In today s age of digital technology, ethical concerns regarding computing systems are increasing. While the focus of such concerns currently is on requirements for software, this article spotlights the hardware domain, specifically microchips. For example, the opaqueness of modern microchips raises security issues, as malicious actors can manipulate them, jeopardizing system integrity. As a consequence, governments invest substantially to facilitate a secure microchip supply chain. To combat the opaqueness of hardware, this article introduces the concept of Explainable Hardware (XHW). Inspired by and building on previous work on Explainable AI (XAI) and explainable software systems, we develop a framework for achieving XHW comprising relevant stakeholders, requirements they might have concerning hardware, and possible explainability approaches to meet these requirements. Through an exploratory survey among 18 hardware experts, we showcase applications of the framework and discover potential research gaps. Our work lays the foundation for future work and structured debates on XHW.
Authored by Timo Speith, Julian Speith, Steffen Becker, Yixin Zou, Asia Biega, Christof Paar
Integrated photonics based on silicon photonics platform is driving several application domains, from enabling ultra-fast chip-scale communication in high-performance computing systems to energy-efficient optical computation in artificial intelligence (AI) hardware accelerators. Integrating silicon photonics into a system necessitates the adoption of interfaces between the photonic and the electronic subsystems, which are required for buffering data and optical-to-electrical and electrical-to-optical conversions. Consequently, this can lead to new and inevitable security breaches that cannot be fully addressed using hardware security solutions proposed for purely electronic systems. This paper explores different types of attacks profiting from such breaches in integrated photonic neural network accelerators. We show the impact of these attacks on the system performance (i.e., power and phase distributions, which impact accuracy) and possible solutions to counter such attacks.
Authored by Felipe De Magalhaes, Mahdi Nikdast, Gabriela Nicolescu
Integrated photonics based on silicon photonics platform is driving several application domains, from enabling ultra-fast chip-scale communication in high-performance computing systems to energy-efficient optical computation in artificial intelligence (AI) hardware accelerators. Integrating silicon photonics into a system necessitates the adoption of interfaces between the photonic and the electronic subsystems, which are required for buffering data and optical-to-electrical and electrical-to-optical conversions. Consequently, this can lead to new and inevitable security breaches that cannot be fully addressed using hardware security solutions proposed for purely electronic systems. This paper explores different types of attacks profiting from such breaches in integrated photonic neural network accelerators. We show the impact of these attacks on the system performance (i.e., power and phase distributions, which impact accuracy) and possible solutions to counter such attacks.
Authored by Felipe De Magalhaes, Mahdi Nikdast, Gabriela Nicolescu
AI systems face potential hardware security threats. Existing AI systems generally use the heterogeneous architecture of CPU + Intelligent Accelerator, with PCIe bus for communication between them. Security mechanisms are implemented on CPUs based on the hardware security isolation architecture. But the conventional hardware security isolation architecture does not include the intelligent accelerator on the PCIe bus. Therefore, from the perspective of hardware security, data offloaded to the intelligent accelerator face great security risks. In order to effectively integrate intelligent accelerator into the CPU’s security mechanism, a novel hardware security isolation architecture is presented in this paper. The PCIe protocol is extended to be security-aware by adding security information packaging and unpacking logic in the PCIe controller. The hardware resources on the intelligent accelerator are isolated in fine-grained. The resources classified into the secure world can only be controlled and used by the software of CPU’s trusted execution environment. Based on the above hardware security isolation architecture, a security isolation spiking convolutional neural network accelerator is designed and implemented in this paper. The experimental results demonstrate that the proposed security isolation architecture has no overhead on the bandwidth and latency of the PCIe controller. The architecture does not affect the performance of the entire hardware computing process from CPU data offloading, intelligent accelerator computing, to data returning to CPU. With low hardware overhead, this security isolation architecture achieves effective isolation and protection of input data, model, and output data. And this architecture can effectively integrate hardware resources of intelligent accelerator into CPU’s security isolation mechanism.
Authored by Rui Gong, Lei Wang, Wei Shi, Wei Liu, JianFeng Zhang
Searchable encryption allows users to perform search operations on encrypted data before decrypting it first. Secret sharing is one of the most important cryptographic primitives used to design an information theoretic scheme. Nowadays cryptosys-tem designers are providing a facility to adjust the security parameters in real time to circumvent AI-enabled cyber security threats. For long term security of data which is used by various applications, proactive secret sharing allows the shares of the original secret to be dynamically adjusted during a specific interval of time. In proactive secret sharing, the updation of shares at regular intervals of time is done by the servers (participants) and not by the dealer. In this paper, we propose a novel proactive secret sharing scheme where the shares stored at servers are updated using preshared pairwise keys between servers at regular intervals of time. The direct search of words over sentences using the conjunctive search function without the generation of any index is possible using the underlying querying method.
Authored by Praveen K, Gabriel S, Indranil Ray, Avishek Adhikari, Sabyasachi Datta, Arnab Biswas
Deep Learning Large Language Models (LLMs) have the potential to automate and simplify code writing tasks. One of the emerging applications of LLMs is hardware design, where natural language interaction can be used to generate, annotate, and correct code in a Hardware Description Language (HDL), such as Verilog. This work provides an overview of the current state of using LLMs to generate Verilog code, highlighting their capabilities, accuracy, and techniques to improve the design quality. It also reviews the existing benchmarks to evaluate the correctness and quality of generated HDL code, enabling a fair comparison of different models and strategies.
Authored by Erik Hollander, Ewout Danneels, Karel-Brecht Decorte, Senne Loobuyck, Arne Vanheule, Ian Van Kets, Dirk Stroobandt
Unmanned aerial vehicles (UAVs) are increasingly adopted to perform various military, civilian, and commercial tasks in recent years. To assure the reliability of UAVs during these tasks, anomaly detection plays an important role in today s UAV system. With the rapid development of AI hardware and algorithms, leveraging AI techniques has become a prevalent trend for UAV anomaly detection. While existing AI-enabled UAV anomaly detection schemes have been demonstrated to be promising, they also raise additional security concerns about the schemes themselves. In this paper, we perform a study to explore and analyze the potential vulnerabilities in state-of-the-art AI-enabled UAV anomaly detection designs. We first validate the existence of security vulnerability and then propose an iterative attack that can effectively exploit the vulnerability and bypass the anomaly detection. We demonstrate the effectiveness of our attack by evaluating it on a state-of-the-art UAV anomaly detection scheme, in which our attack is successfully launched without being detected. Based on the understanding obtained from our study, this paper also discusses potential defense directions to enhance the security of AI-enabled UAV anomaly detection.
Authored by Ashok Raja, Mengjie Jia, Jiawei Yuan
This paper presents a vulnerability detection scheme for small unmanned aerial vehicle (UAV) systems, aiming to enhance their security resilience. It initiates with a comprehensive analysis of UAV system composition, operational principles, and the multifaceted security threats they face, ranging from software vulnerabilities in flight control systems to hardware weaknesses, communication link insecurities, and ground station management vulnerabilities. Subsequently, an automated vulnerability detection framework is designed, comprising three tiers: information gathering, interaction analysis, and report presentation, integrated with fuzz testing techniques for thorough examination of UAV control systems. Experimental outcomes validate the efficacy of the proposed scheme by revealing weak password issues in the target UAV s services and its susceptibility to abnormal inputs. The study not only confirms the practical utility of the approach but also contributes valuable insights and methodologies to UAV security, paving the way for future advancements in AI-integrated smart gray-box fuzz testing technologies.
Authored by He Jun, Guo Zihan, Ni Lin, Zhang Shuai
Healthcare systems have recently utilized the Internet of Medical Things (IoMT) to assist intelligent data collection and decision-making. However, the volume of malicious threats, particularly new variants of malware attacks to the connected medical devices and their connected system, has risen significantly in recent years, which poses a critical threat to patients’ confidential data and the safety of the healthcare systems. To address the high complexity of conventional software-based detection techniques, Hardware-supported Malware Detection (HMD) has proved to be efficient for detecting malware at the processors’ micro-architecture level with the aid of Machine Learning (ML) techniques applied to Hardware Performance Counter (HPC) data. In this work, we examine the suitability of various standard ML classifiers for zero-day malware detection on new data streams in the real-world operation of IoMT devices and demonstrate that such methods are not capable of detecting unknown malware signatures with a high detection rate. In response, we propose a hybrid and adaptive image-based framework based on Deep Learning and Deep Reinforcement Learning (DRL) for online hardware-assisted zero-day malware detection in IoMT devices. Our proposed method dynamically selects the best DNN-based malware detector at run-time customized for each device from a pool of highly efficient models continuously trained on all stream data. It first converts tabular hardware-based data (HPC events) into small-size images and then leverages a transfer learning technique to retrain and enhance the Deep Neural Network (DNN) based model’s performance for unknown malware detection. Multiple DNN models are trained on various stream data continuously to form an inclusive model pool. Next, a DRL-based agent constructed with two Multi-Layer Perceptrons (MLPs) is trained (one acts as an Actor and another acts as a Critic) to align the decision of selecting the most optimal DNN model for highly accurate zero-day malware detection at run-time using a limited number of hardware events. The experimental results demonstrate that our proposed AI-enabled method achieves 99\% detection rate in both F1-score and AUC, with only 0.01\% false positive rate and 1\% false negative rate.
Authored by Zhangying He, Hossein Sayadi
The world has seen a quick transition from hard devices for local storage to massive virtual data centers, all possible because of cloud storage technology. Businesses have grown to be scalable, meeting consumer demands on every turn. Cloud computing has transforming the way we do business making IT more efficient and cost effective that leads to new types of cybercrimes. Securing the data in cloud is a challenging task. Cloud security is a mixture of art and science. Art is to create your own technique and technologies in such a way that the user should be authenticated. Science is because you have to come up with ways of securing your application. Data security refers to a broad set of policies, technologies and controls deployed to protect data application and the associated infrastructure of cloud computing. It ensures that the data has not been accessed by any unauthorized person. Cloud storage systems are considered to be a network of distributed data centers which typically uses cloud computing technologies like virtualization and offers some kind of interface for storing data. Virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device.Storing the important data in the cloud has become an essential argument in the computer territory. The cloud enables the user to store the data efficiently and access the data securely. It avoids the basic expenditure on hardware, software and maintenance. Protecting the cloud data has become one of the burdensome tasks in today’s environment. Our proposed scheme "Certificateless Compressed Data Sharing in Cloud through Partial Decryption" (CCDSPD) makes use of Shared Secret Session (3S) key for encryption and double decryption process to secure the information in the cloud. CC does not use pairing concept to solve the key escrow problem. Our scheme provides an efficient secure way of sharing data to the cloud and reduces the time consumption nearly by 50 percent as compared to the existing mCL-PKE scheme in encryption and decryption process.Distributed Cloud Environment (DCE) has the ability to store the da-ta and share it with others. One of the main issues arises during this is, how safe the data in the cloud while storing and sharing. Therefore, the communication media should be safe from any intruders residing between the two entities. What if the key generator compromises with intruders and shares the keys used for both communication and data? Therefore, the proposed system makes use of the Station-to-Station (STS) protocol to make the channel safer. The concept of encrypting the secret key confuses the intruders. Duplicate File Detector (DFD) checks for any existence of the same file before uploading. The scheduler as-signs the work of generating keys to the key manager who has less task to complete or free of any task. By these techniques, the proposed system makes time-efficient, cost-efficient, and resource efficient compared to the existing system. The performance is analysed in terms of time, cost and resources. It is necessary to safeguard the communication channel between the entities before sharing the data. In this process of sharing, what if the key manager’s compromises with intruders and reveal the information of the user’s key that is used for encryption. The process of securing the key by using the user’s phrase is the key concept used in the proposed system "Secure Storing and Sharing of Data in Cloud Environment using User Phrase" (S3DCE). It does not rely on any key managers to generate the key instead the user himself generates the key. In order to provide double security, the encryption key is also encrypted by the public key derived from the user’s phrase. S3DCE guarantees privacy, confidentiality and integrity of the user data while storing and sharing. The proposed method S3DCE is more efficient in terms of time, cost and resource utilization compared to the existing algorithm DaSCE (Data Security for Cloud Environment with Semi Trusted Third Party) and DACESM (Data Security for Cloud Environment with Scheduled Key Managers).For a cloud to be secure, all of the participating entities must be secure. The security of the assets does not solely depend on an individual s security measures. The neighbouring entities may provide an opportunity to an attacker to bypass the user s defences. The data may compromise due to attacks by other users and nodes within the cloud. Therefore, high security measures are required to protect data within the cloud. Cloudsim allows to create a network that contains a set of Intelligent Sense Point (ISP) spread across an area. Each ISPs will have its own unique position and will be different from other ISPs. Cloud is a cost-efficient solution for the distribution of data but has the challenge of a data breach. The data can be compromised of attacks of ISPs. Therefore, in OSNQSC (Optimized Selection of Nodes for Enhanced in Cloud Environment), an optimized method is proposed to find the best ISPs to place the data fragments that considers the channel quality, distance and the remaining energy of the ISPs. The fragments are encrypted before storing. OSNQSC is more efficient in terms of total upload time, total download time, throughput, storage and memory consumption of the node with the existing Betweenness centrality, Eccentricity and Closeness centrality methods of DROPS (Division and Replication of Data in the Cloud for Optimal Performance and Security).
Authored by Jeevitha K, Thriveni J
The innovation introduced by connectivity brings about significant changes in the industrial environment leading to the fourth industrial revolution, known as Industry 4.0. However, the integration and connectivity between industrial systems have significantly increased the risks and cyberattack surfaces. Nowadays, Virtualization is added to the security field to provide maximum protection against toxic attacks at minimum costs. Combining paradigms such as Software Defined Networking (SDN), and Network Function Virtualization (NFV) can improve virtualization performance through Openness (unified control of heterogeneous hardware and software resources), Flexibility (remote management and rapid response to changing demands), and Scalability (a faster cycle of innovative services deployment). The present paper proposes a Virtualized Security for Industry 4.0 (ViSI4.0), based on both SDN and Network Security Function Virtualisation (NSFV), to prevent attacks on Cyber-Physical System (CPS). Since industrial devices are limited in memory and processing, vNSFs are deployed as Docker containers. We conducted experiments to evaluate the performances of IIoT applications when using virtualized security services. Results showed that many real-time IIoT applications are still within their latency tolerance range. However, the additional delays introduced by virtualization have an impact on IIoT applications with very strict delays.
Authored by Intissar Jamai, Lamia Ben Azzouz, Leila Saidane
This paper proposes a secure data storage scheme for protecting network privacy. In the system hardware design, it is divided into interface module, basic service module and storage module. The three functional modules work together to improve the security of personal privacy data on the Internet. Establish a personal privacy database in software to ensure the security of personal privacy data. Asymmetric cryptography is used to encrypt and decrypt the data. Finally, the encrypted privacy information data is processed centrally to realize the combined storage of privacy information in the computer network. By comparing the safety and operation effect of the system, it is proved that the system has great advantages in safety and efficiency. The simulation results show that the method is effective.
Authored by Lanshuang Li, Yuzhen Feng, Yuanbao Feng, Zhihong Lu, Xiangyang Gao, Chuican Chen
Intelligent Systems for Personal Data Cyber Security is a critical component of the Personal Information Management of Medicaid Enterprises. Intelligent Systems for Personal Data Cyber Security combines components of Cyber Security Systems with Human-Computer Interaction. It also uses the technology and principles applied to the Internet of Things. The use of software-hardware concepts and solutions presented in this report is, in the authors’ opinion, some step in the working-out of the Intelligent Systems for Personal Data Cyber Security in Medicaid Enterprises. These concepts may also be useful for developers of these types of systems.
Authored by Alexey Zalozhnev, Vasily Ginz, Anatoly Loktionov
Processor design and manufacturing is often done globally, involving multiple companies, some of which can be untrustworthy. This lack of trust leads to the threat of malicious modifications like Hardware Trojans. Hardware Trojans can cause drastic consequences and even endanger human lives. Hence, effective countermeasures against Hardware Trojans are urgently needed. To develop countermeasures, Hardware Trojans and their properties have to be understood well. For this reason, we describe and characterize Hardware Trojans in detail in this paper. We perform a theoretical analysis of Hardware Trojans for processors. Afterwards, we present a new classification of processor constituents, which can be used to derive several triggers and payloads and compare them with previously published Hardware Trojans. This shows in detail possible attack vectors for processors and gaps in existing processor Hardware Trojan landscape. No previous work presents such a detailed investigation of Hardware Trojans for processors. With this work, we intend to improve understanding of Hardware Trojans in processors, supporting the development of new countermeasures and prevention techniques.
Authored by Czea Chuah, Alexander Hepp, Christian Appold, Tim Leinmueller
Operational technology (OT) systems use hardware and software to monitor and control physical processes, devices, and infrastructure - often critical infrastructures. The convergence of information technology (IT) and OT has significantly heightened the cyber threats in OT systems. Although OT systems share many of the hardware and software components in IT systems, these components often operate under different expectations. In this work, several hardware root-of-trust architectures are surveyed and the attacks each one mitigates are compared. Attacks spanning the design, manufacturing, and deployment life cycle of safety-critical operational technology are considered. The survey examines architectures that provide a hardware root-of-trust as a peripheral component in a larger system, SoC architectures with an integrated hardware root-of-trust, and FPGA-based hardware root-of-trust systems. Each architecture is compared based on the attacks mitigated. The comparison demonstrates that protecting operational technology across its complete life cycle requires multiple solutions working in tandem.
Authored by Alan Ehret, Peter Moore, Milan Stojkov, Michel Kinsy
With the popularization of AIoT applications, every endpoint device is facing information security risks. Thus, how to ensure the security of the device becomes essential. Chip security is divided into software security and hardware security, both of which are indispensable and complement each other. Hardware security underpins the entire cybersecurity ecosystem by proving essential primitives, including key provisioning, hardware cryptographic engines, hardware unique key (HUK), and unique identification (UID). This establishes a Hardware Root of Trust (HRoT) with secure storage, secure operation, and a secure environment to provide a trustworthy foundation for chip security. Today s talk starts with how to use a Physical Unclonable Function (PUF) to generate a unique “fingerprint” (static random number) for the chip. Next, we will address using a static random number and dynamic entropy to design a high-performance true random number generator and achieve real anti-tampering HRoT by leveraging static and dynamic entropy. By integrating NISTstandard cryptographic engines, we have created an authentic PUF-based Hardware Root of Trust. The all-in-one integrated solution can handle all the necessary security functions throughout the product life cycle as well as maintaining a secure boundary to achieve the integrity of sensitive information or assets. Finally, as hardware-level protection extends to operating systems and applications, products and services become secure.
Authored by Meng-Yi Wu
With people s attention to information security, the research on authentication encryption algorithm has become a very important branch of cryptography in recent years. It is widely used in data encryption, message authentication, authentication and key management. In the network of large-scale communication nodes, there are a large quantity of network nodes and a variety of devices. The traditional PKI cryptosystem has the problems of certificate management difficulty and resource waste. Based on the research of block cipher algorithm, this article discusses its application in the design of terminal identity authentication system, and designs a node two-way authentication scheme based on identity encryption. The simulation results show that the block cipher algorithm proposed in this article can get 95.82\%, accuracy, which is higher than the contrast algorithm. Authentication and encryption algorithm based on block cipher plays an important role in authentication and encryption algorithm because of its fast implementation speed of software and hardware and easy standardization. The research shows that the algorithm proposed in this article is superior to other algorithms in the application of terminal identity authentication system. It provides a new solution for related research.
Authored by Dongmei Bin, Xin Li, Ming Xie, Yongjian Liang, Chunyan Yang
The proliferation of sensitive information being stored online highlights the pressing need for secure and efficient user authentication methods. To address this issue, this paper presents a novel zero-effort two-factor authentication (2FA) approach that combines the unique characteristics of a user s environment and Machine Learning (ML) to confirm their identity. Our proposed approach utilizes Wi-Fi radio wave transmission and ML algorithms to analyze beacon frame characteristics and Received Signal Strength Indicator (RSSI) values from Wi-Fi access points to determine the user s location. The aim is to provide a secure and efficient method of authentication without the need for additional hardware or software. A prototype was developed using Raspberry Pi devices and experiments were conducted to demonstrate the effectiveness and practicality of the proposed approach. Results showed that the proposed system can significantly enhance the security of sensitive information in various industries such as finance, healthcare, and retail. This study sheds light on the potential of Wi-Fi radio waves and RSSI values as a means of user authentication and the power of ML to identify patterns in wireless signals for security purposes. The proposed system holds great promise in revolutionizing the field of 2FA and user authentication, offering a new era of secure and seamless access to sensitive information.
Authored by Ali AlQahtani, Thamraa Alshayeb
Vendor cybersecurity risk assessment is of critical importance to smart city infrastructure and sustainability of the autonomous mobility ecosystem. Lack of engagement in cybersecurity policies and process implementation by the tier companies providing hardware or services to OEMs within this ecosystem poses a significant risk to not only the individual companies but to the ecosystem overall. The proposed quantitative method of estimating cybersecurity risk allows vendors to have visibility to the financial risk associated with potential threats and to consequently allocate adequate resources to cybersecurity. It facilitates faster implementation of defense measures and provides a useful tool in the vendor selection process. The paper focuses on cybersecurity risk assessment as a critical part of the overall company mission to create a sustainable structure for maintaining cybersecurity health. Compound cybersecurity risk and impact on company operations as outputs of this quantitative analysis present a unique opportunity to strategically plan and make informed decisions towards acquiring a reputable position in a sustainable ecosystem. This method provides attack trees and assigns a risk factor to each vendor thus offering a competitive advantage and an insight into the supply chain risk map. This is an innovative way to look at vendor cybersecurity posture. Through a selection of unique industry specific parameters and a modular approach, this risk assessment model can be employed as a tool to navigate the supply base and prevent significant financial cost. It generates synergies within the connected vehicle ecosystem leading to a safe and sustainable economy.
Authored by Albena Tzoneva, Galina Momcheva, Borislav Stoyanov
Technology has improved, and smart locking systems have become more sophisticated. In this case, the android-based Smart System is primarily intended for multimode operations. Such a system is necessary in banks and businesses since it provides f u n c t i o n s that let users control locks. The implementation’s efficiency the system is incredibly helpful because of its functionality and user-friendly interface. Some homeowners aim to connect their home’s numerous home automation devices. Those connected to a Windows-based PC are the most popular home controllers. In our study, we introduced a form of smart technology that utilized Bluetooth while using a mobile smartphone. Consequently, using it will be simpler and more effective. Additionally, it supported the free and open-source Android and Arduino platforms. This paper proposes a door lock automation system that uses an Android smartphone with Bluetooth as the first piece of hardware. Following a description of the design and software development process, a Bluetooth-based Smartphone application for locking and unlocking doors is demonstrated. The task module acts as the agent in the hardware design for the door-lock system, the Arduino microcontroller serves as the controller and data processing hub, and the solenoid acts as the door lock output. The results of each test show that it is compatible with the original plan for this study.
Authored by B. Swathi, Aditya Kanoi, Harshvardhan Kumar, Jaiswal Sinha, Gana Gajjala
A fingerprint architecture based on a micro electro mechanical system (MEMS) for the use as a hardware security component is presented. The MEMS serves as a physically unclonable function (PUF) and is used for fingerprint ID generation, derived from the MEMS-specific parameters. The fingerprint is intended to allow the unique identifiability of electronic components and thus to ensure protection against unauthorized replacement or manipulation. The MEMS chip consists of 16 individual varactors with continuously adjustable capacitance values that are used for bit derivation (“analog” PUF). The focus is on the design-related forcing of random technological spread to provide a wide range of different parameters per chip or wafer to achieve a maximum key length. Key generation and verification is carried out via fingerprint electronics connected to the MEMS, which is realized by an FPGA.
Authored by Katja Meinel, Christian Schott, Franziska Mayer, Dhruv Gupta, Sebastian Mittag, Susann Hahn, Sebastian Weidlich, Daniel Bülz, Roman Forke, Karla Hiller, Ulrich Heinkel, Harald Kuhn
IoT scenarios face cybersecurity concerns due to unauthorized devices that can impersonate legitimate ones by using identical software and hardware configurations. This can lead to sensitive information leaks, data poisoning, or privilege escalation. Behavioral fingerprinting and ML/DL techniques have been used in the literature to identify devices based on performance differences caused by manufacturing imperfections. In addition, using Federated Learning to maintain data privacy is also a challenge for IoT scenarios. Federated Learning allows multiple devices to collaboratively train a machine learning model without sharing their data, but it requires addressing issues such as communication latency, heterogeneity of devices, and data security concerns. In this sense, Trustworthy Federated Learning has emerged as a potential solution, which combines privacy-preserving techniques and metrics to ensure data privacy, model integrity, and secure communication between devices. Therefore, this work proposes a trustworthy federated learning framework for individual device identification. It first analyzes the existing metrics for trustworthiness evaluation in FL and organizes them into six pillars (privacy, robustness, fairness, explainability, accountability, and federation) for computing the trustworthiness of FL models. The framework presents a modular setup where one component is in charge of the federated model generation and another one is in charge of trustworthiness evaluation. The framework is validated in a real scenario composed of 45 identical Raspberry Pi devices whose hardware components are monitored to generate individual behavior fingerprints. The solution achieves a 0.9724 average F1-Score in the identification on a centralized setup, while the average F1-Score in the federated setup is 0.8320. Besides, a 0.6 final trustworthiness score is achieved by the model on state-of-the-art metrics, indicating that further privacy and robustness techniques are required to improve this score.
Authored by Pedro Sánchez, Alberto Celdrán, Gérôme Bovet, Gregorio Pérez, Burkhard Stiller
Security still remains an afterthought in modern Electronic Design Automation (EDA) tools, which solely focus on enhancing performance and reducing the chip size. Typically, the security analysis is conducted by hand, leading to vulnerabilities in the design remaining unnoticed. Security-aware EDA tools assist the designer in the identification and removal of security threats while keeping performance and area in mind. Stateof-the-art approaches utilize information flow analysis to spot unintended information leakages in design structures. However, the classification of such threats is binary, resulting in negligible leakages being listed as well. A novel quantitative analysis allows the application of a metric to determine a numeric value for a leakage. Nonetheless, current approximations to quantify the leakage are still prone to overlooking leakages. The mathematical model 2D-QModel introduced in this work aims to overcome this shortcoming. Additionally, as previous work only includes a limited threat model, multiple threat models can be applied using the provided approach. Open-source benchmarks are used to show the capabilities of 2D-QModel to identify hardware Trojans in the design while ignoring insignificant leakages.
Authored by Lennart Reimann, Sarp Erdönmez, Dominik Sisejkovic, Rainer Leupers
The use of computers and the internet has spread rapidly over the course of the past few decades. Every day, more and more peopleare coming to rely heavily on the internet. When it comes to the field of information security, the subject of security is one that is becoming an increasingly important focus. It is vital to design a powerful intrusion detection system in order to prevent computer hackers and other intruders from effectively getting into computer networks or systems. This can be accomplished by: (IDS). The danger and attack detection capabilities of the computer system are built into the intrusion detection system. Abuse has occurred and can be used to identify invasions when there is a deviation between a preset pattern of intrusion and an observedpattern of intrusion. An intrusion detection system (IDS) is a piece of hardware (or software) that is used to generate reports for a Management Station as well as monitor network and/or system activities for unethical behaviour or policy violations. In the current study, an approach known as machine learning is suggested as a possible paradigm for the development of a network intrusion detection system. The results of the experiment show that the strategy that was suggested improves the capability of intrusion detection.
Authored by Ajmeera Kiran, Wilson Prakash, Anand Kumar, Likhitha, Tammana Sameeratmaja, Ungarala Charan
Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.
Authored by Yaxing Chen, Qinghua Zheng, Zheng Yan, Dan Liu