm; static CMOS; switching threshold; voltage fluctuation; Information systems; Challenge-Response pair (CRP); Configurable Ring Oscillator (CRO);Feedthrough logic (FTL); Physical Unclonable Function (PUF);process variation (PV)

(ID#: 16-11271)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7434447&isnumber=7434375

 

K. E. Lever, K. Kifayat and M. Merabti, “Identifying Interdependencies Using Attack Graph Generation Methods,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 80-85. doi: 10.1109/INNOVATIONS.2015.7381519

Abstract: Information and communication technologies have augmented interoperability and rapidly advanced varying industries, with vast complex interconnected networks being formed in areas such as safety-critical systems, which can be further categorised as critical infrastructures. What also must be considered is the paradigm of the Internet of Things which is rapidly gaining prevalence within the field of wireless communications, being incorporated into areas such as e-health and automation for industrial manufacturing. As critical infrastructures and the Internet of Things begin to integrate into much wider networks, their reliance upon communication assets by third parties to ensure collaboration and control of their systems will significantly increase, along with system complexity and the requirement for improved security metrics. We present a critical analysis of the risk assessment methods developed for generating attack graphs. The failings of these existing schemas include the inability to accurately identify the relationships and interdependencies between the risks and the reduction of attack graph size and generation complexity. Many existing methods also fail due to the heavy reliance upon the input, identification of vulnerabilities, and analysis of results by human intervention. Conveying our work, we outline our approach to modelling interdependencies within large heterogeneous collaborative infrastructures, proposing a distributed schema which utilises network modelling and attack graph generation methods, to provide a means for vulnerabilities, exploits and conditions to be represented within a unified model.

Keywords: graph theory; risk management; security of data; Internet of Things; attack graph generation methods; communication assets; complex interconnected networks; critical infrastructures; distributed schema; e-health; generation complexity; heterogeneous collaborative infrastructures; industrial manufacturing automation; information and communication technologies; interdependencies identification; interdependencies modelling; interoperability; risk assessment methods; safety-critical systems; security metrics; system complexity; vulnerabilities identification; wireless communications; Collaboration; Complexity theory; Internet of things; Power system faults; Power system protection; Risk management; Security; Attack Graphs; Cascading Failures; Collaborative Infrastructures; Interdependency

(ID#: 16-11272)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381519&isnumber=7381480

 

C. Herber, A. Saeed and A. Herkersdorf, “Design and Evaluation of a Low-Latency AVB Ethernet Endpoint Based on ARM SoC,” 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), New York, NY, 2015, pp. 1128-1134. doi: 10.1109/HPCC-CSS-ICESS.2015.52

Abstract: Communication requirements in automotive electronics are steadily increasing. To satisfy this demand and enable future automotive embedded architectures, new interconnect technologies are needed. Audio Video Bridging (AVB) Ethernet is a promising candidate to accomplish this as it features time sensitive and synchronous communication in combination with high bit rates. However, there is a lack of commercial products as well as research regarding AVB-capable system-on-chips (SoCs). In this paper, we investigate how and at what cost a legacy Ethernet MAC can be enhanced into an AVB Ethernet controller. Using FPGA prototyping and a real system based on an ARM Cortex-A9 SoC running Linux, we conducted a series of experiments to evaluate important performance metrics and to validate our design decisions. We achieved frame release latencies of less than 6 μs and time-synchronization with an endpoint-induced inaccuracy of up to 8 μs.

Keywords: Linux; automotive electronics; field programmable gate arrays; local area networks; system-on-chip; ARM Cortex-A9; ARM SoC; Ethernet MAC; FPGA; audio video bridging; automotive electronic; bit rate; field programmable gate array; low-latency AVB Ethernet endpoint; synchronous communication; system-on-chip; Automotive engineering; Field programmable gate arrays; Hardware; Random access memory; Software; Synchronization; Audio Video Bridging; Automotive Electronics; Ethernet

(ID#: 16-11273)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336320&isnumber=7336120

 

H. Manem, K. Beckmann, M. Xu, R. Carroll, R. Geer and N. C. Cady, “An Extendable Multi-Purpose 3D Neuromorphic Fabric Using Nanoscale Memristors,” 2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), Verona, NY, 2015, pp. 1-8. doi: 10.1109/CISDA.2015.7208625

Abstract: Neuromorphic computing offers an attractive means for processing and learning complex real-world data. With the emergence of the memristor, the physical realization of cost-effective artificial neural networks is becoming viable, due to reduced area and increased performance metrics than strictly CMOS implementations. In the work presented here, memristors are utilized as synapses in the realization of a multi-purpose heterogeneous 3D neuromorphic fabric. This paper details our in-house memristor and 3D technologies in the design of a fabric that can perform real-world signal processing (i.e., image/video etc.) as well as everyday Boolean logic applications. The applicability of this fabric is therefore diverse with applications ranging from general-purpose and high performance logic computing to power-conservative image detection for mobile and defense applications. The proposed system is an area-effective heterogeneous 3D integration of memristive neural networks, that consumes significantly less power and allows for high speeds (3D ultra-high bandwidth connectivity) in comparison to a purely CMOS 2D implementation. Images and results provided will illustrate our state of the art 3D and memristor technology capabilities for the realization of the proposed 3D memristive neural fabric. Simulation results also show the results for mapping Boolean logic functions and images onto perceptron based neural networks. Results demonstrate the proof of concept of this system, which is the first step in the physical realization of the multi-purpose heterogeneous 3D memristive neuromorphic fabric.

Keywords: Boolean functions; CMOS integrated circuits; fabrics; memristors; neural chips; perceptrons; signal processing; three-dimensional integrated circuits; 3D memristive neural fabric; 3D technology; Boolean logic function application; CMOS implementation; area effective heterogeneous 3D integration; artificial neural network; complementary metal oxide semiconductor; defense application; extendable multipurpose 3D neuromorphic fabric; logic computing; memristive neural network; mobile application; nanoscale memristor; neuromorphic computing; perceptron; power conservative image detection; Decision support systems; Fabrics; Memristors; Metals; Neuromorphics; Neurons; Three-dimensional displays; 3D integrated circuits; image processing; memristor; nanoelectronics; neural networks (ID#: 16-11274)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7208625&isnumber=7208613

 

P. R. da Paz Ferraz Santos, R. P. Esteves and L. Z. Granville, “Evaluating SNMP, NETCONF, and RESTful Web Services for Router Virtualization Management,” 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, 2015, pp. 122-130. doi: 10.1109/INM.2015.7140284

Abstract: In network virtualization environments (NVEs), the physical infrastructure is shared among different users (or service providers) who create multiple virtual networks (VNs). As part of VN provisioning, virtual routers (VRs) are created inside physical routers supporting virtualization. Currently, the management of NVEs is mostly realized by proprietary solutions. Heterogeneous NVEs (i.e., with different equipment and technologies) are difficult to manage due to the lack of standardized management solutions. As a first step to achieve management interoperability, good performance, and high scalability, we implemented, evaluated, and compared four management interfaces for physical routers that host virtual ones. The interfaces are based on SNMP (v2c and v3), NETCONF, and RESTful Web Services, and are designed to perform three basic VR management operations: VR creation, VR retrieval, and VR removal. We evaluate these interfaces with regard to the following metrics: response time, CPU time, memory consumption, and network usage. Results show that the SNMPv2c interface is the most suitable one for small NVEs without strict security requirements and NETCONF is the best choice to compose a management interface to be deployed in more realistic scenarios, where security and scalability are major concerns.

Keywords: Web services; open systems; security of data; virtualisation; NETCONF; NVEs; RESTful Web services; SNMPv2c interface; VN provisioning; VR creation; VR management operations; VR removal; VR retrieval; management interoperability; network virtualization environments; router virtualization management; security; virtual networks; virtual routers; Data models; Memory management; Protocols; Servers; Virtual machine monitors; Virtualization; XML (ID#: 16-11275)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7140284&isnumber=7140257

 

E. Takamura, K. Mangum, F. Wasiak and C. Gomez-Rosa, “Information Security Considerations for Protecting NASA Mission Operations Centers (MOCs),” 2015 IEEE Aerospace Conference, Big Sky, MT, 2015, pp. 1-14. doi: 10.1109/AERO.2015.7119207

Abstract: In NASA space flight missions, the Mission Operations Center (MOC) is often considered “the center of the (ground segment) universe,” at least by those involved with ground system operations. It is at and through the MOC that spacecraft is commanded and controlled, and science data acquired. This critical element of the ground system must be protected to ensure the confidentiality, integrity and availability of the information and information systems supporting mission operations. This paper identifies and highlights key information security aspects affecting MOCs that should be taken into consideration when reviewing and/or implementing protecting measures in and around MOCs. It stresses the need for compliance with information security regulation and mandates, and the need for the reduction of IT security risks that can potentially have a negative impact to the mission if not addressed. This compilation of key security aspects was derived from numerous observations, findings, and issues discovered by IT security audits the authors have conducted on NASA mission operations centers in the past few years. It is not a recipe on how to secure MOCs, but rather an insight into key areas that must be secured to strengthen the MOC, and enable mission assurance. Most concepts and recommendations in the paper can be applied to non-NASA organizations as well. Finally, the paper emphasizes the importance of integrating information security into the MOC development life cycle as configuration, risk and other management processes are tailored to support the delicate environment in which mission operations take place.

Keywords: aerospace computing; command and control systems; data integrity; information systems; risk management; security of data; space vehicles; IT security audits; IT security risk reduction; MOC development life cycle; NASA MOC protection; NASA mission operation center protection; NASA space flight missions; ground system operations; information availability; Information confidentiality; information integrity; information security considerations; information security regulation; information systems; nonNASA organizations; spacecraft command and control; Access control; Information security; Monitoring; NASA; Software; IT security metrics; access control; asset protection; automation; change control; connection protection; continuous diagnostics and mitigation; continuous monitoring; ground segment ground system; incident handling; information assurance; information security; information security leadership; information technology leadership; infrastructure protection; least privilege; logical security; mission assurance; mission operations; mission operations center; network security; personnel screening; physical security; policies and procedures; risk management; scheduling restrictions; security controls; security hardening; software updates; system cloning and software licenses; system security; system security life cycle; unauthorized change detection; unauthorized change deterrence; unauthorized change prevention

(ID#: 16-11276)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7119207&isnumber=7118873

 

S. R. Sahoo, S. Kumar and K. Mahapatra, “A Novel ROPUF for Hardware Security,” VLSI Design and Test (VDAT), 2015 19th International Symposium on, Ahmedabad, 2015, pp. 1-2. doi: 10.1109/ISVDAT.2015.7208093

Abstract: Physical Unclonable Functions (PUFs) are promising security primitives in recent times. A PUF is a die-specific random function or silicon biometric that is unique for every instance of the die. PUFs derive their randomness from the uncontrolled random variations in the IC manufacturing process which is used to generate cryptographic keys. Researchers have proposed different kinds of PUF in last decade, with varying properties. Quality of PUF is decided by its properties like: uniqueness, reliability, uniformity etc. In this paper we have designed a novel CMOS based RO PUF with improved quality metrics at the cost of additional hardware. The novel PUF is a modified Ring Oscillator PUF (RO-PUF), in which CMOS inverters of RO-PUF are replaced with Feedthrough logic (FTL) inverters. The FTL inverters in RO-PUF improve the security metrics because of its high leakage current. The use of pulse injection circuit (PIC) is responsible to increase challenge-response pairs (CRP's). Then a comparison analysis has been carried out by simulating both the PUF in 90 nm technology. The simulation results shows that the proposed modified FTL PUF provides a uniqueness of 45.24% with a reliability of 91.14%.

Keywords: CMOS analogue integrated circuits; copy protection; cryptography; elemental semiconductors; integrated circuit modelling; leakage currents; logic circuits; logic design; logic gates; oscillators; random functions; silicon; CMOS based RO PUF; CMOS inverters; CRP; FTL PUF; FTL inverters; IC manufacturing process; PIC; Si; challenge-response pairs; cryptographic keys; die-specific random function; feedthrough logic inverters; hardware security; leakage current; physical unclonable functions; pulse injection circuit; ring oscillator PUF; security metrics; silicon biometric; size 90 nm; CMOS integrated circuits; Inverters; Leakage currents; Measurement; Reliability; Security; Silicon; Challenge-Response pair (CRP); Feedthrough logic (FTL); Physical Unclonable Function (PUF); Ring Oscillator (RO); process variation (PV) (ID#: 16-11277)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7208093&isnumber=7208044


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.