Fareena Saqib - Academia.edu (original) (raw)

Papers by Fareena Saqib

2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

2019 IEEE CyberPELS (CyberPELS), 2019

In recent years, attacks against the power grid and the connected smart grid infrastructure have ... more In recent years, attacks against the power grid and the connected smart grid infrastructure have increased and have become a national security issue. The communication-based attacks include attacks with physical access to a network, as well as remote-networked attacks. The resource constrained end devices such as smart meters, power converters as well as third party appliances open additional opportunities for malicious actors. In this paper, we present a low overhead secure communication framework for the critical power infrastructure, which incorporates secure processors, such as Trusted Platform Modules to introduce secure communication in the end nodes. As a use case scenario, we demonstrate security framework for power converters.

Second iiScience International Conference 2021: Recent Advances in Photonics and Physical Sciences, 2021

Tracking the information flow to mitigate the potential vulnerabilities with localization and acc... more Tracking the information flow to mitigate the potential vulnerabilities with localization and accuracy has led to various IFT techniques with different levels of abstraction. However, each technique focusses on a particular level of granularity for information flow control which leads to limited access control or area overhead costs decreasing the precision logic of the system. This paper presents a novel approach providing both fine and coarse grain granularity by integrating Instruction level and Gate level IFT to track the data. The proposed approach translates from Instruction level to Gate level based on the user application and module instantiation.

2020 IEEE CyberPELS (CyberPELS), 2020

In power converter designs embedding security is essential to protect the device from physical an... more In power converter designs embedding security is essential to protect the device from physical and network attacks, and to provide secure communication between Distributed Energy Resources (DER) and power system operators. The communication-based cyber-attacks such as physical access to a network and remote networked attacks compromise the signals, reverse engineer and inject faults. The resource-constrained terminal devices such as smart meters, power converters as well as third party appliances open additional opportunities for malicious actors. In this work, we present a low overhead secure communication framework that incorporates processors, Trusted Platform Module (TPM) for communication in a grid-tied system. We propose a novel reconfigurable design of a power converter controller to establish secure communication for a grid-tied converter. An open-source Field Programmable Gate Array (FPGA) platform is used to develop the library functions necessary to perform power electronic controls. The FPGA works in conjunction with the integrated TPM to exchange command and feedback signals. Preliminary results of the operation of the controller with a 3-phase inverter feeding power to a resistive load are also presented.

2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2017

Recent documented remote hijacking attacks on vehicles have created a need for improving on-board... more Recent documented remote hijacking attacks on vehicles have created a need for improving on-board vehicular network security. Electronic Control Units (ECUs) in a vehicle are resource constrained devices that are connected using network standard such as Controller Area Network (CAN). In our work, we demonstrate threat models of CANBus, and propose a secure and trusted framework that implements lightweight hardware based authentication and secure key exchange for enhanced security over the insecure CANFD standard. The scheme integrates a hardware based code isolation using Trusted Execution Environment that further restricts the access to crypto IPs and resources at the time of device or network compromise. The paper discusses the overhead, performance and security analysis of our proposed framework.

SoutheastCon 2018, 2018

Electronic Control Units (ECUs) are enriched devices to control mechanical parts through communic... more Electronic Control Units (ECUs) are enriched devices to control mechanical parts through communication of control signals between them. Vehicles, like other internet of things, are vulnerable to device and network level attacks that are undeniably a safety concern. In this paper, we present a hardware-based framework with Trusted Platform Modules (TPM) enabled secure boot, traffic control for secure communication and mitigating Denial of Service (DoS) attacks by whitelisting, blacklisting and thresholding mechanism. Additionally, at the time of possible compromise, the proposed system provides self-perseverance constructs that are discussed with respect to architecture, implementation and security analysis.

2019 IEEE CyberPELS (CyberPELS), 2019

The Internet of Things (IoT) are paradigm shift transforming embedded objects into a smart connec... more The Internet of Things (IoT) are paradigm shift transforming embedded objects into a smart connected device, ready to sense, analyze and communicate information with other devices. Nowadays, IoT devices are widely used in smart home systems and smart grid systems at a high level of integration and automation. However, the increasing tendency of the smart device also leads to a problem of security. The recent exploitations of the connected smart devices' vulnerabilities reinforce the importance of security implementation and integration at the system level. In this work, we propose some use cases to show the vulnerability of the smart bulb to different attacks.

Journal of Hardware and Systems Security, 2021

Cryptogr., 2021

Direct Memory Access (DMA) is a state-of-the-art technique to optimize the speed of memory access... more Direct Memory Access (DMA) is a state-of-the-art technique to optimize the speed of memory access and to efficiently use processing power during data transfers between the main system and a peripheral device. However, this advanced feature opens security vulnerabilities of access compromise and to manipulate the main memory of the victim host machine. The paper outlines a lightweight process that creates resilience against DMA attacks minimal modification to the configuration of the DMA protocol. The proposed scheme performs device identification of the trusted PCIe devices that have DMA capabilities and constructs a database of profiling time to authenticate the trusted devices before they can access the system. The results show that the proposed scheme generates a unique identifier for trusted devices and authenticates the devices. Furthermore, a machine learning–based real-time authentication scheme is proposed that enables runtime authentication and share the results of the time...

IECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society, 2019

Integration of complex and high-speed electronic components in the state of art electric power sy... more Integration of complex and high-speed electronic components in the state of art electric power system enhances the need for improved security infrastructure and resilience against invasive and non-invasive attacks on the smart grid. A modern smart grid system integrates a variety of instruments and standards to achieve cost-effective and time-effective energy measurement and management. As the fundamental component in the smart grid, the smart meter supports real-time monitoring, automatic control, and high-speed communication along with power consumption recording. However, the wide use of smart meters also increases privacy and security concerns. In this paper, we demonstrate the vulnerability of side-channel attacks on secure communication in smart grids for software-based and hardware-based implementations.

2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS), 2017

In this paper, we propose hardware based secure and trusted communication over CAN bus in the int... more In this paper, we propose hardware based secure and trusted communication over CAN bus in the intra vehicle network connecting electronic Control Units (ECUs). CAN bus is an insecure communication channel, connecting resource constraint devices that have limited resources to devote for data security and real-time requirements to meet the safety critical design specifications. We propose a hardware based secure and trusted framework that implements lightweight PUF based mutual authentication and secure encryption over the insecure communication channel. The paper discusses the framework design and implementation details along with the resource utilization and performance analysis of the proposed system.

2021 IEEE International Midwest Symposium on Circuits and Systems (MWSCAS), 2021

With the rise of globalization, third party intellectual property 3PIP use in the system on chip ... more With the rise of globalization, third party intellectual property 3PIP use in the system on chip SoC and the horizontal business model of outsourcing the manufacturing and packaging processes has improved the design time, cost and adoption of newer sub-micron technologies. This however results in sharing the intellectual property with system integrators and the offshore foundries which has resulted in the new security vulnerabilities of the semiconductor supply chain. IP protection laws aren’t consistent across all countries, so companies need to protect their IP from untrustworthy foundries attempting to pirate their design.In this work we propose "AAFLE" (Automated Application for FPGA Logic Encryption), an automated application for IP developers to protect their design with an automated flow to lock the design using state of the art logic locking schemes. We will propose a secure hardware isolation mechanism that leverages ARM TrustZone to enable a secure key provisioning system. The system uses TOPPERS/SafeG, a dual-OS monitor, which allows a execution of two operating systems simultaneously, a non-trusted OS confined to the isolated hardware and a trusted OS with access to the entire SoC. The non-secure OS is a Linux kernel with an application that will ask users for the correct key in order to unlock the system. The secure OS is an RTOS application that is responsible for storing and checking for a correct key input, as well as giving this key to the encrypted hardware in the programmable logic.

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018

A special class of Physically Unclonable Functions (PUF) called strong PUFs are characterized as ... more A special class of Physically Unclonable Functions (PUF) called strong PUFs are characterized as having an exponentially large challenge-response pair (CRP) space. However, model-building attacks with machine learning algorithms have shown that the CRP space of most strong PUFs can be predicted using a relatively small subset of training samples. In this paper, we investigate the delay model of the Hardware-Embedded deLay PUF (HELP) and apply machine learning algorithms to determine its resilience to model-building attacks. The delay model for HELP possesses significant differences when compared with other delay-based PUFs such as the Arbiter PUF, particularly with respect to the composition of the paths which are tested to generate response bits. We show that the complexity of the delay model in combination with a set of delay post processing operations carried out within the HELP algorithm significantly reduce the effectiveness of modelbuilding attacks.

Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things ... more Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration.

Cryptography, 2020

This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguratio... more This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel power resistance for encryption algorithms using DPR, or SPREAD. SPREAD is designed to reduce cryptographic key related signal correlations in power supply transients by changing components of the hardware implementation on-the-fly using DPR. Replicated primitives within the advanced encryption standard (AES) algorithm, in particular, the substitution-box (SBOX)s, are synthesized to multiple and distinct gate-level implementations. The different implementations change the delay characteristics of the SBOXs, reducing correlations in the power traces, which, in turn, increases the difficulty of side-channel attacks. The effectiveness of the proposed countermeasur...

Cryptography, 2018

Secure booting within a field-programmable gate array (FPGA) environment is traditionally impleme... more Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during the start-up. The internal configuration access port (ICAP) interface is accessed to read out configuration information of the unencrypted bitstream, which is then used as input to a secure hash function SHA-3 to generate a digest. In contrast to conventional authentication, where the digest is computed and compared with a second pre-computed value, we use the digest as a challenge to a hardware-embedded delay physical unclonable function (PUF) called HELP. The delays of the paths sensitized by the challenges are used to generate a decryption k...

Cryptography, 2019

Electronic money (e-money or e-Cash) is the digital representation of physical banknotes augmente... more Electronic money (e-money or e-Cash) is the digital representation of physical banknotes augmented by added use cases of online and remote payments. This paper presents a novel, anonymous e-money transaction protocol, built based on physical unclonable functions (PUFs), titled PUF-Cash. PUF-Cash preserves user anonymity while enabling both offline and online transaction capability. The PUF’s privacy-preserving property is leveraged to create blinded tokens for transaction anonymity while its hardware-based challenge–response pair authentication scheme provides a secure solution that is impervious to typical protocol attacks. The scheme is inspired from Chaum’s Digicash work in the 1980s and subsequent improvements. Unlike Chaum’s scheme, which relies on Rivest, Shamir and Adlemans’s (RSA’s) multiplicative homomorphic property to provide anonymity, the anonymity scheme proposed in this paper leverages the random and unique statistical properties of synthesized integrated circuits. PU...

Cryptography, 2017

A special class of Physical Unclonable Functions (PUFs) referred to as strong PUFs can be used in... more A special class of Physical Unclonable Functions (PUFs) referred to as strong PUFs can be used in novel hardware-based authentication protocols. Strong PUFs are required for authentication because the bit strings and helper data are transmitted openly by the token to the verifier, and therefore are revealed to the adversary. This enables the adversary to carry out attacks against the token by systematically applying challenges and obtaining responses in an attempt to machine learn, and later predict, the token's response to an arbitrary challenge. Therefore, strong PUFs must both provide an exponentially large challenge space and be resistant to machine-learning attacks in order to be considered secure. We investigate a transformation called temperature-voltage compensation (TVCOMP), which is used within the Hardware-Embedded Delay PUF (HELP) bit string generation algorithm. TVCOMP increases the diversity and unpredictability of the challenge-response space, and therefore increases resistance to model-building attacks. HELP leverages within-die variations in path delays as a source of random information. TVCOMP is a linear transformation designed specifically for dealing with changes in delay introduced by adverse temperature-voltage (environmental) variations. In this paper, we show that TVCOMP also increases entropy and expands the challenge-response space dramatically.

Advances in Science, Technology and Engineering Systems Journal, 2017

Electronic Control Units (ECUs) generate diagnostic and telemetric data that is communicated over... more Electronic Control Units (ECUs) generate diagnostic and telemetric data that is communicated over the internal vehicular network. ECUs are resource constraint devices and have limited resources to devote for data security. In recent times, threats against vehicular networks have emerged that require attention of the research community. In this paper, we demonstrate data security threats in automobile, present a hardware based security framework that provides real time secure communication using lightweight cryptographic primitives and propose hardware based authentication protocol. Implementation details, performance and security analysis of proposed framework are presented.

2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

2019 IEEE CyberPELS (CyberPELS), 2019

In recent years, attacks against the power grid and the connected smart grid infrastructure have ... more In recent years, attacks against the power grid and the connected smart grid infrastructure have increased and have become a national security issue. The communication-based attacks include attacks with physical access to a network, as well as remote-networked attacks. The resource constrained end devices such as smart meters, power converters as well as third party appliances open additional opportunities for malicious actors. In this paper, we present a low overhead secure communication framework for the critical power infrastructure, which incorporates secure processors, such as Trusted Platform Modules to introduce secure communication in the end nodes. As a use case scenario, we demonstrate security framework for power converters.

Second iiScience International Conference 2021: Recent Advances in Photonics and Physical Sciences, 2021

Tracking the information flow to mitigate the potential vulnerabilities with localization and acc... more Tracking the information flow to mitigate the potential vulnerabilities with localization and accuracy has led to various IFT techniques with different levels of abstraction. However, each technique focusses on a particular level of granularity for information flow control which leads to limited access control or area overhead costs decreasing the precision logic of the system. This paper presents a novel approach providing both fine and coarse grain granularity by integrating Instruction level and Gate level IFT to track the data. The proposed approach translates from Instruction level to Gate level based on the user application and module instantiation.

2020 IEEE CyberPELS (CyberPELS), 2020

In power converter designs embedding security is essential to protect the device from physical an... more In power converter designs embedding security is essential to protect the device from physical and network attacks, and to provide secure communication between Distributed Energy Resources (DER) and power system operators. The communication-based cyber-attacks such as physical access to a network and remote networked attacks compromise the signals, reverse engineer and inject faults. The resource-constrained terminal devices such as smart meters, power converters as well as third party appliances open additional opportunities for malicious actors. In this work, we present a low overhead secure communication framework that incorporates processors, Trusted Platform Module (TPM) for communication in a grid-tied system. We propose a novel reconfigurable design of a power converter controller to establish secure communication for a grid-tied converter. An open-source Field Programmable Gate Array (FPGA) platform is used to develop the library functions necessary to perform power electronic controls. The FPGA works in conjunction with the integrated TPM to exchange command and feedback signals. Preliminary results of the operation of the controller with a 3-phase inverter feeding power to a resistive load are also presented.

2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2017

Recent documented remote hijacking attacks on vehicles have created a need for improving on-board... more Recent documented remote hijacking attacks on vehicles have created a need for improving on-board vehicular network security. Electronic Control Units (ECUs) in a vehicle are resource constrained devices that are connected using network standard such as Controller Area Network (CAN). In our work, we demonstrate threat models of CANBus, and propose a secure and trusted framework that implements lightweight hardware based authentication and secure key exchange for enhanced security over the insecure CANFD standard. The scheme integrates a hardware based code isolation using Trusted Execution Environment that further restricts the access to crypto IPs and resources at the time of device or network compromise. The paper discusses the overhead, performance and security analysis of our proposed framework.

SoutheastCon 2018, 2018

Electronic Control Units (ECUs) are enriched devices to control mechanical parts through communic... more Electronic Control Units (ECUs) are enriched devices to control mechanical parts through communication of control signals between them. Vehicles, like other internet of things, are vulnerable to device and network level attacks that are undeniably a safety concern. In this paper, we present a hardware-based framework with Trusted Platform Modules (TPM) enabled secure boot, traffic control for secure communication and mitigating Denial of Service (DoS) attacks by whitelisting, blacklisting and thresholding mechanism. Additionally, at the time of possible compromise, the proposed system provides self-perseverance constructs that are discussed with respect to architecture, implementation and security analysis.

2019 IEEE CyberPELS (CyberPELS), 2019

The Internet of Things (IoT) are paradigm shift transforming embedded objects into a smart connec... more The Internet of Things (IoT) are paradigm shift transforming embedded objects into a smart connected device, ready to sense, analyze and communicate information with other devices. Nowadays, IoT devices are widely used in smart home systems and smart grid systems at a high level of integration and automation. However, the increasing tendency of the smart device also leads to a problem of security. The recent exploitations of the connected smart devices' vulnerabilities reinforce the importance of security implementation and integration at the system level. In this work, we propose some use cases to show the vulnerability of the smart bulb to different attacks.

Journal of Hardware and Systems Security, 2021

Cryptogr., 2021

Direct Memory Access (DMA) is a state-of-the-art technique to optimize the speed of memory access... more Direct Memory Access (DMA) is a state-of-the-art technique to optimize the speed of memory access and to efficiently use processing power during data transfers between the main system and a peripheral device. However, this advanced feature opens security vulnerabilities of access compromise and to manipulate the main memory of the victim host machine. The paper outlines a lightweight process that creates resilience against DMA attacks minimal modification to the configuration of the DMA protocol. The proposed scheme performs device identification of the trusted PCIe devices that have DMA capabilities and constructs a database of profiling time to authenticate the trusted devices before they can access the system. The results show that the proposed scheme generates a unique identifier for trusted devices and authenticates the devices. Furthermore, a machine learning–based real-time authentication scheme is proposed that enables runtime authentication and share the results of the time...

IECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society, 2019

Integration of complex and high-speed electronic components in the state of art electric power sy... more Integration of complex and high-speed electronic components in the state of art electric power system enhances the need for improved security infrastructure and resilience against invasive and non-invasive attacks on the smart grid. A modern smart grid system integrates a variety of instruments and standards to achieve cost-effective and time-effective energy measurement and management. As the fundamental component in the smart grid, the smart meter supports real-time monitoring, automatic control, and high-speed communication along with power consumption recording. However, the wide use of smart meters also increases privacy and security concerns. In this paper, we demonstrate the vulnerability of side-channel attacks on secure communication in smart grids for software-based and hardware-based implementations.

2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS), 2017

In this paper, we propose hardware based secure and trusted communication over CAN bus in the int... more In this paper, we propose hardware based secure and trusted communication over CAN bus in the intra vehicle network connecting electronic Control Units (ECUs). CAN bus is an insecure communication channel, connecting resource constraint devices that have limited resources to devote for data security and real-time requirements to meet the safety critical design specifications. We propose a hardware based secure and trusted framework that implements lightweight PUF based mutual authentication and secure encryption over the insecure communication channel. The paper discusses the framework design and implementation details along with the resource utilization and performance analysis of the proposed system.

2021 IEEE International Midwest Symposium on Circuits and Systems (MWSCAS), 2021

With the rise of globalization, third party intellectual property 3PIP use in the system on chip ... more With the rise of globalization, third party intellectual property 3PIP use in the system on chip SoC and the horizontal business model of outsourcing the manufacturing and packaging processes has improved the design time, cost and adoption of newer sub-micron technologies. This however results in sharing the intellectual property with system integrators and the offshore foundries which has resulted in the new security vulnerabilities of the semiconductor supply chain. IP protection laws aren’t consistent across all countries, so companies need to protect their IP from untrustworthy foundries attempting to pirate their design.In this work we propose "AAFLE" (Automated Application for FPGA Logic Encryption), an automated application for IP developers to protect their design with an automated flow to lock the design using state of the art logic locking schemes. We will propose a secure hardware isolation mechanism that leverages ARM TrustZone to enable a secure key provisioning system. The system uses TOPPERS/SafeG, a dual-OS monitor, which allows a execution of two operating systems simultaneously, a non-trusted OS confined to the isolated hardware and a trusted OS with access to the entire SoC. The non-secure OS is a Linux kernel with an application that will ask users for the correct key in order to unlock the system. The secure OS is an RTOS application that is responsible for storing and checking for a correct key input, as well as giving this key to the encrypted hardware in the programmable logic.

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018

A special class of Physically Unclonable Functions (PUF) called strong PUFs are characterized as ... more A special class of Physically Unclonable Functions (PUF) called strong PUFs are characterized as having an exponentially large challenge-response pair (CRP) space. However, model-building attacks with machine learning algorithms have shown that the CRP space of most strong PUFs can be predicted using a relatively small subset of training samples. In this paper, we investigate the delay model of the Hardware-Embedded deLay PUF (HELP) and apply machine learning algorithms to determine its resilience to model-building attacks. The delay model for HELP possesses significant differences when compared with other delay-based PUFs such as the Arbiter PUF, particularly with respect to the composition of the paths which are tested to generate response bits. We show that the complexity of the delay model in combination with a set of delay post processing operations carried out within the HELP algorithm significantly reduce the effectiveness of modelbuilding attacks.

Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things ... more Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration.

Cryptography, 2020

This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguratio... more This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel power resistance for encryption algorithms using DPR, or SPREAD. SPREAD is designed to reduce cryptographic key related signal correlations in power supply transients by changing components of the hardware implementation on-the-fly using DPR. Replicated primitives within the advanced encryption standard (AES) algorithm, in particular, the substitution-box (SBOX)s, are synthesized to multiple and distinct gate-level implementations. The different implementations change the delay characteristics of the SBOXs, reducing correlations in the power traces, which, in turn, increases the difficulty of side-channel attacks. The effectiveness of the proposed countermeasur...

Cryptography, 2018

Secure booting within a field-programmable gate array (FPGA) environment is traditionally impleme... more Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during the start-up. The internal configuration access port (ICAP) interface is accessed to read out configuration information of the unencrypted bitstream, which is then used as input to a secure hash function SHA-3 to generate a digest. In contrast to conventional authentication, where the digest is computed and compared with a second pre-computed value, we use the digest as a challenge to a hardware-embedded delay physical unclonable function (PUF) called HELP. The delays of the paths sensitized by the challenges are used to generate a decryption k...

Cryptography, 2019

Electronic money (e-money or e-Cash) is the digital representation of physical banknotes augmente... more Electronic money (e-money or e-Cash) is the digital representation of physical banknotes augmented by added use cases of online and remote payments. This paper presents a novel, anonymous e-money transaction protocol, built based on physical unclonable functions (PUFs), titled PUF-Cash. PUF-Cash preserves user anonymity while enabling both offline and online transaction capability. The PUF’s privacy-preserving property is leveraged to create blinded tokens for transaction anonymity while its hardware-based challenge–response pair authentication scheme provides a secure solution that is impervious to typical protocol attacks. The scheme is inspired from Chaum’s Digicash work in the 1980s and subsequent improvements. Unlike Chaum’s scheme, which relies on Rivest, Shamir and Adlemans’s (RSA’s) multiplicative homomorphic property to provide anonymity, the anonymity scheme proposed in this paper leverages the random and unique statistical properties of synthesized integrated circuits. PU...

Cryptography, 2017

A special class of Physical Unclonable Functions (PUFs) referred to as strong PUFs can be used in... more A special class of Physical Unclonable Functions (PUFs) referred to as strong PUFs can be used in novel hardware-based authentication protocols. Strong PUFs are required for authentication because the bit strings and helper data are transmitted openly by the token to the verifier, and therefore are revealed to the adversary. This enables the adversary to carry out attacks against the token by systematically applying challenges and obtaining responses in an attempt to machine learn, and later predict, the token's response to an arbitrary challenge. Therefore, strong PUFs must both provide an exponentially large challenge space and be resistant to machine-learning attacks in order to be considered secure. We investigate a transformation called temperature-voltage compensation (TVCOMP), which is used within the Hardware-Embedded Delay PUF (HELP) bit string generation algorithm. TVCOMP increases the diversity and unpredictability of the challenge-response space, and therefore increases resistance to model-building attacks. HELP leverages within-die variations in path delays as a source of random information. TVCOMP is a linear transformation designed specifically for dealing with changes in delay introduced by adverse temperature-voltage (environmental) variations. In this paper, we show that TVCOMP also increases entropy and expands the challenge-response space dramatically.

Advances in Science, Technology and Engineering Systems Journal, 2017

Electronic Control Units (ECUs) generate diagnostic and telemetric data that is communicated over... more Electronic Control Units (ECUs) generate diagnostic and telemetric data that is communicated over the internal vehicular network. ECUs are resource constraint devices and have limited resources to devote for data security. In recent times, threats against vehicular networks have emerged that require attention of the research community. In this paper, we demonstrate data security threats in automobile, present a hardware based security framework that provides real time secure communication using lightweight cryptographic primitives and propose hardware based authentication protocol. Implementation details, performance and security analysis of proposed framework are presented.