Unified Security Framework using Device-Specific Fingerprint: Mitigating Hardware Trojans and Authenticating Firmware Updates

Hemavathy S., Kokila J., Kanchana Bhaaskaran V.S.

Edge computing has become quintessential in commercial, healthcare, and industrial applications. It enables real-time data processing at the edge device, thus reducing the data traffic to the cloud and increasing the processing time efficiency. As an edge device, modern System-on-Chips (SoCs) provide scalability, security, and development in an integrated platform. Intellectual Property (IP) core reuse is a boon in SoCs that bridges the gap between integrated circuit design and fabrication. Such edge devices modeled by vendors are bound to ensure high security to avoid piracy. The proposed architecture provides a two-step authentication utilizing a Finite State Machine (FSM) with a secured key obtained from the newly structured Physical Unclonable Function (PUF) within the same edge device, with the primary goal of verifying several heterogeneous IPs to achieve the least power and energy. Two PUF designs, Anderson Arbiter PUF (AA-PUF) and Balanced AA-PUF, have been proposed for two different placements taking advantage of SoC-based architecture. The PUF characteristics have been experimentally validated with and without majority voting and demonstrate their proximity close to the desired value in ZedBoard. The proposed design is a strong PUF with less than 15% area overhead and power dissipation of 1.982 W for a 64-bit response. The experimental validation has evaluated that the power and energy consumptions are 2.56 W and 2.17 J for 52 heterogeneous IPs.

Ayar A.G., Sahruri A., Aygun S., Moghadam M.S., Najafi M.H., Margala M.

Seifelnasr M., AlTawy R., Youssef A.

Lee S., Safkhani M., Le Q., Ahmed O.H., Hosseinzadeh M., Rahmani A.M., Bagheri N.

AbstractPhysical Unclonable Functions (PUFs) are widely used in cryptographic authentication and key-agreement protocols due to their unique physical properties. This article presents a comprehensive cryptanalysis of two recently developed authentication protocols, namely PLAKE and EV-PUF, both relying on PUFs. Our analysis reveals significant vulnerabilities in these protocols, including susceptibility to impersonation and key leakage attacks, which pose serious threats to the security of the underlying systems. In the case of PLAKE, we propose an attack that can extract the shared secret key with negligible complexity by eavesdropping on consecutive protocol sessions. Similarly, we demonstrate an efficient attack against EV-PUF that enables the determination of the shared key between specific entities. Furthermore, we highlight the potential for a single compromised client in the EV-PUF protocol to compromise the security of the entire network, leaving it vulnerable to pandemic attacks. These findings underscore the critical importance of careful design and rigorous evaluation when developing PUF-based authentication protocols. To address the identified vulnerabilities, we present an improved PUF-based authentication protocol that ensures robust security against all the attacks described in the context of PLAKE and EV-PUF. Through this research, we contribute to the field by exposing vulnerabilities in existing PUF-based authentication protocols and offering an improved protocol that enhances security and safeguards against various attack vectors. This work serves as a valuable reference for researchers and practitioners involved in the design and implementation of secure authentication schemes for IoT systems and dynamic charging systems for electric vehicles.

Kaveh M., Mosavi M.R., Martín D., Aghapour S.

Security has become a main concern for the smart grid to move from research and development to industry. Central to this security paradigm is the concept of resistance to threats, whether emanating from an active adversary seeking to disrupt operations or a passive entity covertly intercepting sensitive data. In this dynamic landscape, smart meters (SMs) stand as the sentinels at the edge of the grid, silently gathering and transmitting invaluable data. Yet, this very placement often leaves them vulnerable in unprotected areas, underscoring the paramount importance of physical security in the smart grid. It is here that Physical Unclonable Functions (PUFs) have emerged as a formidable ally. These unique constructs serve as guardians of physical security, leveraging the inherent unpredictability of manufacturing processes to create cryptographic keys. PUFs, however, are not without their own conundrums, primarily in the realm of reliability. This challenge has prevented their widespread integration into cryptographic applications. Fuzzy extractors have been considered as a solution to solve the reliability problem of PUFs, albeit at the cost of imposing significant computational burdens. To that end, we first propose an on-chip-error-correcting (OCEC) PUF that efficiently generates stable digits for the authentication process. Afterward, we introduce a lightweight authentication protocol between the SMs and neighborhood gateway (NG) based on the proposed PUF. The provable security analysis shows that not only the proposed protocol can stand secure in the Canetti–Krawczyk (CK) adversary model but also provides additional security features. Also, the performance evaluation demonstrates the significant improvement of the proposed scheme in comparison with the state-of-the-art.

Oriero E., Khalid F., Syed H.

Wu L., Su H., Zhang X., Tai Y., Li H., Hu W.

Loo T.L., Ishak M.K., Ammar K.

There are many well-known open-source bootloaders solutions available today such as UEFI/BIOS, Coreboot and Uboot. Recently, RISC-V as an open-source Instruction Set Architecture, has gained a lot of attention in new embedded products creation and academic research purpose. In this study, RISC-V Instruction Set Architecture boot flow and boot solutions are studied, simulated, experimented, and summarized. Security feature is implemented in firmware and measured against non-secured firmware to compare boot performance without security inclusion. A new proposed method to create a security block in Register Transfer Level to generate Secure Hash Algorithms 5 digest is implemented using Field Programmable Gate Array. The performance of this method is analyzed with the numbers of logic gate required and the execution time in software versus hardware. As a result of this study, it is observed that in simulated environment, secured firmware incurred 3.3 Megabytes of additional binary size and 747 ms (35%) additional boot time compared to non-secured firmware. A hardware implementation is proposed in Field Programmable Gate Array (FPGA) to reduce the need for a larger size firmware and longer boot time to implement security. The results of this implementation indicate a requirement of 32,048 gates to implement a SHA512 IP that reduce software execution time by 1132%.

Park J., Sim J.

Hemavathy S., Bhaaskaran V.S.

Chen Z., Cheng Z., Luo W., Ao J., Liu Y., Sheng K., Chen L.

With the rapid development of 5G mobile communication technology and the continuous expansion of the scale of the Internet of Things (IoT) industry, the number of IoT devices has grown exponentially. IoT devices have uneven security guarantees due to different application scenarios, which brings great security threats to the devices themselves and the IoT system. Especially with the physical threats of the device and firmware tampering, attackers can even make your home’s sweeping robot a spy by modifying the firmware. In view of these threats, this paper proposes a FSMFA: Firmware-Secure Multi-Factor Authentication protocol based on PUF (physical unclonable function) and device firmware integrity, which enhance the physical and software security of IoT devices while enhancing the security of IoT system. So as to realize mutual authentication and key negotiation between the device and the server. At the same time, in order to guarantee the safety of the whole life cycle of the device, we propose the challenge response pairs (CRPs) and firmware update scheme of the device. Finally, we use BAN logic and ProVerif to prove the security of authentication and update protocols. Compared with other similar protocols, the proposed protocol achieves better security and higher efficiency.

Chen K., Arias O., Guo X., Deng Q., Jin Y.

The complexity of modern system-on-chip (SoC) designs and the ever shortened time-to-market (TTM) makes the third-party Intellectual Property (3PIP) a cornerstone in the modern SoC supply chain. Various 3PIPs are involved in modern SoCs, performing functionality ranging from computation accelerating to sensitive data processing. The wide use of 3PIPs also raises security concerns, e.g., hardware Trojans inserted in 3PIPs may compromise the security of the whole system. While SoC integrators carefully evaluate the functionality of the acquired 3PIPs, there lack effective and low-cost solutions for third-party IP security validation in the SoC environment. Exacerbating the issue, Trojans may be located in multiple IPs and will only perform malicious tasks collaboratively. To address these limitations and to protect modern SoCs, we propose a runtime 3PIP Trojan detection framework. The new framework, named IP-Tag, is a tag-based structure to track the requests on SoC and enforce fine-grained access control in individual IPs. The proposed framework can detect and prevent illegal access and sensitive data leakage on IPs within the SoC environment. The proposed IP-Tag framework was demonstrated on a RISC-V based SoC and also implemented on an FPGA platform for security and performance analysis. Our experimental results show that the developed IP-Tag can detect and prevent illegal access and sensitive data leakage in SoC with malicious IPs. The hardware overhead is 7.9% LUTs and 7.8% Flip-Flops and a performance overhead is 2.2%.

Dai R., Yavuz T.

Due to the globalization of Integrated Circuit supply chain, hardware Trojans and the attacks that can trigger them have become an important security issue. One type of hardware Trojans leverages the “don’t care transitions” in Finite-state Machines (FSMs) of hardware designs. In this article, we present a symbolic approach to detecting don’t care transitions and the hidden Trojans. Our detection approach works at both register-transfer level (RTL) and gate level, does not require a golden design, and works in three stages. In the first stage, it explores the reachable states. In the second stage, it performs an approximate analysis to find the don’t care transitions and any discrepancies in the register values or output lines due to don’t care transitions. The second stage can be used for both predicting don’t care triggered Trojans and for guiding don’t care aware reachability analysis. In the third stage, it performs a state-space exploration from reachable states that have incoming don’t care transitions to explore the Trojan payload and to find behavioral discrepancies with respect to what has been observed in the first stage. We also present a pruning technique based on the reachability of FSM states. We present a methodology that leverages both RTL and gate-level for soundness and efficiency. Specifically, we show that don’t care transitions and Trojans that leverage them must be detected at the gate-level, i.e., after synthesis has been performed, for soundness. However, under specific conditions, Trojan payload exploration can be performed more efficiently at RTL. Additionally, the modular design of our approach also provides a fast Trojan prediction method even at the gate level when the reachable states of the FSM is known a priori . Evaluation of our approach on a set of benchmarks from OpenCores and TrustHub and using gate-level representation generated by two synthesis tools, YOSYS and Synopsis Design Compiler (SDC), shows that our approach is both efficient (up to 10× speedup w.r.t. no pruning) and precise (0% false positives both at RTL and gate-level netlist) in detecting don’t care transitions and the Trojans that leverage them. Additionally, the total analysis time can achieve up to 1.62× (using YOSYS) and 1.92× (using SDC) speedup when synthesis preserves the FSM structure, the foundry is trusted, and the Trojan detection is performed at RTL.

Wu L., Zhang X., Wang S., Hu W.

El Jaouhari S., Bouvet E.

The Internet of Things (IoT) market has shown strong growth in recent years, where many manufacturers of IoT devices and IoT-related service providers are competing. Time to market has become essential to be competitive. The faster a competitor develops and integrates his product, the more likely he is to dominate the market. This competition could lead to critical security issues due to the lack of testing or the short development time. Moreover, lots of IoT devices present some vulnerabilities that can be exploited by attackers. They are also constantly subject to Zero-days, which require quick intervention to maintain the security of the environments in which they are deployed in. For these purposes, the quick update of the firmware image of these IoT devices is an effective way to counter most of these attacks. This document starts by defining the firmware update mechanisms for IoT, and in particular the ones done Over-The-Air. Then presents a state-of-the-art of the currently proposed solutions, with the particularity of surveying from the literature, the standardization bodies and from some well-known industrial solutions. It also proposes a new classification of the different types of System on Chip (SoC) present in the marketed IoT devices together with an analysis of the different challenges and threats related to the OTA update. The objective is to open up the horizon for future research directions.