Visible to the public Biblio

Filters: Keyword is Consumer electronics  [Clear All Filters]
2021-03-04
Amadori, A., Michiels, W., Roelse, P..  2020.  Automating the BGE Attack on White-Box Implementations of AES with External Encodings. 2020 IEEE 10th International Conference on Consumer Electronics (ICCE-Berlin). :1—6.

Cloud-based payments, virtual car keys, and digital rights management are examples of consumer electronics applications that use secure software. White-box implementations of the Advanced Encryption Standard (AES) are important building blocks of secure software systems, and the attack of Billet, Gilbert, and Ech-Chatbi (BGE) is a well-known attack on such implementations. A drawback from the adversary’s or security tester’s perspective is that manual reverse engineering of the implementation is required before the BGE attack can be applied. This paper presents a method to automate the BGE attack on a class of white-box AES implementations with a specific type of external encoding. The new method was implemented and applied successfully to a CHES 2016 capture the flag challenge.

2021-02-08
Chesnokov, N. I., Korochentsev, D. A., Cherckesova, L. V., Safaryan, O. A., Chumakov, V. E., Pilipenko, I. A..  2020.  Software Development of Electronic Digital Signature Generation at Institution Electronic Document Circulation. 2020 IEEE East-West Design Test Symposium (EWDTS). :1–5.
the purpose of this paper is investigation of existing approaches to formation of electronic digital signatures, as well as the possibility of software developing for electronic signature generation at electronic document circulation of institution. The article considers and analyzes the existing algorithms for generating and processing electronic signatures. Authors propose the model for documented information exchanging in institution, including cryptographic module and secure key storage, blockchain storage of electronic signatures, central web-server and web-interface. Examples of the developed software are demonstrated, and recommendations are given for its implementation, integration and using in different institutions.
2020-11-09
Sengupta, A., Roy, D., Mohanty, S. P..  2019.  Low-Overhead Robust RTL Signature for DSP Core Protection: New Paradigm for Smart CE Design. 2019 IEEE International Conference on Consumer Electronics (ICCE). :1–6.
The design process of smart Consumer Electronics (CE) devices heavily relies on reusable Intellectual Property (IP) cores of Digital Signal Processor (DSP) and Multimedia Processor (MP). On the other hand, due to strict competition and rivalry between IP vendors, the problem of ownership conflict and IP piracy is surging. Therefore, to design a secured smart CE device, protection of DSP/MP IP core is essential. Embedding a robust IP owner's signature can protect an IP core from ownership abuse and forgery. This paper presents a covert signature embedding process for DSP/MP IP core at Register-transfer level (RTL). The secret marks of the signature are distributed over the entire design such that it provides higher robustness. For example for 8th order FIR filter, it incurs only between 6% and 3% area overhead for maximum and minimum size signature respectively compared to the non-signature FIR RTL design but with significantly enhanced security.
Rathor, M., Sengupta, A..  2019.  Enhanced Functional Obfuscation of DSP core using Flip-Flops and Combinational logic. 2019 IEEE 9th International Conference on Consumer Electronics (ICCE-Berlin). :1–5.
Due to globalization of Integrated Circuit (IC) design flow, Intellectual Property (IP) cores have increasingly become susceptible to various hardware threats such as Trojan insertion, piracy, overbuilding etc. An IP core can be secured against these threats using functional obfuscation based security mechanism. This paper presents a functional obfuscation of digital signal processing (DSP) core for consumer electronics systems using a novel IP core locking block (ILB) logic that leverages the structure of flip-flops and combinational circuits. These ILBs perform the locking of the functionality of a DSP design and actuate the correct functionality only on application of a valid key sequence. In existing approaches so far, executing exhaustive trials are sufficient to extract the valid keys from an obfuscated design. However, proposed work is capable of hindering the extraction of valid keys even on exhaustive trials, unless successfully applied in the first attempt only. In other words, the proposed work drastically reduces the probability of obtaining valid key of a functionally obfuscated design in exhaustive trials. Experimental results indicate that the proposed approach achieves higher security and lower design overhead than previous works.
2020-07-30
Sengupta, Anirban, Roy, Dipanjan.  2018.  Reusable intellectual property core protection for both buyer and seller. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1—3.
This paper presents a methodology for IP core protection of CE devices from both buyer's and seller's perspective. In the presented methodology, buyer fingerprint is embedded along seller watermark during architectural synthesis phase of IP core design. The buyer fingerprint is inserted during scheduling phase while seller watermark is implanted during register allocation phase of architectural synthesis process. The presented approach provides a robust mechanisms of IP core protection for both buyer and seller at zero area overhead, 1.1 % latency overhead and 0.95 % design cost overhead compared to a similar approach (that provides only protection to IP seller).
2020-07-20
Shi, Yang, Wang, Xiaoping, Fan, Hongfei.  2017.  Light-weight white-box encryption scheme with random padding for wearable consumer electronic devices. IEEE Transactions on Consumer Electronics. 63:44–52.
Wearable devices can be potentially captured or accessed in an unauthorized manner because of their physical nature. In such cases, they are in white-box attack contexts, where the adversary may have total visibility on the implementation of the built-in cryptosystem, with full control over its execution platform. Dealing with white-box attacks on wearable devices is undoubtedly a challenge. To serve as a countermeasure against threats in such contexts, we propose a lightweight encryption scheme to protect the confidentiality of data against white-box attacks. We constructed the scheme's encryption and decryption algorithms on a substitution-permutation network that consisted of random secret components. Moreover, the encryption algorithm uses random padding that does not need to be correctly decrypted as part of the input. This feature enables non-bijective linear transformations to be used in each encryption round to achieve strong security. The required storage for static data is relatively small and the algorithms perform well on various devices, which indicates that the proposed scheme satisfies the requirements of wearable computing in terms of limited memory and low computational power.
2020-05-04
Whittington, Christopher, Cady, Edward, Ratchen, Daniel, Dawji, Yunus.  2018.  Re-envisioning digital architectures connecting CE hardware for security, reliability and low energy. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–6.
Exponential growth of data produced and consumed by consumer electronic systems will strain data connectivity technologies beyond the next ten years. A private universal data platform is therefore required to connect CE Hardware for improved security, reliability and energy use. A novel Push-Pull data network architecture is hereto presented, employing multiple bridged peripheral links to create an ultra-fast, ultra-secure, private and low power data network to connect nearly any system. Bridging standard USB 3.0 technologies, we demonstrate a universally secure, ultra-low power and scalable switchable data platform offering the highest level of data privacy, security and performance. Delivering up to 12 times the throughput speeds of existing USB 3.0 data transfer cables, the presented solution builds on the reliability of universal peripheral communications links using proven ports, protocols and low-power components. A “Software Constructed” ad-hoc circuit network, the presented digital architecture delivers frictionless adoption and exceptional price-performance measures connecting both existing and future CE hardware.
2020-02-10
Odelu, Vanga.  2019.  An Efficient Two-Server Password-Only User Authentication for Consumer Electronic Devices. 2019 IEEE International Conference on Consumer Electronics (ICCE). :1–2.

We propose an efficient and secure two-server password-only remote user authentication protocol for consumer electronic devices, such as smartphones and laptops. Our protocol works on-top of any existing trust model, like Secure Sockets Layer protocol (SSL). The proposed protocol is secure against dictionary and impersonation attacks.

2018-12-03
Palmer, D., Fazzari, S., Wartenberg, S..  2017.  A virtual laboratory approach for risk assessment of aerospace electronics trust techniques. 2017 IEEE Aerospace Conference. :1–8.

This paper describes a novel aerospace electronic component risk assessment methodology and supporting virtual laboratory structure designed to augment existing supply chain management practices and aid in Microelectronics Trust Assurance. This toolkit and methodology applies structure to the unclear and evolving risk assessment problem, allowing quantification of key risks affecting both advanced and obsolete systems that rely on semiconductor technologies. The impacts of logistics & supply chain risk, technology & counterfeit risk, and faulty component risk on trusted and non-trusted procurement options are quantified. The benefits of component testing on part reliability are assessed and incorporated into counterfeit mitigation calculations. This toolkit and methodology seek to assist acquisition staff by providing actionable decision data regarding the increasing threat of counterfeit components by assessing the risks faced by systems, identifying mitigation strategies to reduce this risk, and resolving these risks through the optimal test and procurement path based on the component criticality risk tolerance of the program.

2018-05-01
Arafin, M. T., Stanley, A., Sharma, P..  2017.  Hardware-Based Anti-Counterfeiting Techniques for Safeguarding Supply Chain Integrity. 2017 IEEE International Symposium on Circuits and Systems (ISCAS). :1–4.
Counterfeit integrated circuits (ICs) and systems have emerged as a menace to the supply chain of electronic goods and products. Simple physical inspection for counterfeit detection, basic intellectual property (IP) laws, and simple protection measures are becoming ineffective against advanced reverse engineering and counterfeiting practices. As a result, hardware security-based techniques have emerged as promising solutions for combating counterfeiting, reverse engineering, and IP theft. However, these solutions have their own merits and shortcomings, and therefore, these options must be carefully studied. In this work, we present a comparative overview of available hardware security solutions to fight against IC counterfeiting. We provide a detailed comparison of the techniques in terms of integration effort, deployability, and security matrices that would assist a system designer to adopt any one of these security measures for safeguarding the product supply chain against counterfeiting and IP theft.
2017-04-20
Chaudhary, P., Gupta, B. B., Yamaguchi, S..  2016.  XSS detection with automatic view isolation on online social network. 2016 IEEE 5th Global Conference on Consumer Electronics. :1–5.

Online Social Networks (OSNs) are continuously suffering from the negative impact of Cross-Site Scripting (XSS) vulnerabilities. This paper describes a novel framework for mitigating XSS attack on OSN-based platforms. It is completely based on the request authentication and view isolation approach. It detects XSS attack through validating string value extracted from the vulnerable checkpoint present in the web page by implementing string examination algorithm with the help of XSS attack vector repository. Any similarity (i.e. string is not validated) indicates the presence of malicious code injected by the attacker and finally it removes the script code to mitigate XSS attack. To assess the defending ability of our designed model, we have tested it on OSN-based web application i.e. Humhub. The experimental results revealed that our model discovers the XSS attack vectors with low false negatives and false positive rate tolerable performance overhead.