Internet of things (IoT) Security and Side-Channel Attacks

Dear Colleagues,

The proliferation of embedded systems in the expansion of Internet-of-things (IoT) to billions of connected devices has vastly widened the attack surface for adversaries targeting the theft of information and/or the malicious, sometimes destructive, control of such systems. The approach taken to secure secret information in IoT and other supervised systems is not adequate for embedded systems that are deployed to unsupervised, remote environments where attackers have physical access that allows profoundly more sophisticated attacks using probing equipment. Hardware exhibits a physical vulnerability called side-channel information leakage that exposes internal activity and information through power supplies and electromagnetic emissions, especially when the device is under control of an attacker.

Security vulnerabilities in software, embedded and hardware can attract several attackers to compromise the security systems such as home automation and security systems. Security vulnerabilities in hardware design and implementations are of major concerns as it can make all the devices manufactured vulnerable to attacks and have a large impact on economy and cannot be fixed with a patch or updates. Recent studies have shown many vulnerabilities in SoC implementations, including side-channel leakage, data leakage, access privilege acceleration attacks, and malware attacks.

Security and trust have become critically important, the IoT devices require a secure design flow that considers the side channel attacks and provide hardware implementations resilient to side channel vulnerabilities. The origin of these side-channels is fundamentally tied to the physical operation and characteristics of the switching transistors and routing within ICs. Therefore, a solution that securely hardens IoT devices without excessive cost should be designed into that same level and facilitated to all levels of abstraction including embedded and application layers tailored to modify the operating characteristics and protecting the interfaces to thwart the techniques of such adversaries. Authentication and encryption are heavily used for ensuring data integrity and privacy of communications between communicating devices. The security of the system depends on the key being securely stored and remaining private within the chip when encryption and decryption is taking place. Unfortunately, these assumptions are no longer valid, and adversaries can apply invasive and semi-invasive side-channel techniques, to extract information from chips that was traditionally considered private.

Considering the above challenges, the scope of this Special Issue of Cryptography: Internet of things (IoT) Security and Side-Channel Attacks calls for studying IoT security issues, including attacks and countermeasures at all levels of abstractions (including hardware, embedded, firmware and application security for IoTs) to protect the embedded devices against side channel attacks, which include the following but not limited to:

• Physical data extraction and countermeasures
• Power-side channel attacks and countermeasures
• Timing-side channel attacks and countermeasures
• Electromagnetic radiation attacks and countermeasures
• Fault-injection attack and countermeasures for IoTs
• Clock and power glitching attacks and countermeasures
• Hardware obfuscation techniques for IoTs
• Information flow tracking design integration in embedded devices
• Embedded devices and FPGA bitstream protection and vulnerabilities
• Automated physical assurance solutions for IoTs
• Firmware security for embedded devices
• Runtime security with designs resilient to side channel analysis
• Secure boot for the IoT devices
• Machine learning techniques for IoTs resilient to Side Channel Attacks

Dr. Fareena Saqib
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Cryptography is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.