Visible to the public Biblio

Filters: Keyword is integrated circuits  [Clear All Filters]
2020-05-11
Kenarangi, Farid, Partin-Vaisband, Inna.  2019.  Security Network On-Chip for Mitigating Side-Channel Attacks. 2019 ACM/IEEE International Workshop on System Level Interconnect Prediction (SLIP). :1–6.
Hardware security is a critical concern in design and fabrication of integrated circuits (ICs). Contemporary hardware threats comprise tens of advance invasive and non-invasive attacks for compromising security of modern ICs. Numerous attack-specific countermeasures against the individual threats have been proposed, trading power, area, speed, and design complexity of a system for security. These typical overheads combined with strict performance requirements in advanced technology nodes and high complexity of modern ICs often make the codesign of multiple countermeasures impractical. In this paper, on-chip distribution networks are exploited for detecting those hardware security threats that require non-invasive, yet physical interaction with an operating device-under-attack (e.g., measuring equipment for collecting sensitive information in side-channel attacks). With the proposed approach, the effect of the malicious physical interference with the device-under-attack is captured in the form of on-chip voltage variations and utilized for detecting malicious activity in the compromised device. A machine learning (ML) security IC is trained to predict system security based on sensed variations of signals within on-chip distribution networks. The trained ML ICs are distributed on-chip, yielding a robust and high-confidence security network on-chip. To halt an active attack, a variety of desired counteractions can be executed in a cost-effective manner upon the attack detection. The applicability and effectiveness of these security networks is demonstrated in this paper with respect to power, timing, and electromagnetic analysis attacks.
2020-04-24
Bettouche, Mohamed Amine, Le Claire, Jean-Claude, Ghedamsi, Kaci, Aouzellag, Djamal, Ahmed, Mourad Ait, Benkhoris, Mohamed Fouad.  2019.  A behavior analysis of Permanent Magnet Synchronous Generator - Vienna rectifier set for marine current energy conversion. 2019 IEEE 2nd International Conference on Renewable Energy and Power Engineering (REPE). :254—259.
This article is dedicated to the study of an innovative architecture for the conversion of renewable marine energy into electrical energy. It consists of a Permanent Magnet Synchronous Generator (PMSG) combined with a three-phase Vienna rectifier. This last converter is not reversible but has the advantage of minimizing the number of active switches. This improves the operational reliability of the chain, which is necessary in the context of marine energy exploitation where access to the installations is not easy. The study focuses on the behavior analysis of electrical chain conversion, and the study of phase and neutral current according to the conduction’s states of the switches of the Vienna rectifier is being investigated. Despite the high non-linearity of this architecture, this control is made possible through to the dynamic performance and control of the maximum switching frequency of the self-oscillating controller called the Phase-Shift Self-Oscillating Current Controller (PSSOCC).
2020-04-03
Šišejković, Dominik, Merchant, Farhad, Leupers, Rainer, Ascheid, Gerd, Kiefer, Volker.  2019.  A Critical Evaluation of the Paradigm Shift in the Design of Logic Encryption Algorithms. 2019 International Symposium on VLSI Design, Automation and Test (VLSI-DAT). :1—4.
The globalization of the integrated circuit supply chain has given rise to major security concerns ranging from intellectual property piracy to hardware Trojans. Logic encryption is a promising solution to tackle these threats. Recently, a Boolean satisfiability attack capable of unlocking existing logic encryption techniques was introduced. This attack initiated a paradigm shift in the design of logic encryption algorithms. However, recent approaches have been strongly focusing on low-cost countermeasures that unfortunately lead to low functional and structural corruption. In this paper, we show that a simple approach can offer provable security and more than 99% corruption if a higher area overhead is accepted. Our results strongly suggest that future proposals should consider higher overheads or more realistic circuit sizes for the evaluation of modern logic encryption algorithms.
2020-03-12
Salmani, Hassan, Hoque, Tamzidul, Bhunia, Swarup, Yasin, Muhammad, Rajendran, Jeyavijayan JV, Karimi, Naghmeh.  2019.  Special Session: Countering IP Security Threats in Supply Chain. 2019 IEEE 37th VLSI Test Symposium (VTS). :1–9.

The continuing decrease in feature size of integrated circuits, and the increase of the complexity and cost of design and fabrication has led to outsourcing the design and fabrication of integrated circuits to third parties across the globe, and in turn has introduced several security vulnerabilities. The adversaries in the supply chain can pirate integrated circuits, overproduce these circuits, perform reverse engineering, and/or insert hardware Trojans in these circuits. Developing countermeasures against such security threats is highly crucial. Accordingly, this paper first develops a learning-based trust verification framework to detect hardware Trojans. To tackle Trojan insertion, IP piracy and overproduction, logic locking schemes and in particular stripped functionality logic locking is discussed and its resiliency against the state-of-the-art attacks is investigated.

2020-03-02
Serpanos, Dimitrios, Stachoulis, Dimitrios.  2019.  Secure Memory for Embedded Tamper-Proof Systems. 2019 14th International Conference on Design Technology of Integrated Systems In Nanoscale Era (DTIS). :1–4.

Data leakage and disclosure to attackers is a significant problem in embedded systems, considering the ability of attackers to get physical access to the systems. We present methods to protect memory data leakage in tamper-proof embedded systems. We present methods that exploit memory supply voltage manipulation to change the memory contents, leading to an operational and reusable memory or to destroy memory cell circuitry. For the case of memory data change, we present scenaria for data change to a known state and to a random state. The data change scenaria are effective against attackers who cannot detect the existence of the protection circuitry; furthermore, original data can be calculated in the case of data change to a known state, if the attacker identifies the protection circuitry and its operation. The methods that change memory contents to a random state or destroy memory cell circuitry lead to irreversible loss of the original data. However, since the known state can be used to calculate the original data.

Zhao, Zhijun, Jiang, Zhengwei, Wang, Yueqiang, Chen, Guoen, Li, Bo.  2019.  Experimental Verification of Security Measures in Industrial Environments. 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). :498–502.
Industrial Control Security (ICS) plays an important role in protecting Industrial assets and processed from being tampered by attackers. Recent years witness the fast development of ICS technology. However there are still shortage of techniques and measures to verify the effectiveness of ICS approaches. In this paper, we propose a verification framework named vICS, for security measures in industrial environments. vICS does not requires installing any agent in industrial environments, and could be viewed as a non-intrusive way. We use vICS to evaluate the effectiveness of classic ICS techniques and measures through several experiments. The results shown that vICS provide an feasible solution for verifying the effectiveness of classic ICS techniques and measures for industrial environments.
2020-02-26
Juretus, Kyle, Savidis, Ioannis.  2019.  Increasing the SAT Attack Resiliency of In-Cone Logic Locking. 2019 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.

A method to increase the resiliency of in-cone logic locking against the SAT attack is described in this paper. Current logic locking techniques provide protection through the addition of circuitry outside of the original logic cone. While the additional circuitry provides provable security against the SAT attack, other attacks, such as the removal attack, limit the efficacy of such techniques. Traditional in-cone logic locking is not prone to removal attacks, but is less secure against the SAT attack. The focus of this paper is, therefore, the analysis of in-cone logic locking to increase the security against the SAT attack, which provides a comparison between in-cone techniques and newly developed methodologies. A novel algorithm is developed that utilizes maximum fanout free cones (MFFC). The application of the algorithm limits the fanout of incorrect key information. The MFFC based algorithm resulted in an average increase of 61.8% in the minimum number of iterations required to complete the SAT attack across 1,000 different variable orderings of the circuit netlist while restricted to a 5% overhead in area.

Guo, Xiaolong, Zhu, Huifeng, Jin, Yier, Zhang, Xuan.  2019.  When Capacitors Attack: Formal Method Driven Design and Detection of Charge-Domain Trojans. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :1727–1732.

The rapid growth and globalization of the integrated circuit (IC) industry put the threat of hardware Trojans (HTs) front and center among all security concerns in the IC supply chain. Current Trojan detection approaches always assume HTs are composed of digital circuits. However, recent demonstrations of analog attacks, such as A2 and Rowhammer, invalidate the digital assumption in previous HT detection or testing methods. At the system level, attackers can utilize the analog properties of the underlying circuits such as charge-sharing and capacitive coupling effects to create information leakage paths. These new capacitor-based vulnerabilities are rarely covered in digital testings. To address these stealthy yet harmful threats, we identify a large class of such capacitor-enabled attacks and define them as charge-domain Trojans. We are able to abstract the detailed charge-domain models for these Trojans and expose the circuit-level properties that critically contribute to their information leakage paths. Aided by the abstract models, an information flow tracking (IFT) based solution is developed to detect charge-domain leakage paths and then identify the charge-domain Trojans/vulnerabilities. Our proposed method is validated on an experimental RISC microcontroller design injected with different variants of charge-domain Trojans. We demonstrate that successful detection can be accomplished with an automatic tool which realizes the IFT-based solution.

Shi, Qihang, Vashistha, Nidish, Lu, Hangwei, Shen, Haoting, Tehranipoor, Bahar, Woodard, Damon L, Asadizanjani, Navid.  2019.  Golden Gates: A New Hybrid Approach for Rapid Hardware Trojan Detection Using Testing and Imaging. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :61–71.

Hardware Trojans are malicious modifications on integrated circuits (IC), which pose a grave threat to the security of modern military and commercial systems. Existing methods of detecting hardware Trojans are plagued by the inability of detecting all Trojans, reliance on golden chip that might not be available, high time cost, and low accuracy. In this paper, we present Golden Gates, a novel detection method designed to achieve a comparable level of accuracy to full reverse engineering, yet paying only a fraction of its cost in time. The proposed method inserts golden gate circuits (GGC) to achieve superlative accuracy in the classification of all existing gate footprints using rapid scanning electron microscopy (SEM) and backside ultra thinning. Possible attacks against GGC as well as malicious modifications on interconnect layers are discussed and addressed with secure built-in exhaustive test infrastructure. Evaluation with real SEM images demonstrate high classification accuracy and resistance to attacks of the proposed technique.

2020-02-17
Zamula, Alexander, Rassomakhin, Sergii, Krasnobayev, Victor, Morozov, Vladyslav.  2019.  Synthesis of Discrete Complex Nonlinear Signals with Necessary Properties of Correlation Functions. 2019 IEEE 2nd Ukraine Conference on Electrical and Computer Engineering (UKRCON). :999–1002.
The main information and communication systems (ICS) effectiveness parameters are: reliability, resiliency, network bandwidth, service quality, profitability and cost, malware protection, information security, etc. Most modern ICS refers to multiuser systems, which implement the most promising method of distributing subscribers (users), namely, the code distribution, at which, subscribers are provided with appropriate forms of discrete sequences (signatures). Since in multiuser systems, channels code division is based on signal difference, then the ICS construction and systems performance indicators are determined by the chosen signals properties. Distributed spectrum technology is the promising direction of information security for telecommunication systems. Currently used data generation and processing methods, as well as the broadband signal classes used as a physical data carrier, are not enough for the necessary level of information security (information secrecy, imitation resistance) as well as noise immunity (impedance reception, structural secrecy) of the necessary (for some ICS applications). In this case, discrete sequences (DS) that are based on nonlinear construction rules and have improved correlation, ensemble and structural properties should be used as DS that extend the spectrum (manipulate carrier frequency). In particular, with the use of such signals as the physical carrier of information or synchronization signals, the time expenditures on the disclosure of the signal structure used are increasing and the setting of "optima", in terms of the counteracting station, obstacles becomes problematic. Complex signals obtained on such sequences basis have structural properties, similar to random (pseudorandom) sequences, as well as necessary correlation and ensemble properties. For designing signals for applications applied for measuring delay time, signal detecting, synchronizing stations and etc, side-lobe levels of autocorrelation function (ACF) minimization is essential. In this paper, the problem of optimizing the synthesis of nonlinear discrete sequences, which have improved ensemble, structural and autocorrelation properties, is formulated and solved. The use of nonlinear discrete signals, which are formed on the basis of such sequences, will provide necessary values for impedance protection, structural and information secrecy of ICS operation. Increased requirements for ICS information security, formation and performance data in terms of internal and external threats (influences), determine objectively existing technical and scientific controversy to be solved is goal of this work.The paper presents the results of solving the actual problem of performance indicators improvements for information and communication systems, in particular secrecy, information security and noise immunity with interfering influences, based on the nonlinear discrete cryptographic signals (CS) new classes synthesis with the necessary properties.
2020-02-10
Fujita, Yuki, Inomata, Atsuo, Kashiwazaki, Hiroki.  2019.  Implementation and Evaluation of a Multi-Factor Web Authentication System with Individual Number Card and WebUSB. 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). :1–4.
As the number of Internet users increases, their usage also diversifies, and it is important to prevent Identity on the Internet (Digital Identity) from being violated. Unauthorized authentication is one of the methods to infringe Digital Identity. Multi-factor authentication has been proposed as a method for preventing unauthorized authentication. However, the cryptographic authenticator required for multi-factor authentication is expensive both financially and UX-wise for the user. In this paper, we design, implement and evaluate multi-factor authentication using My Number Card provided by public personal identification service and WebUSB, which is being standardized.
Hu, Taifeng, Wu, Liji, Zhang, Xiangmin, Yin, Yanzhao, Yang, Yijun.  2019.  Hardware Trojan Detection Combine with Machine Learning: an SVM-based Detection Approach. 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :202–206.
With the application of integrated circuits (ICs) appears in all aspects of life, whether an IC is security and reliable has caused increasing worry which is of significant necessity. An attacker can achieve the malicious purpose by adding or removing some modules, so called hardware Trojans (HTs). In this paper, we use side-channel analysis (SCA) and support vector machine (SVM) classifier to determine whether there is a Trojan in the circuit. We use SAKURA-G circuit board with Xilinx SPARTAN-6 to complete our experiment. Results show that the Trojan detection rate is up to 93% and the classification accuracy is up to 91.8475%.
2020-01-21
Hou, Ye, Such, Jose, Rashid, Awais.  2019.  Understanding Security Requirements for Industrial Control System Supply Chains. 2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS). :50–53.

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.

Abdelghani, TSCHROUB.  2019.  Industrial Control Systems (Ics) Security in Power Transmission Network. 2019 Algerian Large Electrical Network Conference (CAGRE). :1–4.

The goal of this document is to provide knowledge of Security for Industrial Control Systems (ICS,) such as supervisory control and data acquisition (SCADA) which is implemented in power transmission network, power stations, power distribution grids and other big infrastructures that affect large number of persons and security of nations. A distinction between IT and ICS security is given to make a difference between the two disciplines. In order to avoid intrusion and destruction of industrials plants, some recommendations are given to preserve their security.

2020-01-07
Matsunaga, Yusuke, Yoshimura, Masayoshi.  2019.  An Efficient SAT-Attack Algorithm Against Logic Encryption. 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). :44-47.

This paper presents a novel efficient SAT-attack algorithm for logic encryption. The existing SAT-attack algorithm can decrypt almost all encrypted circuits proposed so far, however, there are cases that it takes a huge amount of CPU time. This is because the number of clauses being added during the decryption increases drastically in that case. To overcome that problem, a novel algorithm is developed, which considers the equivalence of clauses to be added. Experiments show that the proposed algorithm is much faster than the existing algorithm.

2019-11-04
Daoud, Luka, Rafla, Nader.  2018.  Routing Aware and Runtime Detection for Infected Network-on-Chip Routers. 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS). :775-778.

Network-on-Chip (NoC) architecture is the communication heart of the processing cores in Multiprocessors System-on-Chip (MPSoC), where messages are routed from a source to a destination through intermediate nodes. Therefore, NoC has become a target to security attacks. By experiencing outsourcing design, NoC can be infected with a malicious Hardware Trojans (HTs) which potentially degrade the system performance or leave a backdoor for secret key leaking. In this paper, we propose a HT model that applies a denial of service attack by misrouting the packets, which causes deadlock and consequently degrading the NoC performance. We present a secure routing algorithm that provides a runtime HT detection and avoiding scheme. Results show that our proposed model has negligible overhead in area and power, 0.4% and 0.6%, respectively.

2019-10-30
Borgolte, Kevin, Hao, Shuang, Fiebig, Tobias, Vigna, Giovanni.  2018.  Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones. 2018 IEEE Symposium on Security and Privacy (SP). :770-784.

Security research has made extensive use of exhaustive Internet-wide scans over the recent years, as they can provide significant insights into the overall state of security of the Internet, and ZMap made scanning the entire IPv4 address space practical. However, the IPv4 address space is exhausted, and a switch to IPv6, the only accepted long-term solution, is inevitable. In turn, to better understand the security of devices connected to the Internet, including in particular Internet of Things devices, it is imperative to include IPv6 addresses in security evaluations and scans. Unfortunately, it is practically infeasible to iterate through the entire IPv6 address space, as it is 2ˆ96 times larger than the IPv4 address space. Therefore, enumeration of active hosts prior to scanning is necessary. Without it, we will be unable to investigate the overall security of Internet-connected devices in the future. In this paper, we introduce a novel technique to enumerate an active part of the IPv6 address space by walking DNSSEC-signed IPv6 reverse zones. Subsequently, by scanning the enumerated addresses, we uncover significant security problems: the exposure of sensitive data, and incorrectly controlled access to hosts, such as access to routing infrastructure via administrative interfaces, all of which were accessible via IPv6. Furthermore, from our analysis of the differences between accessing dual-stack hosts via IPv6 and IPv4, we hypothesize that the root cause is that machines automatically and by default take on globally routable IPv6 addresses. This is a practice that the affected system administrators appear unaware of, as the respective services are almost always properly protected from unauthorized access via IPv4. Our findings indicate (i) that enumerating active IPv6 hosts is practical without a preferential network position contrary to common belief, (ii) that the security of active IPv6 hosts is currently still lagging behind the security state of IPv4 hosts, and (iii) that unintended IPv6 connectivity is a major security issue for unaware system administrators.

2019-09-11
Mbiriki, A., Katar, C., Badreddine, A..  2018.  Improvement of Security System Level in the Cyber-Physical Systems (CPS) Architecture. 2018 30th International Conference on Microelectronics (ICM). :40–43.

Industry 4.0 is based on the CPS architecture since it is the next generation in the industry. The CPS architecture is a system based on Cloud Computing technology and Internet of Things where computer elements collaborate for the control of physical entities. The security framework in this architecture is necessary for the protection of two parts (physical and information) so basically, security in CPS is classified into two main parts: information security (data) and security of control. In this work, we propose two models to solve the two problems detected in the security framework. The first proposal SCCAF (Smart Cloud Computing Adoption Framework) treats the nature of information that serves for the detection and the blocking of the threats our basic architecture CPS. The second model is a modeled detector related to the physical nature for detecting node information.

2019-08-26
Gonzalez, D., Alhenaki, F., Mirakhorli, M..  2019.  Architectural Security Weaknesses in Industrial Control Systems (ICS) an Empirical Study Based on Disclosed Software Vulnerabilities. 2019 IEEE International Conference on Software Architecture (ICSA). :31–40.

Industrial control systems (ICS) are systems used in critical infrastructures for supervisory control, data acquisition, and industrial automation. ICS systems have complex, component-based architectures with many different hardware, software, and human factors interacting in real time. Despite the importance of security concerns in industrial control systems, there has not been a comprehensive study that examined common security architectural weaknesses in this domain. Therefore, this paper presents the first in-depth analysis of 988 vulnerability advisory reports for Industrial Control Systems developed by 277 vendors. We performed a detailed analysis of the vulnerability reports to measure which components of ICS have been affected the most by known vulnerabilities, which security tactics were affected most often in ICS and what are the common architectural security weaknesses in these systems. Our key findings were: (1) Human-Machine Interfaces, SCADA configurations, and PLCs were the most affected components, (2) 62.86% of vulnerability disclosures in ICS had an architectural root cause, (3) the most common architectural weaknesses were “Improper Input Validation”, followed by “Im-proper Neutralization of Input During Web Page Generation” and “Improper Authentication”, and (4) most tactic-related vulnerabilities were related to the tactics “Validate Inputs”, “Authenticate Actors” and “Authorize Actors”.

2019-07-01
Urias, V. E., Stout, M. S. William, Leeuwen, B. V..  2018.  On the Feasibility of Generating Deception Environments for Industrial Control Systems. 2018 IEEE International Symposium on Technologies for Homeland Security (HST). :1–6.

The cyber threat landscape is a constantly morphing surface; the need for cyber defenders to develop and create proactive threat intelligence is on the rise, especially on critical infrastructure environments. It is commonly voiced that Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) are vulnerable to the same classes of threats as other networked computer systems. However, cyber defense in operational ICS is difficult, often introducing unacceptable risks of disruption to critical physical processes. This is exacerbated by the notion that hardware used in ICS is often expensive, making full-scale mock-up systems for testing and/or cyber defense impractical. New paradigms in cyber security have focused heavily on using deception to not only protect assets, but also gather insight into adversary motives and tools. Much of the work that we see in today's literature is focused on creating deception environments for traditional IT enterprise networks; however, leveraging our prior work in the domain, we explore the opportunities, challenges and feasibility of doing deception in ICS networks.

2019-05-09
Sokolov, A. N., Barinov, A. E., Antyasov, I. S., Skurlaev, S. V., Ufimtcev, M. S., Luzhnov, V. S..  2018.  Hardware-Based Memory Acquisition Procedure for Digital Investigations of Security Incidents in Industrial Control Systems. 2018 Global Smart Industry Conference (GloSIC). :1-7.

The safety of industrial control systems (ICS) depends not only on comprehensive solutions for protecting information, but also on the timing and closure of vulnerabilities in the software of the ICS. The investigation of security incidents in the ICS is often greatly complicated by the fact that malicious software functions only within the computer's volatile memory. Obtaining the contents of the volatile memory of an attacked computer is difficult to perform with a guaranteed reliability, since the data collection procedure must be based on a reliable code (the operating system or applications running in its environment). The paper proposes a new instrumental method for obtaining the contents of volatile memory, general rules for implementing the means of collecting information stored in memory. Unlike software methods, the proposed method has two advantages: firstly, there is no problem in terms of reading the parts of memory, blocked by the operating system, and secondly, the resulting contents are not compromised by such malicious software. The proposed method is relevant for investigating security incidents of ICS and can be used in continuous monitoring systems for the security of ICS.

Ivanov, A. V., Sklyarov, V. A..  2018.  The Urgency of the Threats of Attacks on Interfaces and Field-Layer Protocols in Industrial Control Systems. 2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE). :162-165.

The paper is devoted to analysis of condition of executing devices and sensors of Industrial Control Systems information security. The work contains structures of industrial control systems divided into groups depending on system's layer. The article contains the analysis of analog interfaces work and work features of data transmission protocols in industrial control system field layer. Questions about relevance of industrial control systems information security, both from the point of view of the information security occurring incidents, and from the point of view of regulators' reaction in the form of normative legal acts, are described. During the analysis of the information security systems of industrial control systems a possibility of leakage through technical channels of information leakage at the field layer was found. Potential vectors of the attacks on devices of field layer and data transmission network of an industrial control system are outlined in the article. The relevance analysis of the threats connected with the attacks at the field layer of an industrial control system is carried out, feature of this layer and attractiveness of this kind of attacks is observed.

Li, Y., Liu, X., Tian, H., Luo, C..  2018.  Research of Industrial Control System Device Firmware Vulnerability Mining Technology Based on Taint Analysis. 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). :607-610.

Aiming at the problem that there is little research on firmware vulnerability mining and the traditional method of vulnerability mining based on fuzzing test is inefficient, this paper proposed a new method of mining vulnerabilities in industrial control system firmware. Based on taint analysis technology, this method can construct test cases specifically for the variables that may trigger vulnerabilities, thus reducing the number of invalid test cases and improving the test efficiency. Experiment result shows that this method can reduce about 23 % of test cases and can effectively improve test efficiency.

Lu, G., Feng, D..  2018.  Network Security Situation Awareness for Industrial Control System Under Integrity Attacks. 2018 21st International Conference on Information Fusion (FUSION). :1808-1815.

Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

2019-03-25
Ferres, E., Immler, V., Utz, A., Stanitzki, A., Lerch, R., Kokozinski, R..  2018.  Capacitive Multi-Channel Security Sensor IC for Tamper-Resistant Enclosures. 2018 IEEE SENSORS. :1–4.
Physical attacks are a serious threat for embedded devices. Since these attacks are based on physical interaction, sensing technology is a key aspect in detecting them. For highest security levels devices in need of protection are placed into tamper-resistant enclosures. In this paper we present a capacitive multi-channel security sensor IC in a 350 nm CMOS technology. This IC measures more than 128 capacitive sensor nodes of such an enclosure with an SNR of 94.6 dB across a 16×16 electrode matrix in just 19.7 ms. The theoretical sensitivity is 35 aF which is practically limited by noise to 460 aF. While this is similar to capacitive touch technology, it outperforms available solutions of this domain with respect to precision and speed.