Visible to the public Biblio

Found 301 results

Filters: Keyword is Hardware  [Clear All Filters]
2020-07-10
Tahir, Rashid, Durrani, Sultan, Ahmed, Faizan, Saeed, Hammas, Zaffar, Fareed, Ilyas, Saqib.  2019.  The Browsers Strike Back: Countering Cryptojacking and Parasitic Miners on the Web. IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. :703—711.

With the recent boom in the cryptocurrency market, hackers have been on the lookout to find novel ways of commandeering users' machine for covert and stealthy mining operations. In an attempt to expose such under-the-hood practices, this paper explores the issue of browser cryptojacking, whereby miners are secretly deployed inside browser code without the knowledge of the user. To this end, we analyze the top 50k websites from Alexa and find a noticeable percentage of sites that are indulging in this exploitative exercise often using heavily obfuscated code. Furthermore, mining prevention plug-ins, such as NoMiner, fail to flag such cleverly concealed instances. Hence, we propose a machine learning solution based on hardware-assisted profiling of browser code in real-time. A fine-grained micro-architectural footprint allows us to classify mining applications with \textbackslashtextgreater99% accuracy and even flags them if the mining code has been heavily obfuscated or encrypted. We build our own browser extension and show that it outperforms other plug-ins. The proposed design has negligible overhead on the user's machine and works for all standard off-the-shelf CPUs.

Xiao, Tianran, Tong, Wei, Lei, Xia, Liu, Jingning, Liu, Bo.  2019.  Per-File Secure Deletion for Flash-Based Solid State Drives. 2019 IEEE International Conference on Networking, Architecture and Storage (NAS). :1—8.

File update operations generate many invalid flash pages in Solid State Drives (SSDs) because of the-of-place update feature. If these invalid flash pages are not securely deleted, they will be left in the “missing” state, resulting in leakage of sensitive information. However, deleting these invalid pages in real time greatly reduces the performance of SSD. In this paper, we propose a Per-File Secure Deletion (PSD) scheme for SSD to achieve non-real-time secure deletion. PSD assigns a globally unique identifier (GUID) to each file to quickly locate the invalid data blocks and uses Security-TRIM command to securely delete these invalid data blocks. Moreover, we propose a PSD-MLC scheme for Multi-Level Cell (MLC) flash memory. PSD-MLC distributes the data blocks of a file in pairs of pages to avoid the influence of programming crosstalk between paired pages. We evaluate our schemes on different hardware platforms of flash media, and the results prove that PSD and PSD-MLC only have little impact on the performance of SSD. When the cache is disabled and enabled, compared with the system without the secure deletion, PSD decreases SSD throughput by 1.3% and 1.8%, respectively. PSD-MLC decreases SSD throughput by 9.5% and 10.0%, respectively.

2020-07-06
Frias, Alex Davila, Yodo, Nita, Yadav, Om Prakash.  2019.  Mixed-Degradation Profiles Assessment of Critical Components in Cyber-Physical Systems. 2019 Annual Reliability and Maintainability Symposium (RAMS). :1–6.
This paper presents a general model to assess the mixed-degradation profiles of critical components in a Cyber-Physical System (CPS) based on the reliability of its critical physical and software components. In the proposed assessment, the cyber aspect of a CPS was approached from a software reliability perspective. Although extensive research has been done on physical components degradation and software reliability separately, research for the combined physical-software systems is still scarce. The non-homogeneous Poisson Processes (NHPP) software reliability models are deemed to fit well with the real data and have descriptive and predictive abilities, which could make them appropriate to estimate software components reliability. To show the feasibility of the proposed approach, a case study for mixed-degradation profiles assessment is presented with n physical components and one major software component forming a critical subsystem in CPS. Two physical components were assumed to have different degradation paths with the dependency between them. Series and parallel structures were investigated for physical components. The software component failure data was taken from a wireless network switching center and fitted into a Weibull software reliability model. The case study results revealed that mix-degradation profiles of physical components, combined with software component profile, produced a different CPS reliability profile.
2020-07-03
Ceška, Milan, Havlena, Vojtech, Holík, Lukáš, Korenek, Jan, Lengál, Ondrej, Matoušek, Denis, Matoušek, Jirí, Semric, Jakub, Vojnar, Tomáš.  2019.  Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata. 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). :109—117.
Deep packet inspection via regular expression (RE) matching is a crucial task of network intrusion detection systems (IDSes), which secure Internet connection against attacks and suspicious network traffic. Monitoring high-speed computer networks (100 Gbps and faster) in a single-box solution demands that the RE matching, traditionally based on finite automata (FAs), is accelerated in hardware. In this paper, we describe a novel FPGA architecture for RE matching that is able to process network traffic beyond 100 Gbps. The key idea is to reduce the required FPGA resources by leveraging approximate nondeterministic FAs (NFAs). The NFAs are compiled into a multi-stage architecture starting with the least precise stage with a high throughput and ending with the most precise stage with a low throughput. To obtain the reduced NFAs, we propose new approximate reduction techniques that take into account the profile of the network traffic. Our experiments showed that using our approach, we were able to perform matching of large sets of REs from SNORT, a popular IDS, on unprecedented network speeds.
León, Raquel, Domínguez, Adrián, Carballo, Pedro P., Núñez, Antonio.  2019.  Deep Packet Inspection Through Virtual Platforms using System-On-Chip FPGAs. 2019 XXXIV Conference on Design of Circuits and Integrated Systems (DCIS). :1—6.
Virtual platforms provide a full hardware/software platform to study device limitations in an early stages of the design flow and to develop software without requiring a physical implementation. This paper describes the development process of a virtual platform for Deep Packet Inspection (DPI) hardware accelerators by using Transaction Level Modeling (TLM). We propose two DPI architectures oriented to System-on-Chip FPGA. The first architecture, CPU-DMA based architecture, is a hybrid CPU/FPGA where the packets are filtered in the software domain. The second architecture, Hardware-IP based architecture, is mainly implemented in the hardware domain. We have created two virtual platforms and performed the simulation, the debugging and the analysis of the hardware/software features, in order to compare results for both architectures.
2020-06-29
Kaljic, Enio, Maric, Almir, Njemcevic, Pamela.  2019.  DoS attack mitigation in SDN networks using a deeply programmable packet-switching node based on a hybrid FPGA/CPU data plane architecture. 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT). :1–6.
The application of the concept of software-defined networks (SDN) has, on the one hand, led to the simplification and reduction of switches price, and on the other hand, has created a significant number of problems related to the security of the SDN network. In several studies was noted that these problems are related to the lack of flexibility and programmability of the data plane, which is likely first to suffer potential denial-of-service (DoS) attacks. One possible way to overcome this problem is to increase the flexibility of the data plane by increasing the depth of programmability of the packet-switching nodes below the level of flow table management. Therefore, this paper investigates the opportunity of using the architecture of deeply programmable packet-switching nodes (DPPSN) in the implementation of a firewall. Then, an architectural model of the firewall based on a hybrid FPGA/CPU data plane architecture has been proposed and implemented. Realized firewall supports three models of DoS attacks mitigation: DoS traffic filtering on the output interface, DoS traffic filtering on the input interface, and DoS attack redirection to the honeypot. Experimental evaluation of the implemented firewall has shown that DoS traffic filtering at the input interface is the best strategy for DoS attack mitigation, which justified the application of the concept of deep network programmability.
Blazek, Petr, Gerlich, Tomas, Martinasek, Zdenek.  2019.  Scalable DDoS Mitigation System. 2019 42nd International Conference on Telecommunications and Signal Processing (TSP). :617–620.
Distributed Denial of Service attacks (DDoS) are used by attackers for their effectiveness. This type of attack is one of the most devastating attacks in the Internet. Every year, the intensity of DDoS attacks increases and attackers use sophisticated multi-target DDoS attacks. In this paper, a modular system that allows to increase the filtering capacity linearly and allows to protect against the combination of DDoS attacks is designed and implemented. The main motivation for development of the modular filtering system was to find a cheap solution for filtering DDoS attacks with possibility to increase filtering capacity. The proposed system is based on open-source detection and filtration tools.
2020-06-26
Samir, Nagham, Gamal, Yousef, El-Zeiny, Ahmed N., Mahmoud, Omar, Shawky, Ahmed, Saeed, AbdelRahman, Mostafa, Hassan.  2019.  Energy-Adaptive Lightweight Hardware Security Module using Partial Dynamic Reconfiguration for Energy Limited Internet of Things Applications. 2019 IEEE International Symposium on Circuits and Systems (ISCAS). :1—4.
Data security is the main challenge in Internet of Things (IoT) applications. Security strength and the immunity to security attacks depend mainly on the available power budget. The power-security level trade-off is the main challenge for low power IoT applications, especially, energy limited IoT applications. In this paper, multiple encryption modes that provide different power consumption and security level values are hardware implemented. In other words, some modes provide high security levels at the expense of high power consumption and other modes provide low power consumption with low security level. Dynamic Partial Reconfiguration (DPR) is utilized to adaptively configure the hardware security module based on the available power budget. For example, for a given power constraint, the DPR controller configures the security module with the security mode that meets the available power constraint. ZC702 evaluation board is utilized to implement the proposed encryption modes using DPR. A Lightweight Authenticated Cipher (ACORN) is the most suitable encryption mode for low power IoT applications as it consumes the minimum power and area among the selected candidates at the expense of low throughput. The whole DPR system is tested with a maximum dynamic power dissipation of 10.08 mW. The suggested DPR system saves about 59.9% of the utilized LUTs compared to the individual implementation of the selected encryption modes.
Niedermaier, Matthias, Fischer, Florian, Merli, Dominik, Sigl, Georg.  2019.  Network Scanning and Mapping for IIoT Edge Node Device Security. 2019 International Conference on Applied Electronics (AE). :1—6.

The amount of connected devices in the industrial environment is growing continuously, due to the ongoing demands of new features like predictive maintenance. New business models require more data, collected by IIoT edge node sensors based on inexpensive and low performance Microcontroller Units (MCUs). A negative side effect of this rise of interconnections is the increased attack surface, enabled by a larger network with more network services. Attaching badly documented and cheap devices to industrial networks often without permission of the administrator even further increases the security risk. A decent method to monitor the network and detect “unwanted” devices is network scanning. Typically, this scanning procedure is executed by a computer or server in each sub-network. In this paper, we introduce network scanning and mapping as a building block to scan directly from the Industrial Internet of Things (IIoT) edge node devices. This module scans the network in a pseudo-random periodic manner to discover devices and detect changes in the network structure. Furthermore, we validate our approach in an industrial testbed to show the feasibility of this approach.

Salman, Ahmad, El-Tawab, Samy.  2019.  Efficient Hardware/Software Co-Design of Elliptic-Curve Cryptography for the Internet of Things. 2019 International Conference on Smart Applications, Communications and Networking (SmartNets). :1—6.

The Internet of Things (IoT) is connecting the world in a way humanity has never seen before. With applications in healthcare, agricultural, transportation, and more, IoT devices help in bridging the gap between the physical and the virtual worlds. These devices usually carry sensitive data which requires security and protection in transit and rest. However, the limited power and energy consumption make it harder and more challenging to implementing security protocols, especially Public-Key Cryptosystems (PKC). In this paper, we present a hardware/software co-design for Elliptic-Curve Cryptography (ECC) PKC suitable for lightweight devices. We present the implementation results for our design on an edge node to be used for indoor localization in a healthcare facilities.

Pandey, Jai Gopal, Mitharwal, Chhavi, Karmakar, Abhijit.  2019.  An RNS Implementation of the Elliptic Curve Cryptography for IoT Security. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :66—72.

Public key cryptography plays a vital role in many information and communication systems for secure data transaction, authentication, identification, digital signature, and key management purpose. Elliptic curve cryptography (ECC) is a widely used public key cryptographic algorithm. In this paper, we propose a hardware-software codesign implementation of the ECC cipher. The algorithm is modelled in C language. Compute-intensive components are identified for their efficient hardware implementations. In the implementation, residue number system (RNS) with projective coordinates are utilized for performing the required arithmetic operations. To manage the hardware-software codeign in an integrated fashion Xilinx platform studio tool and Virtex-5 xc5vfx70t device based platform is utilized. An application of the implementation is demonstrated for encryption of text and its respective decryption over prime fields. The design is useful for providing an adequate level of security for IoTs.

Bedoui, Mouna, Bouallegue, Belgacem, Hamdi, Belgacem, Machhout, Mohsen.  2019.  An Efficient Fault Detection Method for Elliptic Curve Scalar Multiplication Montgomery Algorithm. 2019 IEEE International Conference on Design Test of Integrated Micro Nano-Systems (DTS). :1—5.

Elliptical curve cryptography (ECC) is being used more and more in public key cryptosystems. Its main advantage is that, at a given security level, key sizes are much smaller compared to classical asymmetric cryptosystems like RSA. Smaller keys imply less power consumption, less cryptographic computation and require less memory. Besides performance, security is another major problem in embedded devices. Cryptosystems, like ECC, that are considered mathematically secure, are not necessarily considered safe when implemented in practice. An attacker can monitor these interactions in order to mount attacks called fault attacks. A number of countermeasures have been developed to protect Montgomery Scalar Multiplication algorithm against fault attacks. In this work, we proposed an efficient countermeasure premised on duplication scheme and the scrambling technique for Montgomery Scalar Multiplication algorithm against fault attacks. Our approach is simple and easy to hardware implementation. In addition, we perform injection-based error simulations and demonstrate that the error coverage is about 99.996%.

2020-06-19
Baras, John S., Liu, Xiangyang.  2019.  Trust is the Cure to Distributed Consensus with Adversaries. 2019 27th Mediterranean Conference on Control and Automation (MED). :195—202.

Distributed consensus is a prototypical distributed optimization and decision making problem in social, economic and engineering networked systems. In collaborative applications investigating the effects of adversaries is a critical problem. In this paper we investigate distributed consensus problems in the presence of adversaries. We combine key ideas from distributed consensus in computer science on one hand and in control systems on the other. The main idea is to detect Byzantine adversaries in a network of collaborating agents who have as goal reaching consensus, and exclude them from the consensus process and dynamics. We describe a novel trust-aware consensus algorithm that integrates the trust evaluation mechanism into the distributed consensus algorithm and propose various local decision rules based on local evidence. To further enhance the robustness of trust evaluation itself, we also introduce a trust propagation scheme in order to take into account evidences of other nodes in the network. The resulting algorithm is flexible and extensible, and can incorporate more complex designs of decision rules and trust models. To demonstrate the power of our trust-aware algorithm, we provide new theoretical security performance results in terms of miss detection and false alarm rates for regular and general trust graphs. We demonstrate through simulations that the new trust-aware consensus algorithm can effectively detect Byzantine adversaries and can exclude them from consensus iterations even in sparse networks with connectivity less than 2f+1, where f is the number of adversaries.

2020-06-15
Kipchuk, Feodosiy, Sokolov, Volodymyr, Buriachok, Volodymyr, Kuzmenko, Lidia.  2019.  Investigation of Availability of Wireless Access Points based on Embedded Systems. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S T). :1–5.
The paper presents the results of load testing of embedded hardware platforms for Internet of Things solutions. Analyzed the available hardware. The operating systems from different manufacturers were consolidated into a single classification, and for the two most popular, load testing was performed by an external and internal wireless network adapter. Developed its own software solution based on the Python programming language. The number of wireless subscribers ranged from 7 to 14. Experimental results will be useful in deploying wireless infrastructure for small commercial and scientific wireless networks.
Abbasi, Ali, Wetzels, Jos, Holz, Thorsten, Etalle, Sandro.  2019.  Challenges in Designing Exploit Mitigations for Deeply Embedded Systems. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :31–46.
Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.
2020-06-12
Latif, M. Kamran, Jacinto, H S., Daoud, Luka, Rafla, Nader.  2018.  Optimization of a Quantum-Secure Sponge-Based Hash Message Authentication Protocol. 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS). :984—987.

Hash message authentication is a fundamental building block of many networking security protocols such as SSL, TLS, FTP, and even HTTPS. The sponge-based SHA-3 hashing algorithm is the most recently developed hashing function as a result of a NIST competition to find a new hashing standard after SHA-1 and SHA-2 were found to have collisions, and thus were considered broken. We used Xilinx High-Level Synthesis to develop an optimized and pipelined version of the post-quantum-secure SHA-3 hash message authentication code (HMAC) which is capable of computing a HMAC every 280 clock-cycles with an overall throughput of 604 Mbps. We cover the general security of sponge functions in both a classical and quantum computing standpoint for hash functions, and offer a general architecture for HMAC computation when sponge functions are used.

Grochol, David, Sekanina, Lukas.  2018.  Fast Reconfigurable Hash Functions for Network Flow Hashing in FPGAs. 2018 NASA/ESA Conference on Adaptive Hardware and Systems (AHS). :257—263.

Efficient monitoring of high speed computer networks operating with a 100 Gigabit per second (Gbps) data throughput requires a suitable hardware acceleration of its key components. We present a platform capable of automated designing of hash functions suitable for network flow hashing. The platform employs a multi-objective linear genetic programming developed for the hash function design. We evolved high-quality hash functions and implemented them in a field programmable gate array (FPGA). Several evolved hash functions were combined together in order to form a new reconfigurable hash function. The proposed reconfigurable design significantly reduces the area on a chip while the maximum operation frequency remains very close to the fastest hash functions. Properties of evolved hash functions were compared with the state-of-the-art hash functions in terms of the quality of hashing, area and operation frequency in the FPGA.

2020-05-22
Desmoulins, Nicolas, Diop, Aïda, Rafflé, Yvan, Traoré, Jacques, Gratesac, Josselin.  2019.  Practical Anonymous Attestation-based Pseudonym Schemes for Vehicular Networks. 2019 IEEE Vehicular Networking Conference (VNC). :1—8.

Vehicular communication systems increase traffic efficiency and safety by allowing vehicles to share safety-related information and location-based services. Pseudonym schemes are the standard solutions providing driver/vehicle anonymity, whilst enforcing vehicle accountability in case of liability issues. State-of-the-art PKI-based pseudonym schemes present scalability issues, notably due to the centralized architecture of certificate-based solutions. The first Direct Anonymous Attestation (DAA)-based pseudonym scheme was introduced at VNC 2017, providing a decentralized approach to the pseudonym generation and update phases. The DAA-based construction leverages the properties of trusted computing, allowing vehicles to autonomously generate their own pseudonyms by using a (resource constrained) Trusted Hardware Module or Component (TC). This proposition however requires the TC to delegate part of the (heavy) pseudonym generation computations to the (more powerful) vehicle's On-Board Unit (OBU), introducing security and privacy issues in case the OBU becomes compromised. In this paper, we introduce a novel pseudonym scheme based on a variant of DAA, namely a pre-DAA-based pseudonym scheme. All secure computations in the pre-DAA pseudonym lifecycle are executed by the secure element, thus creating a secure enclave for pseudonym generation, update, and revocation. We instantiate vehicle-to-everything (V2X) with our pre-DAA solution, thus ensuring user anonymity and user-controlled traceability within the vehicular network. In addition, the pre-DAA-based construction transfers accountability from the vehicle to the user, thus complying with the many-to-many driver/vehicle relation. We demonstrate the efficiency of our solution with a prototype implementation on a standard Javacard (acting as a TC), showing that messages can be anonymously signed and verified in less than 50 ms.

2020-05-15
Wang, Jian, Guo, Shize, Chen, Zhe, Zhang, Tao.  2019.  A Benchmark Suite of Hardware Trojans for On-Chip Networks. IEEE Access. 7:102002—102009.
As recently studied, network-on-chip (NoC) suffers growing threats from hardware trojans (HTs), leading to performance degradation or information leakage when it provides communication service in many/multi-core systems. Therefore, defense techniques against NoC HTs experience rapid development in recent years. However, to the best of our knowledge, there are few standard benchmarks developed for the defense techniques evaluation. To address this issue, in this paper, we design a suite of benchmarks which involves multiple NoCs with different HTs, so that researchers can compare various HT defense methods fairly by making use of them. We first briefly introduce the features of target NoC and its infected modules in our benchmarks, and then, detail the design of our NoC HTs in a one-by-one manner. Finally, we evaluate our benchmarks through extensive simulations and report the circuit cost of NoC HTs in terms of area and power consumption, as well as their effects on NoC performance. Besides, comprehensive experiments, including functional testing and side channel analysis are performed to assess the stealthiness of our HTs.
J.Y.V., Manoj Kumar, Swain, Ayas Kanta, Kumar, Sudeendra, Sahoo, Sauvagya Ranjan, Mahapatra, Kamalakanta.  2018.  Run Time Mitigation of Performance Degradation Hardware Trojan Attacks in Network on Chip. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :738—743.
Globalization of semiconductor design and manufacturing has led to several hardware security issues. The problem of Hardware Trojans (HT) is one such security issue discussed widely in industry and academia. Adversary design engineer can insert the HT to leak confidential data, cause a denial of service attack or any other intention specific to the design. HT in cryptographic modules and processors are widely discussed. HT in Multi-Processor System on Chips (MPSoC) are also catastrophic, as most of the military applications use MPSoCs. Network on Chips (NoC) are standard communication infrastructure in modern day MPSoC. In this paper, we present a novel hardware Trojan which is capable of inducing performance degradation and denial of service attacks in a NoC. The presence of the Hardware Trojan in a NoC can compromise the crucial details of packets communicated through NoC. The proposed Trojan is triggered by a particular complex bit pattern from input messages and tries to mislead the packets away from the destined addresses. A mitigation method based on bit shuffling mechanism inside the router with a key directly extracted from input message is proposed to limit the adverse effects of the Trojan. The performance of a 4×4 NoC is evaluated under uniform traffic with the proposed Trojan and mitigation method. Simulation results show that the proposed mitigation scheme is useful in limiting the malicious effect of hardware Trojan.
Kornaros, Georgios, Tomoutzoglou, Othon, Coppola, Marcello.  2018.  Hardware-Assisted Security in Electronic Control Units: Secure Automotive Communications by Utilizing One-Time-Programmable Network on Chip and Firewalls. IEEE Micro. 38:63—74.
With emerging smart automotive technologies, vehicle-to-vehicle communications, and software-dominated enhancements for enjoyable driving and advanced driver assistance systems, the complexity of providing guarantees in terms of security, trust, and privacy in a modern cyber-enabled automotive system is significantly elevated. New threat models emerge that require efficient system-level countermeasures. This article introduces synergies between on- and off-chip networking techniques to ensure secure execution environments for electronic control units. The proposed mechanisms consist of hardware firewalling and on-chip network physical isolation, whose mechanisms are combined with system-wide cryptographic techniques in automotive controller area network (CAN)-bus communications to provide authentication and confidentiality.
Sepulveda, Johanna, Aboul-Hassan, Damian, Sigl, Georg, Becker, Bernd, Sauer, Matthias.  2018.  Towards the formal verification of security properties of a Network-on-Chip router. 2018 IEEE 23rd European Test Symposium (ETS). :1—6.
pubcrawl, Network on Chip Security, Scalability, resiliency, resilience, metrics, Vulnerabilities and design flaws in Network-on-Chip (NoC) routers can be exploited in order to spy, modify and constraint the sensitive communication inside the Multi-Processors Systems-on-Chip (MPSoCs). Although previous works address the NoC threat, finding secure and efficient solutions to verify the security is still a challenge. In this work, we propose for the first time a method to formally verify the correctness and the security properties of a NoC router in order to provide the proper communication functionality and to avoid NoC attacks. We present a generalized verification flow that proves a wide set of implementation-independent security-related properties to hold. We employ unbounded model checking techniques to account for the highly-sequential behaviour of the NoC systems. The evaluation results demonstrate the feasibility of our approach by presenting verification results of six different NoC routing architectures demonstrating the vulnerabilities of each design.
Daoud, Luka.  2018.  Secure Network-on-Chip Architectures for MPSoC: Overview and Challenges. 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS). :542—543.
Network-on-Chip (NOC) is the heart of data communication between processing cores in Multiprocessor-based Systems on Chip (MPSoC). Packets transferred via the NoC are exposed to snooping, which makes NoC-based systems vulnerable to security attacks. Additionally, Hardware Trojans (HTs) can be deployed in some of the NoC nodes to apply security threats of extracting sensitive information or degrading the system performance. In this paper, an overview of some security attacks in NoC-based systems and the countermeasure techniques giving prominence on malicious nodes are discussed. Work in progress for secure routing algorithms is also presented.
2020-05-04
Chen, Jianfeng, Liu, Jie, Sun, Zhi, Li, Chunlin, Hu, Chunhui.  2019.  An Intelligent Cyberspace Defense Architecture Based on Elastic Resource Infrastructure and Dynamic Container Orchestration. 2019 International Conference on Networking and Network Applications (NaNA). :235–240.

The borderless, dynamic, high dimensional and virtual natures of cyberspace have brought unprecedented hard situation for defenders. To fight uncertain challenges in versatile cyberspace, a security framework based on the cloud computing platform that facilitates containerization technology to create a security capability pool to generate and distribute security payload according to system needs. Composed by four subsystems of the security decision center, the image and container library, the decision rule base and the security event database, this framework distills structured knowledge from aggregated security events and then deliver security load to the managed network or terminal nodes directed by the decision center. By introducing such unified and standardized top-level security framework that is decomposable, combinable and configurable in a service-oriented manner, it could offer flexibility and effectiveness in reconstructing security resource allocation and usage to reach higher efficiency.

Whittington, Christopher, Cady, Edward, Ratchen, Daniel, Dawji, Yunus.  2018.  Re-envisioning digital architectures connecting CE hardware for security, reliability and low energy. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–6.
Exponential growth of data produced and consumed by consumer electronic systems will strain data connectivity technologies beyond the next ten years. A private universal data platform is therefore required to connect CE Hardware for improved security, reliability and energy use. A novel Push-Pull data network architecture is hereto presented, employing multiple bridged peripheral links to create an ultra-fast, ultra-secure, private and low power data network to connect nearly any system. Bridging standard USB 3.0 technologies, we demonstrate a universally secure, ultra-low power and scalable switchable data platform offering the highest level of data privacy, security and performance. Delivering up to 12 times the throughput speeds of existing USB 3.0 data transfer cables, the presented solution builds on the reliability of universal peripheral communications links using proven ports, protocols and low-power components. A “Software Constructed” ad-hoc circuit network, the presented digital architecture delivers frictionless adoption and exceptional price-performance measures connecting both existing and future CE hardware.