Neural Network Resiliency - The globalization of the Integrated Circuit (IC) market is attracting an ever-growing number of partners, while remarkably lengthening the supply chain. Thereby, security concerns, such as those imposed by functional Reverse Engineering (RE), have become quintessential. RE leads to disclosure of confidential information to competitors, potentially enabling the theft of intellectual property. Traditional functional RE methods analyze a given gate-level netlist through employing pattern matching towards reconstructing the underlying basic blocks, and hence, reverse engineer the circuit’s function.

Intellectual Property Security - In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.

Intellectual Property Security - Hardware IPs are assumed to be roots-of-trust in complex SoCs. However, their design and security verification are still heavily dependent on manual expertise. Extensive research in this domain has shown that even cryptographic modules may lack information flow security, making them susceptible to remote attacks. Further, when an SoC is in the hands of the attacker, physical attacks such as fault injection are possible. This paper introduces EISec, a novel tool utilizing symbolic execution for exhaustive analysis of hardware IPs. EISec operates at the pre-silicon stage on the gate level netlist of a design. It detects information flow security violations and generates the exhaustive set of control sequences that reproduces them. We further expand its capabilities to quantify the confusion and diffusion present in cryptographic modules and to analyze an FSM s susceptibility to fault injection attacks. The proposed methodology efficiently explores the complete input space of designs utilizing symbolic execution. In short, EISec is a holistic security analysis tool to help hardware designers capture security violations early on and mitigate them by reporting their triggers.

Intellectual Property Security - Artificial intelligence creation comes into fashion and has brought unprecedented challenges to intellectual property law. In order to study the viewpoints of AI creation copyright ownership from professionals in different institutions, taking the papers of AI creation on CNKI from 2016 to 2021, we applied orthogonal design and analysis of variance method to construct the dataset. A kernel-SVM classifier with different kernel methods in addition to some shallow machine learning classifiers are selected in analyzing and predicting the copyright ownership of AI creation. Support vector machine (svm) is widely used in statistics and the performance of SVM method is closely related to the choice of the kernel function. SVM with RBF kernel surpasses the other seven kernel-SVM classifiers and five shallow classifier, although the accuracy provided by all of them was not satisfactory. Various performance metrics such as accuracy, F1-score are used to evaluate the performance of KSVM and other classifiers. The purpose of this study is to explore the overall viewpoints of AI creation copyright ownership, investigate the influence of different features on the final copyright ownership and predict the most likely viewpoint in the future. And it will encourage investors, researchers and promote intellectual property protection in China.

Intellectual Property Security - The rapid improvement of computer and network technology not only promotes the improvement of productivity and facilitates people s life, but also brings new threats to production and life. Cyberspace security has attracted more and more attention. Different from traditional cyberspace security, APT attacks on key networks or infrastructure, with the main goal of stealing intellectual property, confidential information or sabotage, seriously threatening the interests and security of governments, enterprises and scientific research institutions. Timely detection and blocking is particularly important. The purpose of this paper is to study the security of software supply chain in power industry based on BAS technology. The experimental data shows that Type 1 projects account for the least amount and Type 2 projects account for the highest proportion. Type 1 projects have high unit price contracts and high profits, but the number is small and the time for signing orders is long.

Intellectual Property Security - Embedded systems involve an integration of a large number of intellectual property (IP) blocks to shorten chip s time to market, in which, many IPs are acquired from the untrusted third-party suppliers. However, existing IP trust verification techniques cannot provide an adequate security assurance that no hardware Trojan was implanted inside the untrusted IPs. Hardware Trojans in untrusted IPs may cause processor program execution failures by tampering instruction code and return address. Therefore, this paper presents a secure RISC-V embedded system by integrating a Security Monitoring Unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by the shadow stack are implemented, respectively. The hardware-assisted SMU is tested and validated that while CPU executes a CoreMark program, the SMU does not incur significant performance overhead on providing instruction security monitoring. And the proposed RISC-V embedded system satisfies good balance between performance overhead and resource consumption.

Intellectual Property Security - Due to its decentralized trust mechanism, blockchain is increasingly used as a trust intermediary for multi-party cooperation to reduce the cost and risk of maintaining centralized trust nowadays. And as the requirements for privacy and high throughput, consortium blockchain is widely used in data sharing and business cooperation in practical application scenarios. Nowadays, the protection of traditional medicine has been regarded as human intangible cultural heritage in recent years, but this kind of protection still faces the problem that traditional medicine prescriptions are unsuitable for disclosure and difficult to protect. Hyperledger is a consortium blockchain featuring authorized access, high throughput, and tamper-resistance, making it ideal for privacy protection and information depository in traditional medicine protection. This study proposes a solution for intellectual property protection of traditional medicine by using a blockchain platform to record prescription iterations and clinical trial data. The privacy and confidentiality of Hyperledger can keep intellectual property information safe and private. In addition, the author proposes to invite the Patent Offices and legal institutions to join the blockchain network, maintain users properties and issue certificates, which can provide a legal basis for rights protection when infringement occurs. Finally, the researchers have built a system corresponding to the scheme and tested the system. The test outcomes of the system can explain the usability of the system. And through the test of system throughput, under low system configuration, it can reach about 200 query operations per second, which can meet the application requirements of relevant organizations and governments.

Intellectual Property Security - [Purpose/meaning] In this paper, a unified scheme based on blockchain technology to realize the three modules of intellectual property confirmation, utilization, and protection of rights at the application layer is constructed, to solve the problem of unbalanced and inadequate resource distribution and development level in the field of industrial intellectual property. [Method/process] Based on the application of the core technology of blockchain in the field of intellectual property, this paper analyzes the pain points in the current field of intellectual property, and selects matching blockchain types according to the protection of intellectual property and the different decisions involved in the transaction process, to build a heterogeneous multi-chain model based on blockchain technology. [Conclusion] The heterogeneous multi-chain model based on Polkadot[1] network is proposed to realize the intellectual property protection scheme of a heterogeneous multi-chain model, to promote collaborative design and product development between regions, and to make up for the shortcomings of technical exchange, and weaken the phenomenon of "information island" in a certain extent. [Limitation/deficiency] The design of smart contracts in the field of intellectual property, the development of cross-chain protocols, and the formulation of national standards for blockchain technology still need to be developed and improved. At the same time, the intellectual property protection model designed in this paper needs to be verified in the application of practical cases.

Intellectual Property Security - Smart contracts are an attractive aspect of blockchain technology. A smart contract is a piece of executable code that runs on top of the blockchain and is used to facilitate, execute, and enforce agreements between untrustworthy parties without the need for a third party. This paper offers a review of the literature on smart contract applications in intellectual property management. The goal is to look at technology advancements and smart contract deployment in this area. The theoretical foundation of many papers published in recent years is used as a source of theoretical and implementation research for this purpose. According to the literature review we conducted, smart contracts function automatically, control, or document legally significant events and activities in line with the contract agreement s terms. This is a relatively new technology that is projected to deliver solutions for trust, security, and transparency across a variety of areas. An exploratory strategy was used to perform this literature review.

Intellectual Property Security - The goals, objectives and criteria of the effectiveness of the creation, maintenance and use of the Digital Information Fund of Intellectual Property (DIFIP) are considered. A formalized methodology is proposed for designing DIFIPs, increasing its efficiency and quality, based on a set of interconnected models, methods and algorithms for analysis, synthesis and normalization distributed information management of DIFIP s structure; classification of databases users of patent and scientific and technical information; synthesis of optimal logical structures of the DIFIP database and thematic databases; assessing the quality of the database and ensuring the required level of data security.

Intellectual Property Security - In the process of crowdsourced testing service, the intellectual property of crowdsourced testing has been faced with problems such as code plagiarism, difficulties in confirming rights and unreliability of data. Blockchain is a decentralized, tamper-proof distributed ledger, which can help solve current problems. This paper proposes an intellectual property right confirmation system oriented to crowdsourced testing services, combined with blockchain, IPFS (Interplanetary file system), digital signature, code similarity detection to realize the confirmation of crowdsourced testing intellectual property. The performance test shows that the system can meet the requirements of normal crowdsourcing business as well as high concurrency situations.

In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.

Hardware IPs are assumed to be roots-of-trust in complex SoCs. However, their design and security verification are still heavily dependent on manual expertise. Extensive research in this domain has shown that even cryptographic modules may lack information flow security, making them susceptible to remote attacks. Further, when an SoC is in the hands of the attacker, physical attacks such as fault injection are possible. This paper introduces EISec, a novel tool utilizing symbolic execution for exhaustive analysis of hardware IPs. EISec operates at the pre-silicon stage on the gate level netlist of a design. It detects information flow security violations and generates the exhaustive set of control sequences that reproduces them. We further expand its capabilities to quantify the confusion and diffusion present in cryptographic modules and to analyze an FSM s susceptibility to fault injection attacks. The proposed methodology efficiently explores the complete input space of designs utilizing symbolic execution. In short, EISec is a holistic security analysis tool to help hardware designers capture security violations early on and mitigate them by reporting their triggers.

Artificial intelligence creation comes into fashion and has brought unprecedented challenges to intellectual property law. In order to study the viewpoints of AI creation copyright ownership from professionals in different institutions, taking the papers of AI creation on CNKI from 2016 to 2021, we applied orthogonal design and analysis of variance method to construct the dataset. A kernel-SVM classifier with different kernel methods in addition to some shallow machine learning classifiers are selected in analyzing and predicting the copyright ownership of AI creation. Support vector machine (svm) is widely used in statistics and the performance of SVM method is closely related to the choice of the kernel function. SVM with RBF kernel surpasses the other seven kernel-SVM classifiers and five shallow classifier, although the accuracy provided by all of them was not satisfactory. Various performance metrics such as accuracy, F1-score are used to evaluate the performance of KSVM and other classifiers. The purpose of this study is to explore the overall viewpoints of AI creation copyright ownership, investigate the influence of different features on the final copyright ownership and predict the most likely viewpoint in the future. And it will encourage investors, researchers and promote intellectual property protection in China.

The rapid improvement of computer and network technology not only promotes the improvement of productivity and facilitates people s life, but also brings new threats to production and life. Cyberspace security has attracted more and more attention. Different from traditional cyberspace security, APT attacks on key networks or infrastructure, with the main goal of stealing intellectual property, confidential information or sabotage, seriously threatening the interests and security of governments, enterprises and scientific research institutions. Timely detection and blocking is particularly important. The purpose of this paper is to study the security of software supply chain in power industry based on BAS technology. The experimental data shows that Type 1 projects account for the least amount and Type 2 projects account for the highest proportion. Type 1 projects have high unit price contracts and high profits, but the number is small and the time for signing orders is long.

Embedded systems involve an integration of a large number of intellectual property (IP) blocks to shorten chip s time to market, in which, many IPs are acquired from the untrusted third-party suppliers. However, existing IP trust verification techniques cannot provide an adequate security assurance that no hardware Trojan was implanted inside the untrusted IPs. Hardware Trojans in untrusted IPs may cause processor program execution failures by tampering instruction code and return address. Therefore, this paper presents a secure RISC-V embedded system by integrating a Security Monitoring Unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by the shadow stack are implemented, respectively. The hardware-assisted SMU is tested and validated that while CPU executes a CoreMark program, the SMU does not incur significant performance overhead on providing instruction security monitoring. And the proposed RISC-V embedded system satisfies good balance between performance overhead and resource consumption.

Due to its decentralized trust mechanism, blockchain is increasingly used as a trust intermediary for multi-party cooperation to reduce the cost and risk of maintaining centralized trust nowadays. And as the requirements for privacy and high throughput, consortium blockchain is widely used in data sharing and business cooperation in practical application scenarios. Nowadays, the protection of traditional medicine has been regarded as human intangible cultural heritage in recent years, but this kind of protection still faces the problem that traditional medicine prescriptions are unsuitable for disclosure and difficult to protect. Hyperledger is a consortium blockchain featuring authorized access, high throughput, and tamper-resistance, making it ideal for privacy protection and information depository in traditional medicine protection. This study proposes a solution for intellectual property protection of traditional medicine by using a blockchain platform to record prescription iterations and clinical trial data. The privacy and confidentiality of Hyperledger can keep intellectual property information safe and private. In addition, the author proposes to invite the Patent Offices and legal institutions to join the blockchain network, maintain users properties and issue certificates, which can provide a legal basis for rights protection when infringement occurs. Finally, the researchers have built a system corresponding to the scheme and tested the system. The test outcomes of the system can explain the usability of the system. And through the test of system throughput, under low system configuration, it can reach about 200 query operations per second, which can meet the application requirements of relevant organizations and governments.

[Purpose/meaning] In this paper, a unified scheme based on blockchain technology to realize the three modules of intellectual property confirmation, utilization, and protection of rights at the application layer is constructed, to solve the problem of unbalanced and inadequate resource distribution and development level in the field of industrial intellectual property. [Method/process] Based on the application of the core technology of blockchain in the field of intellectual property, this paper analyzes the pain points in the current field of intellectual property, and selects matching blockchain types according to the protection of intellectual property and the different decisions involved in the transaction process, to build a heterogeneous multi-chain model based on blockchain technology. [Conclusion] The heterogeneous multi-chain model based on Polkadot[1] network is proposed to realize the intellectual property protection scheme of a heterogeneous multi-chain model, to promote collaborative design and product development between regions, and to make up for the shortcomings of technical exchange, and weaken the phenomenon of "information island" in a certain extent. [Limitation/deficiency] The design of smart contracts in the field of intellectual property, the development of cross-chain protocols, and the formulation of national standards for blockchain technology still need to be developed and improved. At the same time, the intellectual property protection model designed in this paper needs to be verified in the application of practical cases.

Smart contracts are an attractive aspect of blockchain technology. A smart contract is a piece of executable code that runs on top of the blockchain and is used to facilitate, execute, and enforce agreements between untrustworthy parties without the need for a third party. This paper offers a review of the literature on smart contract applications in intellectual property management. The goal is to look at technology advancements and smart contract deployment in this area. The theoretical foundation of many papers published in recent years is used as a source of theoretical and implementation research for this purpose. According to the literature review we conducted, smart contracts function automatically, control, or document legally significant events and activities in line with the contract agreement s terms. This is a relatively new technology that is projected to deliver solutions for trust, security, and transparency across a variety of areas. An exploratory strategy was used to perform this literature review.

The goals, objectives and criteria of the effectiveness of the creation, maintenance and use of the Digital Information Fund of Intellectual Property (DIFIP) are considered. A formalized methodology is proposed for designing DIFIPs, increasing its efficiency and quality, based on a set of interconnected models, methods and algorithms for analysis, synthesis and normalization distributed information management of DIFIP s structure; classification of databases users of patent and scientific and technical information; synthesis of optimal logical structures of the DIFIP database and thematic databases; assessing the quality of the database and ensuring the required level of data security.

In the process of crowdsourced testing service, the intellectual property of crowdsourced testing has been faced with problems such as code plagiarism, difficulties in confirming rights and unreliability of data. Blockchain is a decentralized, tamper-proof distributed ledger, which can help solve current problems. This paper proposes an intellectual property right confirmation system oriented to crowdsourced testing services, combined with blockchain, IPFS (Interplanetary file system), digital signature, code similarity detection to realize the confirmation of crowdsourced testing intellectual property. The performance test shows that the system can meet the requirements of normal crowdsourcing business as well as high concurrency situations.

Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure management of the valuable IP between authors and users is inevitable to protect them from unauthorized access and modification. To this end, the widely adopted IEEE standard 1735-2014 was created to ensure confidentiality and integrity. In this paper, we outline structural weaknesses in IEEE 1735 that cannot be fixed with cryptographic solutions (given the contemporary hardware design process) and thus render the standard inherently insecure. We practically demonstrate the weaknesses by recovering the private keys of IEEE 1735 implementations from major Electronic Design Automation (EDA) tool vendors, namely Intel, Xilinx, Cadence, Siemens, Microsemi, and Lattice, while results on a seventh case study are withheld. As a consequence, we can decrypt, modify, and re-encrypt all allegedly protected IP cores designed for the respective tools, thus leading to an industry-wide break. As part of this analysis, we are the first to publicly disclose three RSA-based white-box schemes that are used in real-world products and present cryptanalytical attacks for all of them, finally resulting in key recovery.

Recent advancements in Deep Neural Networks (DNNs) have enabled widespread deployment in multiple security-sensitive domains. The need for resource-intensive training and the use of valuable domain-specific training data have made these models the top intellectual property (IP) for model owners. One of the major threats to DNN privacy is model extraction attacks where adversaries attempt to steal sensitive information in DNN models. In this work, we propose an advanced model extraction framework DeepSteal that steals DNN weights remotely for the first time with the aid of a memory side-channel attack. Our proposed DeepSteal comprises two key stages. Firstly, we develop a new weight bit information extraction method, called HammerLeak, through adopting the rowhammer-based fault technique as the information leakage vector. HammerLeak leverages several novel system-level techniques tailored for DNN applications to enable fast and efficient weight stealing. Secondly, we propose a novel substitute model training algorithm with Mean Clustering weight penalty, which leverages the partial leaked bit information effectively and generates a substitute prototype of the target victim model. We evaluate the proposed model extraction framework on three popular image datasets (e.g., CIFAR-10/100/GTSRB) and four DNN architectures (e.g., ResNet-18/34/Wide-ResNetNGG-11). The extracted substitute model has successfully achieved more than 90% test accuracy on deep residual networks for the CIFAR-10 dataset. Moreover, our extracted substitute model could also generate effective adversarial input samples to fool the victim model. Notably, it achieves similar performance (i.e., 1-2% test accuracy under attack) as white-box adversarial input attack (e.g., PGD/Trades).

Globalization of the integrated circuit (IC) supply chain exposes designs to security threats such as reverse engineering and intellectual property (IP) theft. Designers may want to protect specific high-level synthesis (HLS) optimizations or micro-architectural solutions of their designs. Hence, protecting the IP of ICs is essential. Behavioral locking is an approach to thwart these threats by operating at high levels of abstraction instead of reasoning on the circuit structure. Like any security protection, behavioral locking requires additional area. Existing locking techniques have a different impact on security and overhead, but they do not explore the effects of alternatives when making locking decisions. We develop a design-space exploration (DSE) framework to optimize behavioral locking for a given security metric. For instance, we optimize differential entropy under area or key-bit constraints. We define a set of heuristics to score each locking point by analyzing the system dependence graph of the design. The solution yields better results for 92% of the cases when compared to baseline, state-of-the-art (SOTA) techniques. The approach has results comparable to evolutionary DSE while requiring 100× to 400× less computational time.

Phishing is a method of online fraud where attackers are targeted to gain access to the computer systems for monetary benefits or personal gains. In this case, the attackers pose themselves as legitimate entities to gain the users' sensitive information. Phishing has been significant concern over the past few years. The firms are recording an increase in phishing attacks primarily aimed at the firm's intellectual property and the employees' sensitive data. As a result, these attacks force firms to spend more on information security, both in technology-centric and human-centric approaches. With the advancements in cyber-security in the last ten years, many techniques evolved to detect phishing-related activities through websites and emails. This study focuses on the latest techniques used for detecting phishing attacks, including the usage of Visual selection features, Machine Learning (ML), and Artificial Intelligence (AI) to see the phishing attacks. New strategies for identifying phishing attacks are evolving, but limited standardized knowledge on phishing identification and mitigation is accessible from user awareness training. So, this study also focuses on the role of security-awareness movements to minimize the impact of phishing attacks. There are many approaches to train the user regarding these attacks, such as persona-centred training, anti-phishing techniques, visual discrimination training and the usage of spam filters, robust firewalls and infrastructure, dynamic technical defense mechanisms, use of third-party certified software to mitigate phishing attacks from happening. Therefore, the purpose of this paper is to carry out a systematic analysis of literature to assess the state of knowledge in prominent scientific journals on the identification and prevention of phishing. Forty-three journal articles with the perspective of phishing detection and prevention through awareness training were reviewed from 2011 to 2020. This timely systematic review also focuses on the gaps identified in the selected primary studies and future research directions in this area.