CHASE Survey on 6 Most Important Topics in Hardware Security



Similar documents
Hardware Trojans Detection Methods Julien FRANCQ

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Implementing Program Protection and Cybersecurity

PUF Physical Unclonable Functions

Side Channel Analysis and Embedded Systems Impact and Countermeasures

What is a Smart Card?

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Yaffs NAND Flash Failure Mitigation

M-Shield mobile security technology

Embedded Java & Secure Element for high security in IoT systems

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

Technical Brief Distributed Trusted Computing

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Software Hardware Binding with Quiddikey

Cisco Trust Anchor Technologies

A Framework for Secure and Verifiable Logging in Public Communication Networks

Cloud Computing. Benefits and Risks. Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

CryptoFirewall Technology Introduction

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Reviving smart card analysis

Jort Kollerie SonicWALL

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

On Security Evaluation Testing

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

Applied and Integrated Security. C. Eckert

The Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy

Vehicular On-board Security: EVITA Project

W ith an estimated 14 billion devices connected to

Practical Threat Intelligence. with Bromium LAVA

Longmai Mobile PKI Solution

NVM memory: A Critical Design Consideration for IoT Applications

Secure cloud access system using JAR ABSTRACT:

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

PFP Technology White Paper

BY STEVE BROWN, CADENCE DESIGN SYSTEMS AND MICHEL GENARD, VIRTUTECH

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

IT Networking and Security

UNCLASSIFIED Version 1.0 May 2012

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

Chapter 7 Information System Security and Control

CSE543 Computer and Network Security Module: Cloud Computing

USB Portable Storage Device: Security Problem Definition Summary

Cloud Security Overview

CONTENTS. PCI DSS Compliance Guide

Hardware and Security: Vulnerabilities and Solutions

WIND RIVER SECURE ANDROID CAPABILITY

Introduction to Information Security

Trusted Platforms for Homeland Security

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Wireless Sensor Networks Chapter 14: Security in WSNs

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

Security in ST : From Company to Products

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Introduction to Security

How To Manage Security On A Networked Computer System

IT Networking and Security

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

SENSE Security overview 2014

Local Heating Attacks on Flash Memory Devices. Dr Sergei Skorobogatov

Update On Smart Grid Cyber Security

Adversary Modelling 1

Biometrics and Cyber Security

Chapter 1: Introduction

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Developing Secure Software in the Age of Advanced Persistent Threats

Cisco Advanced Services for Network Security

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

SECURE MOBILE APP DEVELOPMENT: DIFFERENCES FROM TRADITIONAL APPROACH

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

CompTIA Security+ (Exam SY0-410)

Horst Görtz Institute for IT-Security

Full Drive Encryption Security Problem Definition - Encryption Engine

Security Issues in Cloud Computing

Extended Boundary Scan Test breaching the analog ban. Marcel Swinnen, teamleader test engineering

The Reduced Address Space (RAS) for Application Memory Authentication

Secure application programming in the presence of side channel attacks. Marc Witteman & Harko Robroch Riscure 04/09/08 Session Code: RR-203

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

Transcription:

University of Connecticut CHASE Survey on 6 Most Important Topics in Hardware Security Prepared By Prof. M. Tehranipoor Charles H. Knapp Associate Professor in Engineering Innovation

Topics! Counterfeit Electronic Components and Supply Chain! Hardware Security and Trust! Reliability! System Security! Standards! Emerging Threats All Rights Reserved 2

Distribution of Participants 35 30 25 20 15 10 5 0 Industry Government Academia All Rights Reserved 3

Counterfeit Electronic Components and Supply Chain Answer Choice Responses in % Responses in # Development of low-cost anti-counterfeiting techniques (Unique package and chip ID generation for all part types (analog and digital parts, small and large 61.70% 29 ICs, passive and active components) Development of low-cost counterfeit detection techniques (electrical test for FPGAs, microprocessors, and DSPs; Visual inspection including 3D optical imaging, THz, etc. for all components; Margin tests (Flash, DRAM, SRAM, Microprocessors, etc.) 59.57% 28 Counterfeit detection technology assessment (Define quantitative metrics for detection techniques; Collect and review historical test data and evaluate effectiveness of test techniques, sequences and test combinations; Tools and methodologies for identifying a minimum set of tests to be performed for maximum test confidence; metrics to measure effectiveness of test techniques) 48.94% 23 Working with policy makers to mitigate counterfeiting and improving supply chain security 44.68% 21 Using untrusted foundry and assembly for fabrication of trusted ICs 42.55% 20 Electronic component supply chain vulnerability analysis 40.43% 19 Risk-based analysis for counterfeit detection and prevention 38.30% 18 Design of reliable silicon physical unclonable functions (PUFs), research certifiable and erasable PUFs, Counterfeit-resistant key storage 36.17% 17 Investigating emerging technologies used by counterfeiters and development of new detection techniques 36.17% 17 Establish an adaptive approach to continuously monitor and validate the state of the art in counterfeit detection 34.04% 16 Electronic part (IC, PCB, and System) track & trace 23.40% 11 E-waste s impact on counterfeiting activities 12.77% 6 Benchmarking 4.26% 2 All Rights Reserved 4

Counterfeit Electronic Components and Supply Chain Development of low-cost anti-counterfeiting techniques (Unique package and chip ID generation for all part types (analog and digital parts, small Development of low-cost counterfeit detection techniques (electrical test for FPGAs, microprocessors, and DSPs; Visual inspection including 3D Counterfeit detection technology assessment (Define quantitative metrics for detection techniques; Collect and review historical test data Working with policy makers to mitigate counterfeiting and improving supply chain security Using untrusted foundry and assembly for fabrication of trusted ICs Electronic component supply chain vulnerability analysis Risk-based analysis for counterfeit detection and prevention Investigating emerging technologies used by counterfeiters and development of new detection techniques Design of reliable silicon physical unclonable functions (PUFs), research certifiable and erasable PUFs, Counterfeit-resistant key storage Establish an adaptive approach to continuously monitor and validate the state of the art in counterfeit detection Electronic part (IC, PCB, and System) track & trace E-waste s impact on counterfeiting activities Benchmarks 0% 10% 20% 30% 40% 50% 60% 70% All Rights Reserved 5

Hardware Security and Trust Answer Choice Responses in % Responses in # Hardware Trojan detection and prevention 65.96% 31 Circuit level vulnerability analysis against Trojan, probing attacks, and sidechannel attacks 44.68% 21 System-level risk and vulnerability analysis, Risk analysis considering hardware-software issues 44.68% 21 Reverse engineering and anti-reserve engineering 40.43% 19 Run-time security analysis, authentication, and verification 38.30% 18 Secure and reliable computing (Data integrity; Code protection and verification; Security of multi-core system: Secure human computer interface) 38.30% 18 Side-channel attack analysis and countermeasures 36.17% 17 Hardware security auditing 34.04% 16 Fault injection attack analysis and countermeasures 25.53% 12 Secure cryptographic hardware 25.53% 12 Hardware accelerators for secure computation (FHE, FE, encrypted DB) 19.15% 9 Hardware interface for managing the security of cloud storage (integrity, freshness, privacy, obfuscation of access patterns, access control policy) 17.02% 8 Hardware for verifying security properties (e.g., remote auditing, geolocation of data, network traffic patterns) 14.89% 7 Secure CAD tools 12.77% 6 True random number generator (TRNG) 8.51% 4 Benchmarking 8.51% 4 Probing and anti-probing 2.13% 1 All Rights Reserved 6

Hardware Security and Trust Hardware Trojan detection and prevention System-level risk and vulnerability analysis, Risk analysis considering hardware-software issues Circuit level vulnerability analysis against Trojan, probing attacks, and side-channel attacks Reverse engineering and anti-reserve engineering Secure and reliable computing (Data integrity; Code protection and verification; Security of multi-core system: Secure human computer Run-time security analysis, authentication, and verification Side-channel attack analysis and countermeasures Hardware security auditing Secure cryptographic hardware Fault injection attack analysis and countermeasures Hardware accelerators for secure computation (FHE, FE, encrypted DB) Hardware interface for managing the security of cloud storage (integrity, freshness, privacy, obfuscation of access patterns, access control Hardware for verifying security properties (e.g., remote auditing, geolocation of data, network traffic patterns) Secure CAD tools Benchmarking True random number generator (TRNG) Probing and anti-probing 0% 10% 20% 30% 40% 50% 60% 70% All Rights Reserved 7

Reliability Answer Choice Responses in % Responses in # System resiliency and self calibration (ABB and ASV) 75% 33 Performance degradation and analysis & efficient guardbanding 70.45% 31 In-field system repair 54.55% 24 Lifetime degradation analysis (MTTF) 47.73% 21 Soft-error mitigation 45.45% 20 Analyzing reliability challenges in lower technology nodes (TDDB, Electromigration, BTI, and HCI) 43.18% 19 Reliable storage that allows proofs of retrievability 34.09% 15 ESD analysis and protection 31.82% 14 All Rights Reserved 8

Reliability System resiliency and self calibration (ABB and ASV) Performance degradation and analysis & efficient guardbanding In-field system repair Lifetime degradation analysis (MTTF) Soft-error mitigation Analyzing reliability challenges in lower technology nodes (TDDB, Electromigration, BTI, and HCI) Reliable storage that allows proofs of retrievability ESD analysis and protection 0% 20% 40% 60% 80% All Rights Reserved 9

System Security Answer Choice Responses in % Responses in # Detection and isolation of hardware subversion and tampering 95.74% 45 Avoidance of system-level reverse engineering and IP piracy 70.21% 33 Securing memory technology and preventing encryption keys being stolen 55.32% 26 Avoiding side channel information leakage 53.19% 25 Securing information transmission between systems 31.91% 15 Enhancing system stability and fault tolerance in harsh environments 29.79% 14 Development of user-controlled mechanisms for balancing security properties 29.79% 14 Secure JTAG 27.66% 13 Data center security 27.66% 13 Development of a key management mechanism based on game theoretic insights that discourages adversarial play 19.15% 9 All Rights Reserved 10

System Security Detection and isolation of hardware subversion and tampering Avoidance of system-level reverse engineering and IP piracy Securing memory technology and preventing encryption keys being stolen Avoiding side channel information leakage Securing information transmission between systems Development of user-controlled mechanisms for balancing security properties Enhancing system stability and fault tolerance in harsh environments Data center security Secure JTAG Development of a key management mechanism based on game theoretic insights that discourages adversarial play 0% 20% 40% 60% 80% 100% 120% All Rights Reserved 11

Standard Development Answer Choice Responses in % Responses in # Development of standard tests or design methods to detect or prevent IC tampering. (Hardware Trojans; Reverse engineering; Side-channel attack; Probing) 81.82% 36 Development of Standard for counterfeit IC detection and avoidance.(technology readiness and cost analysis; Cost/benefit analysis for counterfeit detection using existing techniques; 65.91% 29 Hardware security auditing 61.36% 27 Development of standards for preventing ICs cloning. (Unique reliable chip ID; Active hardware; metering; Application of DNA marking/nano rods/nano particles) 59.09% 26 All Rights Reserved 12

Standard Development Development of standard tests or design methods to detect or prevent IC tampering. (Hardware Trojans; Reverse engineering; Side-channel attack; Probing) Development of Standard for counterfeit IC detection and avoidance.(technology readiness and cost analysis; Cost/ benefit analysis for counterfeit detection using existing techniques; Hardware security auditing Development of standards for preventing ICs cloning. (Unique reliable chip ID; Active hardware; metering; Application of DNA marking/nano rods/nano particles) 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% All Rights Reserved 13

Emerging Threats Answer Choice Responses in % Responses in # Monitoring trends in counterfeiting 57.78% 26 Mobile devices security 57.78% 26 New counterfeit types 51.11% 23 Automotive security 37.78% 17 Introducing new attack vectors 35.56% 16 Attacks security features through machine learning 35.56% 16 New side-channel attacks (e.g. Cache) 31.11% 14 Attacking virtual rootkits 24.44% 11 Corrupting devices 15.56% 7 Back side imaging techniques without decapping 15.56% 7 Mutual Information analysis 13.33% 6 Flash memory bumping attack 13.33% 6 Silicon scanning attack 11.11% 5 Replay attack 8.89% 4 Template attack 6.67% 3 Optical emission analysis 6.67% 3 All Rights Reserved 14

Emerging Threats Mobile devices security Monitoring trends in counterfeiting New counterfeit types Automotive security Attacks security features through machine learning Introducing new attack vectors New side-channel attacks (e.g. Cache) Attacking virtual rootkits Back side imaging techniques without decapping Corrupting devices Flash memory bumping attack Mutual Information analysis Silicon scanning attack Replay attack Optical emission analysis Template attack 0% 10% 20% 30% 40% 50% 60% 70% All Rights Reserved 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information