for Journals by Title or ISSN
for Articles by Keywords
Followed Journals
Journal you Follow: 0
Sign Up to follow journals, search in your chosen journals and, optionally, receive Email Alerts when new issues of your Followed Journals are published.
Already have an account? Sign In to see the journals you follow.
Similar Journals
Journal Cover
IEEE Transactions on Dependable and Secure Computing
Journal Prestige (SJR): 0.802
Citation Impact (citeScore): 4
Number of Followers: 13  
  Hybrid Journal Hybrid journal (It can contain Open Access articles)
ISSN (Print) 1545-5971
Published by IEEE Homepage  [191 journals]
  • Emerging Attacks and Solutions for Secure Hardware in the Internet of
    • Authors: Chip Hong Chang;Marten van Dijk;Ulrich Rührmair;Mark M. Tehranipoor;
      Pages: 373 - 375
      Abstract: The fourteen papers in this special section explore software solutions for secure hardware in the Internet of Things (IoT). It could well be argued that the emerging IoT, together with the two long-standing trends of pervasive and ubiquitous computing, constitutes one of the most massive civil endeavors in the history of mankind. While it promises outstandingly positive usability and convenience effects, its implications for security and privacy are less clear. The vision of billions of low-cost, lightweight, and highly interconnected endpoints certainly rises a host of pressing issues to both cryptographers and system designers. Ideally, these should be resolved prior to a large-scale deployment of the IoT, and before its underlying infrastructure and standards have been established.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • A Highly Efficient Side Channel Attack with Profiling through
           Relevance-Learning on Physical Leakage Information
    • Authors: Ali Akbar Pammu;Kwen-Siong Chong;Yi Wang;Bah-Hwee Gwee;
      Pages: 376 - 387
      Abstract: We propose a Profiling through Relevance-Learning (PRL) technique on Physical Leakage Information (PLI) to extract highly correlated PLI with processed data, as to achieve a highly efficient yet robust Side Channel Attack (SCA). There are four key features in our proposed PRL. First, variance analysis on PLI is implemented to determine the boundary of the clusters and objects of the clusters. Second, the nearest-neighbor k-NN variance clustering is used to reduce the sampling points of PLI by clustering the high variance sampling points and discarding the low variance sampling points of PLI measurements (traces). These clustered sampling points, which are highly correlated with the processed data, contain pertinent leakage information related to the secret key. Third, the information associated with the secret key is spread in several neighboring sampling points with different degrees of leakages. We analytically derive the Key-leakage relevance factor for each clustered sampling point to quantify the degree of leakage associated with the secret key. Fourth, by means of Hebbian learning, a weight proportional to the Key-leakage relevance factor is updated iteratively based on the values of relevance factor and traces of the sampling points. The converged weights which are being assigned to clustered sampling points are linked to their associated PLI to further increase the correlation of the PLI with the processed data. Therefore, the required number of PLI measurements, to reveal the secret key, can be reduced significantly. In addition, we analytically show that the computational complexity of our proposed PRL is ${text{O}(}n)$O(n) when compared to the reported profiling techniques having ${text{O}(}n^{2})$O(n2) and ${text{O}(}n^{3})$O(n3) computational complexities. Based on the experiments of our proposed PRL performed on the PLI of AES-128 algorithm, the results depicting that the sampling points of PLI are reduced 87 percent after the k-NN variance cluster-ng. The converged weight with learning error rate {text{10}}^{6}$>106 traces, our proposed PRL is ${{{sim} 2,000}}times$∼2,000× more efficient in performing SCA.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • A Secure Exception Mode for Fault-Attack-Resistant Processing
    • Authors: Bilgiday Yuce;Chinmay Deshpande;Marjan Ghodrati;Abhishek Bendre;Leyla Nazhandali;Patrick Schaumont;
      Pages: 388 - 401
      Abstract: Fault attacks are a known threat to secure embedded implementations. We propose a generic technique to detect and react to fault attacks on embedded software. The countermeasure combines a micro-architecture extension in hardware with a secure trap in software. The combined extension leads to a secure exception mode to handle fault attacks. The microprocessor hardware uses a low-level hardware checkpointing mechanism to recover from fault injection. A high-level secure trap in software then enables an application-specific response. The trap is user-defined and can be co-developed with the application. The combination of hardware fault detection and recovery, with a high-level fault response policy in software leads to significantly lower overhead when compared to traditional redundancy-based techniques in hardware or software. We demonstrate a prototype implementation of the proposed secure exception mode. The prototype is based on a modified LEON3 processor and it is able to detect and respond to setup-time violation attacks. We have realized the design in a 180 nm standard cell ASIC with integrated memory. Using several driver application examples, we characterize the software and hardware overhead of the proposed solution, and we compare it to the conventional redundancy-based solutions. In our understanding this is the first proof-in-silicon processor to offer a comprehensive secure exception mode against fault-injection attacks.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • A Silicon PUF Based Entropy Pump
    • Authors: Qian Wang;Gang Qu;
      Pages: 402 - 414
      Abstract: The security level of many cryptographic protocols and secure systems is determined by the strength of the cryptographic keys, which can be measured by entropy. Finding an entropy source that can generate secure keys with high entropy is a very challenging problem and it is normally associated with high cost. Instead of looking for a low-cost entropy source, we study in this article how to improve the entropy generated by a low-entropy source. Unlike the existing approaches based on hash function or cryptographic protocols, our solution leverages the intrinsic randomness in physical properties such as silicon physical unclonable functions (PUFs). Silicon PUF is a piece of circuitry that can capture certain intrinsic on-chip variations that were introduced during the chip fabrication process. It is generally believed that such variations are random and unpredictable. In this article, we demonstrate that the silicon PUF can be used as an effective entropy pump to boost low-entropy keys. Our approach is based on a recently developed highly flexible ring oscillator (RO) PUF. When we use the low-entropy key to configure the RO PUF, we find that the corresponding PUF response exhibits higher entropy, which means that the key's entropy has been improved. We implement our design on Nexys 4 Artix-7 FPGA board and demonstrate that the configurable PUF structure can successfully enhance the entropy of input keys. Compared to the other entropy enhancement methods, our PUF based entropy pump has the lowest hardware cost. Moreover, we apply this in a password enhancement application to provide robust high entropy passwords that can resist attacks such as the pre-compute attack.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Atlas: Application Confidentiality in Compromised Embedded Systems
    • Authors: Pieter Maene;Johannes Götzfried;Tilo Müller;Ruan de Clercq;Felix Freiling;Ingrid Verbauwhede;
      Pages: 415 - 423
      Abstract: Due to the requirements of the Internet-of-Things, modern embedded systems have become increasingly complex, running different applications. In order to protect their intellectual property as well as the confidentiality of sensitive data they process, these applications have to be isolated from each other. Traditional memory protection and memory management units provide such isolation, but rely on operating system support for their configuration. However, modern operating systems tend to be vulnerable and cannot guarantee confidentiality when compromised. We present Atlas, a hardware-based security architecture, complementary to traditional memory protection mechanisms, ensuring code and data confidentiality through transparent encryption, even when the system software has been exploited. Atlas relies on its zero-software trusted computing base to protect against system-level attackers and also supports secure shared memory. We implemented Atlas based on the LEON3 softcore processor, including toolchain extensions for developers. Our FPGA-based evaluation shows minimal cycle overhead at the cost of a reduced maximum frequency.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Building PUF Based Authentication and Key Exchange Protocol for IoT
           Without Explicit CRPs in Verifier Database
    • Authors: Urbi Chatterjee;Vidya Govindan;Rajat Sadhukhan;Debdeep Mukhopadhyay;Rajat Subhra Chakraborty;Debashis Mahata;Mukesh M. Prabhu;
      Pages: 424 - 437
      Abstract: Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Building a Trustworthy Execution Environment to Defeat Exploits from both
           Cyber Space and Physical Space for ARM
    • Authors: Le Guan;Chen Cao;Peng Liu;Xinyu Xing;Xinyang Ge;Shengzhi Zhang;Meng Yu;Trent Jaeger;
      Pages: 438 - 453
      Abstract: The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Ciphertext-Only Fault Analysis on the LED Lightweight Cryptosystem in the
           Internet of Things
    • Authors: Wei Li;Linfeng Liao;Dawu Gu;Chaoyun Li;Chenyu Ge;Zheng Guo;Ya Liu;Zhiqiang Liu;
      Pages: 454 - 461
      Abstract: With the enlargement of wireless technology, Internet of Things (IoT) is emerging as a promising approach to realize smart cities and address lots of serious problems such as safety, convenience and efficiency. In order to avoid any possible rancorous attacks, employing lightweight cryptosystems is most effective to implement encryption/decryption, message authentication and digital signature for security of the IoT. LED is such a lightweight cipher with two flexible keysize variants in the IoT. Since its designing, a multitude of fault analysis techniques in chosen plaintext attacks focus on provoking faults on LED to derive the 64-bit and 128-bit secret keys. It is vital to investigate whether injecting faults allows breaking LED while the attackers have the weakest ciphertext-only attacking ability. This study presents ciphertext-only fault analysis with six different distinguishers on LED. The simulating experiments show that our analysis can recover its 64-bit and 128-bit secret keys with over 99 percent probability using the SEI, GF, GF-SEI, ML, HW and MAP distinguishers. The attack can not only improve the attacking efficiency, but also decrease the number of faults. The fault locations can be injected into the deeper round. It provides vital reference for security analysis of other lightweight ciphers in the IoT.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Decay-Based DRAM PUFs in Commodity Devices
    • Authors: André Schaller;Wenjie Xiong;Nikolaos Athanasios Anagnostopoulos;Muhammad Umair Saleem;Sebastian Gabmeyer;Boris Škorić;Stefan Katzenbeisser;Jakub Szefer;
      Pages: 462 - 475
      Abstract: A Physically Unclonable Function (PUF) is a unique and stable physical characteristic of a piece of hardware, which emerges due to variations in the hardware fabrication processes. Prior works have demonstrated that PUFs are a promising cryptographic primitive that can enable secure key storage, hardware-based device authentication and identification. So far, most PUF constructions have required an addition of new hardware or an FPGA implementation for their operation. Recently, intrinsic PUFs, which can be found in commodity devices, have been investigated. Unfortunately, most of them suffer from the drawback that they can only be accessed at boot time. This paper focuses on a new class of run-time accessible, decay-based, intrinsic DRAM PUFs in commercial off-the-shelf systems, which requires no additional hardware or FPGAs. In order to enable secure key storage using DRAM PUFs, this work presents a new Helper Data System (HDS) specifically tailored to the properties of the decay process inherent to DRAM cells. The decay-based DRAM PUF and the new HDS are evaluated on commodity off-the-shelf devices to demonstrate their practicality. Furthermore, a novel lightweight protocol is presented that allows for mutual authentication.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Detecting Fault Injection Attacks Based on Compressed Sensing and Integer
           Linear Programming
    • Authors: Huiyun Li;Cuiping Shao;Zheng Wang;
      Pages: 476 - 483
      Abstract: Cryptographic ICs have been widely applied to numerous security-critical environments nowadays. Fault injection has become a serious attack on cryptographic IC, especially soft-errors or single event upsets (SEUs) by fine-resolution fault injection attacks. Detection and tamper evidence of these attacks become important. Traditional SEU diagnose methods usually require special sensors embedded into the circuits. However, these methods require non-trivial design and test effort, and usually just yield statistic results. In this paper, we formulate the detection fault injection attacks as a compressed sensing problem, due to sparsity of soft errors. Besides, due to the binary characteristic of the coefficient matrix and the variables, integer linear programming is adopted to reconstruct the soft error signals. Simulation results on a cryptographic IC demonstrate that the proposed method is capable to accurately detect the locations of soft-errors caused by fault injection attacks with negligible hardware overhead. The abnormal test output of scan-chains can be tamper evidence of the fault injection attacks.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • GaitLock: Protect Virtual and Augmented Reality Headsets Using Gait
    • Authors: Yiran Shen;Hongkai Wen;Chengwen Luo;Weitao Xu;Tao Zhang;Wen Hu;Daniela Rus;
      Pages: 484 - 497
      Abstract: With the fast penetration of commercial Virtual Reality (VR) and Augmented Reality (AR) systems into our daily life, the security issues of those devices have attracted significant interests from both academia and industry. Modern VR/AR systems typically use head-mounted devices (i.e., headsets) to interact with users, and often store private user data, e.g., social network accounts, online transactions or even payment information. This poses significant security threats, since in practice the headset can be potentially obtained and accessed by unauthenticated parties, e.g., identity thieves, and thus cause catastrophic breach. In this paper, we propose a novel GaitLock system, which can reliably authenticate users using their gait signatures. Our system doesn't require extra hardware, e.g., fingerprint sensors or retina scanners, but only uses the on-board inertial measurement units (IMUs) equipped in almost all mainstream VR/AR headsets to authenticate the legitimate users from intruders, by simply asking them to walk a few steps. To achieve that, we propose a new gait recognition model Dynamic-SRC, which combines the strength of Dynamic Time Warping (DTW) and Sparse Representation Classifier (SRC), to extract unique gait patterns from the inertial signals during walking. We implement GaitLock on Google Glass (a typical AR headset), and extensive experiments show that GaitLock outperforms the state-of-the-art systems significantly in recognition accuracy ($>$>98 percent success in 5 steps), and is able to run in-situ on the resource-constrained VR/AR headsets without incurring high energy cost.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • HAL—The Missing Piece of the Puzzle for Hardware Reverse Engineering,
           Trojan Detection and Insertion
    • Authors: Marc Fyrbiak;Sebastian Wallat;Pawel Swierczynski;Max Hoffmann;Sebastian Hoppach;Matthias Wilhelm;Tobias Weidlich;Russell Tessier;Christof Paar;
      Pages: 498 - 510
      Abstract: Hardware manipulations pose a serious threat to numerous systems, ranging from a myriad of smart-X devices to military systems. In many attack scenarios an adversary merely has access to the low-level, potentially obfuscated gate-level netlist. In general, the attacker possesses minimal information and faces the costly and time-consuming task of reverse engineering the design to identify security-critical circuitry, followed by the insertion of a meaningful hardware Trojan. These challenges have been considered only in passing by the research community. The contribution of this work is threefold: First, we present $sf {HAL}$HAL, a comprehensive reverse engineering and manipulation framework for gate-level netlists. $sf {HAL}$HAL allows automating defensive design analysis (e.g., including arbitrary Trojan detection algorithms with minimal effort) as well as offensive reverse engineering and targeted logic insertion. Second, we present a novel static analysis Trojan detection technique $sf {ANGEL}$ANGEL which considerably reduces the false-positive detection rate of the detection technique $sf {FANCI}$FANCI. Furthermore, we demonstrate that $sf {ANGEL}$ANGEL is capable of automatically detecting Trojans obfuscated with $sf {DeTrust}$DeTrust. Third, we demonstrate how a malicious party can semi-automatically inject hardware Trojans into third-party designs. We present reverse engineering algorithms to disarm and trick cryptographic self-tests, and subtly leak cryptographic keys without any a priori knowledge of the design's internal workings.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • High Rate Robust Codes with Low Implementation Complexity
    • Authors: Hila Rabii;Yaara Neumeier;Osnat Keren;
      Pages: 511 - 520
      Abstract: Robust codes ${mathcal {C}}(n,k)_q$C(n,k)q are nonlinear $q$q-ary codes of dimension $k$k and length $nleq 2k$n≤2k. Robust codes can detect any error with nonzero probability; hence, they can effectively detect fault injection attacks. Most high rate robust codes are either restricted to certain ratios between $n$n and $k$k, or have relatively high hardware complexity. This paper presents new constructions for optimum or close to optimum low complexity high rate robust codes. These codes exist for any $k$k and $n$n. The hardware complexity of each construction is discussed, and a method to choose the one with the smallest implementation cost is presented.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Memory-Efficient Implementation of Elliptic Curve Cryptography for the
    • Authors: Zhe Liu;Hwajeong Seo;Aniello Castiglione;Kim-Kwang Raymond Choo;Howon Kim;
      Pages: 521 - 529
      Abstract: In this paper, we present memory-efficient and scalable implementations of NIST standardized elliptic curves P-256, P-384 and P-521 on three ARMv6-M processors (i.e. Cortex-M0, M0+, and M1). Specifically, we propose a refined approach to perform the Multiply-ACcumulate (MAC) operation using hardware multiplier provided by ARMv6-M processor, and a compact doubling routine for multi-precision squaring that executes both doubling and partial product operations in an efficient way. We demonstrate that the proposed squaring implementation achieves a speed up of 28 percent compared to the same operation employed in Micro-ECC. Then, we reduce one modular reduction in co-Z conjugate point addition by using lazy reduction and special form representation (CD-AB, EF-AB), which further reduces the execution time of both P-256 and P-384 implementations. Finally, we propose scalable implementations of ECC scalar multiplication on ARMv6-M processors that are widely used for Internet of Things applications.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • Noisy Vibrational Pairing of IoT Devices
    • Authors: S Abhishek Anand;Nitesh Saxena;
      Pages: 530 - 545
      Abstract: Internet of Things (IoT) is embodied by smart network-enabled devices that utilize computing power, networking, and miniaturization to enable richer and improved user experience. Due to their interconnectedness, ubiquitous nature and low computational power, trustworthy and secure communication between IoT devices has become a security concern. To authenticate the devices, “pairing” may be secured by the use of an auxiliary channel such as audio, visual and vibrations for sharing the key or keying material between the IoT devices. In this paper, we evaluate the security of vibration channel, susceptible to an acoustic eavesdropper, that can capture audio leakage from the vibrations of the transmitting IoT device. We propose a noisy vibration scheme for cloaking vibration sounds during pairing against such attacks. The scheme only requires a speaker for emitting the masking sound during key transmission. We evaluate the scheme in proximity, co-located and remote settings with an eavesdropping attacker. We also study motion sensor exploits against this scheme and compliment it with additional measures to mask vibration effects on motion sensors. Our scheme is user transparent and requires only a speaker (that may already be present on the device), so it can be readily implemented in the IoT setting, smart wearables, and other commodity gadgets.
      PubDate: May-June 1 2019
      Issue No: Vol. 16, No. 3 (2019)
  • &rft.title=IEEE+Transactions+on+Dependable+and+Secure+Computing&rft.issn=1545-5971&">2018 Reviewers List        Notation="TeX"/>
    • Pages: 546 - 550
      Abstract: Presents the reviewers who contributed to this publication in 2018.
      PubDate: May-June 2019
      Issue No: Vol. 16, No. 3 (2019)
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Tel: +00 44 (0)131 4513762
Fax: +00 44 (0)131 4513327
Home (Search)
Subjects A-Z
Publishers A-Z
Your IP address:
About JournalTOCs
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-