Special Issue "Feature Papers in Hardware Security"

A special issue of Cryptography (ISSN 2410-387X). This special issue belongs to the section "Hardware Security".

Deadline for manuscript submissions: closed (30 April 2021).

Special Issue Editor

Prof. Dr. Jim Plusquellic
E-Mail Website
Guest Editor
Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA
Interests: hardware security and trust and design for manufacturability
Special Issues and Collections in MDPI journals

Special Issue Information

Dear Colleagues,

This is a Special Issue for high-quality papers by the editorial board members or those invited by the editorial office and the Editor-in-Chief.

Papers would be published, free of charge, in open access form after peer review.

We invite authors to submit research papers on topics related to hardware-based authentication, encryption and secure boot protocols for resource-constrained embedded systems, on novel side-channel analysis attacks and countermeasures, on PUFs for ICs and printed circuit boards (PCBs) capable of providing security, trust and detection of tamper, on hardware Trojan attacks, analysis, detection methods and countermeasures, on supply-chain authentication and hardware assurance methods, on hardware-based security and trust primitives for RFID (Radio-frequency identification), IoT, autonomous vehicle, embedded medical, and industrial control, communication and other types of critical infrastructures, and on reverse engineering techniques and countermeasures to protect ICs and IPs through obfuscation and active metering schemes.

Prof. Dr. Jim Plusquellic
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Cryptography is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (13 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Other

Article
SimpliFI: Hardware Simulation of Embedded Software Fault Attacks
Cryptography 2021, 5(2), 15; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020015 - 07 Jun 2021
Viewed by 1016
Abstract
Fault injection simulation on embedded software is typically captured using a high-level fault model that expresses fault behavior in terms of programmer-observable quantities. These fault models hide the true sensitivity of the underlying processor hardware to fault injection, and they are unable to [...] Read more.
Fault injection simulation on embedded software is typically captured using a high-level fault model that expresses fault behavior in terms of programmer-observable quantities. These fault models hide the true sensitivity of the underlying processor hardware to fault injection, and they are unable to correctly capture fault effects in the programmer-invisible part of the processor microarchitecture. We present SimpliFI, a simulation methodology to test fault attacks on embedded software using a hardware simulation of the processor running the software. We explain the purpose and advantage of SimpliFI, describe automation of the simulation framework, and apply SimpliFI on a BRISC-V embedded processor running an AES application. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
CONFISCA: An SIMD-Based Concurrent FI and SCA Countermeasure with Switchable Performance and Security Modes
Cryptography 2021, 5(2), 13; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020013 - 06 May 2021
Viewed by 790
Abstract
CONFISCA is the first generic SIMD-based software countermeasure that can concurrently resist against Side-Channel Attack (SCA) and Fault Injection (FI). Its promising strength is presented in a PRESENT cipher case study and compared to software-based Dual-rail with Pre-charge Logic concurrent countermeasure. It has [...] Read more.
CONFISCA is the first generic SIMD-based software countermeasure that can concurrently resist against Side-Channel Attack (SCA) and Fault Injection (FI). Its promising strength is presented in a PRESENT cipher case study and compared to software-based Dual-rail with Pre-charge Logic concurrent countermeasure. It has lower overhead, wider usability, and higher protection. Its protection has been compared using Correlation Power Analysis, Welch’s T-Test, Signal-to-Noise Ratio and Normalized Inter-Class Variance testing methods. CONFISCA can on-the-fly switch between its two modes of operation: The High-Performance and High-Security by having only one instance of the cipher. This gives us the flexibility to trade performance/energy with security, based on the actual critical needs. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Grid Cyber-Security Strategy in an Attacker-Defender Model
Cryptography 2021, 5(2), 12; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020012 - 02 Apr 2021
Viewed by 1068
Abstract
The progression of cyber-attacks on the cyber-physical system is analyzed by the Probabilistic, Learning Attacker, and Dynamic Defender (PLADD) model. Although our research does apply to all cyber-physical systems, we focus on power grid infrastructure. The PLADD model evaluates the effectiveness of moving [...] Read more.
The progression of cyber-attacks on the cyber-physical system is analyzed by the Probabilistic, Learning Attacker, and Dynamic Defender (PLADD) model. Although our research does apply to all cyber-physical systems, we focus on power grid infrastructure. The PLADD model evaluates the effectiveness of moving target defense (MTD) techniques. We consider the power grid attack scenarios in the AND configurations and OR configurations. In addition, we consider, for the first time ever, power grid attack scenarios involving both AND configurations and OR configurations simultaneously. Cyber-security managers can use the strategy introduced in this manuscript to optimize their defense strategies. Specifically, our research provides insight into when to reset access controls (such as passwords, internet protocol addresses, and session keys), to minimize the probability of a successful attack. Our mathematical proof for the OR configuration of multiple PLADD games shows that it is best if all access controls are reset simultaneously. For the AND configuration, our mathematical proof shows that it is best (in terms of minimizing the attacker′s average probability of success) that the resets are equally spaced apart. We introduce a novel concept called hierarchical parallel PLADD system to cover additional attack scenarios that require combinations of AND and OR configurations. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Why Is Deep Learning Challenging for Printed Circuit Board (PCB) Component Recognition and How Can We Address It?
Cryptography 2021, 5(1), 9; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5010009 - 01 Mar 2021
Cited by 1 | Viewed by 1790
Abstract
In this paper, we present the need for specialized artificial intelligence (AI) for counterfeit and defect detection of PCB components. Popular computer vision object detection techniques are not sufficient for such dense, low inter-class/high intra-class variation, and limited-data hardware assurance scenarios in which [...] Read more.
In this paper, we present the need for specialized artificial intelligence (AI) for counterfeit and defect detection of PCB components. Popular computer vision object detection techniques are not sufficient for such dense, low inter-class/high intra-class variation, and limited-data hardware assurance scenarios in which accuracy is paramount. Hence, we explored the limitations of existing object detection methodologies, such as region based convolutional neural networks (RCNNs) and single shot detectors (SSDs), and compared them with our proposed method, the electronic component localization and detection network (ECLAD-Net). The results indicate that, of the compared methods, ECLAD-Net demonstrated the highest performance, with a precision of 87.2% and a recall of 98.9%. Though ECLAD-Net demonstrated decent performance, there is still much progress and collaboration needed from the hardware assurance, computer vision, and deep learning communities for automated, accurate, and scalable PCB assurance. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach
Cryptography 2020, 4(4), 30; https://doi.org/10.3390/cryptography4040030 - 31 Oct 2020
Cited by 3 | Viewed by 1533
Abstract
Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded [...] Read more.
Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded devices, thereby increasing the threat surface significantly. Consequently, with the knowledge of such advanced attacks, we performed a ground-up white-box analysis of the crypto IC to root-cause the source of the electromagnetic (EM) side-channel leakage. Equipped with the understanding that the higher-level metals significantly contribute to the EM leakage, we present STELLAR, which proposes to route the crypto core within the lower metals and then embed it within a current-domain signature attenuation (CDSA) hardware to ensure that the critical correlated signature gets suppressed before it reaches the top-level metal layers. CDSA-AES256 with local lower metal routing was fabricated in a TSMC 65 nm process and evaluated against different profiled and non-profiled attacks, showing protection beyond 1B encryptions, compared to ∼10K for the unprotected AES. Overall, the presented countermeasure achieved a 100× improvement over the state-of-the-art countermeasures available, with comparable power/area overheads and without any performance degradation. Moreover, it is a generic countermeasure and can be used to protect any crypto cores while preserving the legacy of the existing implementations. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Secure Boot for Reconfigurable Architectures
Cryptography 2020, 4(4), 26; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040026 - 25 Sep 2020
Viewed by 1504
Abstract
Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on [...] Read more.
Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements a secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Securing Additive Manufacturing with Blockchains and Distributed Physically Unclonable Functions
Cryptography 2020, 4(2), 17; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4020017 - 18 Jun 2020
Cited by 1 | Viewed by 2073
Abstract
Blockchain technology is a game-changing, enhancing security for the supply chain of smart additive manufacturing. Blockchain enables the tracking and recording of the history of each transaction in a ledger stored in the cloud that cannot be altered, and when blockchain is combined [...] Read more.
Blockchain technology is a game-changing, enhancing security for the supply chain of smart additive manufacturing. Blockchain enables the tracking and recording of the history of each transaction in a ledger stored in the cloud that cannot be altered, and when blockchain is combined with digital signatures, it verifies the identity of the participants with its non-repudiation capabilities. One of the weaknesses of blockchain is the difficulty of preventing malicious participants from gaining access to public–private key pairs. Groups of opponents often interact freely with the network, and this is a security concern when cloud-based methods manage the key pairs. Therefore, we are proposing end-to-end security schemes by both inserting tamper-resistant devices in the hardware of the peripheral devices and using ternary cryptography. The tamper-resistant devices, which are designed with nanomaterials, act as Physical Unclonable Functions to generate secret cryptographic keys. One-time use public–private key pairs are generated for each transaction. In addition, the cryptographic scheme incorporates a third logic state to mitigate man-in-the-middle attacks. The generation of these public–private key pairs is compatible with post quantum cryptography. The third scheme we are proposing is the use of noise injection techniques used with high-performance computing to increase the security of the system. We present prototypes to demonstrate the feasibility of these schemes and to quantify the relevant parameters. We conclude by presenting the value of blockchains to secure the logistics of additive manufacturing operations. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Side-Channel Power Resistance for Encryption Algorithms Using Implementation Diversity
Cryptography 2020, 4(2), 13; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4020013 - 10 Apr 2020
Cited by 2 | Viewed by 2867
Abstract
This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel [...] Read more.
This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel power resistance for encryption algorithms using DPR, or SPREAD. SPREAD is designed to reduce cryptographic key related signal correlations in power supply transients by changing components of the hardware implementation on-the-fly using DPR. Replicated primitives within the advanced encryption standard (AES) algorithm, in particular, the substitution-box (SBOX)s, are synthesized to multiple and distinct gate-level implementations. The different implementations change the delay characteristics of the SBOXs, reducing correlations in the power traces, which, in turn, increases the difficulty of side-channel attacks. The effectiveness of the proposed countermeasures depends greatly on this principle; therefore, the focus of this paper is on the evaluation of implementation diversity techniques. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
NotchPUF: Printed Circuit Board PUF Based on Microstrip Notch Filter
Cryptography 2020, 4(2), 11; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4020011 - 04 Apr 2020
Cited by 1 | Viewed by 2404
Abstract
Physical Unclonable Functions (PUFs) are primitives that are designed to leverage naturally occurring variations to produce a random bitstring. Current PUF designs are typically implemented in silicon or utilize variations found in commercial off-the-shelf (COTS) parts. Because of this, existing designs are insufficient [...] Read more.
Physical Unclonable Functions (PUFs) are primitives that are designed to leverage naturally occurring variations to produce a random bitstring. Current PUF designs are typically implemented in silicon or utilize variations found in commercial off-the-shelf (COTS) parts. Because of this, existing designs are insufficient for the authentication of Printed Circuit Boards (PCBs). In this paper, we propose a novel PUF design that leverages board variations in a manufactured PCB to generate unique and stable IDs for each PCB. In particular, a single copper trace is used as a source of randomness for bitstring generation. The trace connects three notch filter structures in series, each of which is designed to reject specific but separate frequencies. The bitstrings generated using data measured from a set of PCBs are analyzed using statistical tests to illustrate that high levels of uniqueness and randomness are achievable. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications
Cryptography 2020, 4(1), 8; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4010008 - 08 Mar 2020
Cited by 1 | Viewed by 2952
Abstract
The edge devices connected to the Internet of Things (IoT) infrastructures are increasingly susceptible to piracy. These pirated edge devices pose a serious threat to security, as an adversary can get access to the private network through these non-authentic devices. It is necessary [...] Read more.
The edge devices connected to the Internet of Things (IoT) infrastructures are increasingly susceptible to piracy. These pirated edge devices pose a serious threat to security, as an adversary can get access to the private network through these non-authentic devices. It is necessary to authenticate an edge device over an unsecured channel to safeguard the network from being infiltrated through these fake devices. The implementation of security features demands extensive computational power and a large hardware/software overhead, both of which are difficult to satisfy because of inherent resource limitation in the IoT edge devices. This paper presents a low-cost authentication protocol for IoT edge devices that exploits power-up states of built-in SRAM for device fingerprint generations. Unclonable ID generated from the on-chip SRAM could be unreliable, and to circumvent this issue, we propose a novel ID matching scheme that alleviates the need for enhancing the reliability of the IDs generated from on-chip SRAMs. Security and different attack analysis show that the probability of impersonating an edge device by an adversary is insignificant. The protocol is implemented using a commercial microcontroller, which requires a small code overhead. However, no modification of device hardware is necessary. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
Physical Security for Fleet Management Systems
Cryptography 2020, 4(1), 1; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4010001 - 31 Dec 2019
Cited by 1 | Viewed by 3732
Abstract
Fleet Management (FM) deals with the management of transport, distribution, and logistics of national and international goods exchange, in which many operators worldwide are involved. Fleet management involves many security-relevant participating entities, such as vehicles, FM mobile clients, smart trackers with goods, drivers, [...] Read more.
Fleet Management (FM) deals with the management of transport, distribution, and logistics of national and international goods exchange, in which many operators worldwide are involved. Fleet management involves many security-relevant participating entities, such as vehicles, FM mobile clients, smart trackers with goods, drivers, etc. Existing automated fleet management systems are basically vulnerable to physical replacement attacks when managed by mass-produced electronic identities. Analog Physical Unclonable Functions (PUFs) failed to serve as unclonable electronic identities due to being costly, unstable and inefficient for such mass-usage. We propose in this paper to deploy the Secret Unknown Ciphers (SUCs) techniques introduced a decade ago as digital low-cost clone-resistant identities to be embedded in selected participating electronic Fleet Management System (FMS) units. SUCs, as stable self-created digital modules to be embedded in future smart non-volatile (NV)-FPGA devices, are expected to cover all emerging FMS physical security requirements. Such information-retaining units (when switched-off) are emerging to become widely used as ultra-low-power mass-products in automotive environment. We propose a new FMS security architecture based on embedding SUC modules in each security-relevant entity in the FMS such as vehicles, mobile clients, smart trackers and goods. This paper investigates the expected technical impacts when using SUCs technology as physical security anchors in a standard FMS configuration. Several SUC-related generic security protocols adapted to the FM environment show how to securely-link tracing of goods, tracks routing, and personnel in such FM system. It is also shown how to combine other biometric fingerprints to simplify personal liability and enhance the security management in such globally-operating automated procedures. The presented security analysis of the resulting FMS shows that the major security concerns in existing FMSs can be resolved. One major advantage of SUC technique, is that device-manufacturers can be largely-excluded as security players. The FPGA technology required for the SUC solution is currently not available and is thought for future use. The concept is ultimately applicable if the future electronic mass products would deploy self-reconfiguring non-volatile (flash-based) System on Chip smart units. Such units are expected to dominate future Internet of Things (IoT) ultra-low-energy applications, as power-off does not lose any information. The proposed SUC strategy is highly flexible, scalable, and applicable to cover a large class of globally operating protection mechanisms similar to those of the addressed FMS scenarios. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Article
New Mathblocks-Based Feistel-Like Ciphers for Creating Clone-Resistant FPGA Devices
Cryptography 2019, 3(4), 28; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography3040028 - 17 Dec 2019
Cited by 2 | Viewed by 2850
Abstract
The Secret Unknown Cipher (SUC) concept was introduced a decade ago as a promising technique for creating pure digital clone-resistant electronic units as alternatives to the traditional non-consistent Physical Unclonable Functions (PUFs). In this work, a very special unconventional cipher design is presented. [...] Read more.
The Secret Unknown Cipher (SUC) concept was introduced a decade ago as a promising technique for creating pure digital clone-resistant electronic units as alternatives to the traditional non-consistent Physical Unclonable Functions (PUFs). In this work, a very special unconventional cipher design is presented. The design uses hard-core FPGA (Field Programmable Gate Arrays) -Mathblocks available in modern system-on-chip (SoC) FPGAs. Such Mathblocks are often not completely used in many FPGA applications; therefore, it seems wise to make use of such dead (unused) modules to fabricate usable physical security functions for free. Standard cipher designs usually avoid deploying multipliers in the cipher mapping functions due to their high complexity. The main target of this work is to design large cipher classes (e.g., cipher class size >2600) by mainly deploying the FPGA specific mathematical cores. The proposed cipher designs are novel hardware-oriented and new in the public literature, using fully new unusual mapping functions. If a random unknown selection of one cipher out of 2600 ciphers is self-configured in a device, then a Secret Unknown Cipher module is created within a device, making it physically hard to clone. We consider the cipher module for free (for zero cost) if the major elements in the cipher module are making use of unused reanimated Mathblocks. Such ciphers are usable in many future mass products for protecting vehicular units against cloning and modeling attacks. The required self-reconfigurable devices for that concept are not available now; however, they are expected to emerge in the near future. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Other

Jump to: Research

Case Report
On the Design and Analysis of a Biometric Authentication System Using Keystroke Dynamics
Cryptography 2020, 4(2), 12; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4020012 - 07 Apr 2020
Viewed by 2275
Abstract
This paper proposes a portable hardware token for user’s authentication; it is based on the use of keystroke dynamics to verify users biometrically. The proposed approach allows for a multifactor authentication scheme, in which a user cannot be granted access unless they provide [...] Read more.
This paper proposes a portable hardware token for user’s authentication; it is based on the use of keystroke dynamics to verify users biometrically. The proposed approach allows for a multifactor authentication scheme, in which a user cannot be granted access unless they provide a correct password on a hardware token and their biometric signature. The latter is extracted while the user is typing their password. This paper explains the design rationale of the proposed system and provides a comprehensive insight in the development of a hardware prototype of the same. The paper also presents a feasibility study that included a systematic analysis based on training data obtained from 32 users. Our results show that dynamic keystroke can be employed to construct a cost-efficient solution for biometric user authentication with an average error rate of 4.5%. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security)
Show Figures

Figure 1

Back to TopTop