SlideShare a Scribd company logo
How To Secure Devices in Supply Chain
Management ?
Dr. Kiran Manjappa
Assistant Professor, Dept. of IT, NITK
IoT
● IoT Network has improved the quality of our life.
○ Industry 4.0
● 2025 - 75 Billion IoT Devices will be connected to the world wide network [1]
○ Supply-Chain, Healthcare, Location Information, Tracking Devices,
○ Smart City Networks
● Security Threats are also growing parallelly.
● At one side, IoT network provide security to us, On the other side, IoT network itself needs security.
○ IoT network needs security to provide security to us.
● 2019 - 2.9 Billion Attacks [1]
○ Increased by threefold when compared to 2018 statistics.
2
Security Breaches - Real World Examples
● Ransomware - WannaCry - 2017
○ Took advantage of anonymity in Bitcoin
● Petya - Exploited the third party software present.
○ Ukraine.
● The Dyn Cyber Attack - DNS
3
Cloning/Counterfeit/Foreign Element
4
During Manufacturing
In SCM
Cloning/Counterfeit/Foreign Element
5
During Manufacturing
In SCM
Conventional Security in IoT - Problems
● IoT Devices are resource Constrained Devices
○ Usually low cost designs.
● The conventional Security Techniques requires higher resources
○ Not Suitable for IoT Devices
● Hence, other security techniques for IoT are being explored.
6
Hardware Security
● Hardware (or Device) - Threats
○ Cloning, Hijacking
○ Gray Market
○ Recycled ICs, Duplicate Devices, Hardware Trojans, Counterfeits, Pirated Products, Copy Cats….
○ Gradually Increasing - A Threat for IoT Devices
○ IoT Devices - Easily Targetable.
○ Industry as well as academia going hand in hand to stem the tide.
○ Counterfeit of an IoT Device can happen during any stage of its life cycle.
■ Manufacturing
■ While In the Field.
■ Supply Chain - Most common
Image Source: PUF (part 1) - YouTube
7
8
Hardware Authentication
Image Source: PUF (part 1) - YouTube
● Storing Keys in the Device Itself.
● There should be a Memory in each device specifically for storing
Keys.
● Additional Hardware in the Device - EEPROM or Flash Memory
● Expensive
9
Hardware Authentication
Image Source: PUF (part 1) - YouTube
Server
Internet
● Entire Device can be Cloned.
● Keys can be compromised.
● What is the other option ?
10
Physically Unclonable Function (PUF)
● Hardware Security
○ Very Important
○ If Hardware itself is compromised, all the applications sitting above it will be vulnerable.
● Each hardware has its own unique characteristics
○ Ex. Startup Values of the Memory
● These characteristics will be exploited to implement PUF
● It is a hardware Root of Trust, Digital Fingerprint, Hardware ID etc.
● Uniquely Identifies a Device
● Lightweight, Cost Efficient protocols.
● No Additional Hardware or softwares (resource hungry) involved
○ All we need is a single comparison.
11
PUFs
● PUF is a function Which Works on Challenge - Response Pairs (CRPs)
● CRPs - The inherent characteristics of the devices for the particular events.
○ Stored in the Server.
● In future, if the same hardware device is exposed to the same event, it should produce the same
result.
○ A challenge is given to PUF in the hardware - response is read from the PUF
○ The Received Response is then compared with the CRP pairs stored in the server.
12
PUF and CRPs
13
During Manufacturing
Challenge
Reponse
1 C1 R1
2 C2 R2
3 C3 R3
CRP Table
Trusted Third Party
Cloning/Counterfeit/Foreign Element
14
1 C1 R1
2 C2 R2
3 C3 R3
CRP Table
C2
Cloning/Counterfeit/Foreign Element
15
1 C1 R1
2 C2 R2
3 C3 R3
CRP Table
C2
R’ = R2 ?
More about CRPs
● Who will Give these CRPs ?
○ Manufacturers have to give these CRPs
● How they will get these CRPs ?
○ Different Methods
○ One of the method is exposing the device to different voltages and finding the response
■ P voltage - Response from the Device
■ Q Voltage - Response from the Device
■ X Parameter - Y Responses
● These Responses will be stored securely for future use.
16
-- -- --
-- -- --
-- -- -
CRPs
Response is Compared
● These CRP Table will not be stored in Device.
● It will be stored in the Trusted Neutral Place.
● Nothing is stored in the device except a function !!
● PUF receives the Challenge, Executes it on the hardware gets the result and
passes the result to the Calling function
17
Smart Watch Image clipart - Google Search
2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com)
Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115
(dreamstime.com)
Image References:
PUF
Challenge (c)
18
Smart Watch Image clipart - Google Search
2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com)
Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115
(dreamstime.com)
Image References:
PUF
Challenge (c)
R1
R2 R3 R4
R1 ≠ R2 ≠ R3 ≠ R4
19
PUF
Device 1
Device 2
R1 R2
R1 ≠ R2
Uniqueness Property
PUF
R1
@ Time t
PUF
R2
@ Time t+n
R1 ≈ R2
Reliable Property
20
PUF Types
21
SRAM PUF - Memory Based PUF
● Each and every IoT device has a memory
● Easy to implement - No additional hardware
○ Practical and Cost Effective
○ Robust to Voltage and Temperature Fluctuation
● Memory based PUF
○ SRAM
○ SRAM Failure PUF
○ DRAM
○ DRAM Access Latency PUFs
○ Row Hammer PUFs
22
PUF Types - Based on Robustness
● Two Types
○ Weak PUF and Strong PUF
Sl.
No
Weak PUF Strong PUF
1 Smaller Number of CRPs More CRPs
2 Vulnerable for the Attack
Attacker can guess CRPs
Invulnerable to the Attack
Difficult to Guess
3 Assumption: Human Presence Assumption: May be Random Places
4 SRAM (MBs) DRAM (GBs)
23
-- -- --
-- -- --
CRPs
Weak PUF
● PUF can be reused
● Man in the Middle Attack
Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos
24
- - -
- - -
- - -
- - -
- - -
- - -
- - -
- - -
- - -
CRPs
Strong PUF
25
- - -
- - -
- - -
- - - x
- - -
- - -
- - -
- - -
- - -
CRPs
Strong PUF
Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos
26
- - -
- - -
- - -
- - - x
- - -
- - -
- - -
- - -
- - -
CRPs
Strong PUF
Hashing
Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos
● Encryption and Decryption modules should be added in the IoT Device
● Memory Expensive 27
Supply Chain
● Globalization - The International Market - More Geographical Area - More space for the attackers.
● May Cost Reputation of the legitimate suppliers, a Financial Loss.
● Tracking and Tracing is introduced in the supply chain.
○ Tracking - Current Possession of the product
○ Tracing - Transaction Transparency of the product’s life time.
● The cutting Edge Technologies like 5G and Blockchain Technology have eased the Supply Chain
Process.
28
Reference [2]
Supply Chain Eco-System - UpStream
29
Reference [2]
Supply Chain Eco-System - UpStream
CRPs
PUF
PUF
PUF PUF
PUF
30
-- -- --
-- -- --
-- -- -
CRPs
CRP Tables
● Centralized Database
● Trusted Third Party
● Cloud
● Encrypted or Plain Text
Disadvantages
● SPF and SPA
● Compromised Trusted Third Party
● 75 Billion Devices !!! 75 Billion CRPs
○ How to manage ?
31
PUF + Blockchain Technology
● Recent Research
● Blockchain - Distributed Storage
○ No SPA, SPF
● Blockchain is used to store CRPs
● Safe and Immutable
● Access Control - Registered Users
32
Blockchain + PUF
● All the CRPs are stored in the Blockchain
○ Recall, Blockchain is immutable and secured
○ The unregistered user does not have access to PUF
33
Ownership Transfer (OT)
● One of the use case of PUF
● Before the actual device reaches the buyer, the OT process is completed.
● This may lead to inappropriate OT because of the following circumstances:,
○ Buyer can blame that the seller/owner has sent the wrong product/device.
○ A seller can send accidentally or purposefully Cloned/Recycled IC’s/devices to the buyer.
○ There could be delayed/wrong/failed Logistics or Supply chain events.
○ There can be unfaithful events in the supply chain.
34
PUF in SCM
● PUF - Identifies the integrity of each one of the individual components and IoT Devices
● Once the seller has sent the product to the buyer, buyer runs the PUF
● The OT is completed only after PUF function returns a matching CRP
● Otherwise, OT will stands cancelled.
● In Supply Chain every stage involves OT.
○ PUF can guarantee genuinity and integrity of the devices at every step.
35
Header
Header
Transactions
Header
Header
Block n Block n + 1
Genesis Block
-- -- --
-- -- --
-- -- -
1
2
3
4
Profile Userpic Stock Illustrations – 442 Profile Userpic Stock Illustrations, Vectors & Clipart - Dreamstime
36
Smart Contracts
Smart Contract:
1. Manufacturer registers to the blockchain Register_Manufacturer smart contract
2. Each Manufacturer registers each generated component in the blockchain. Register_Component
Smart Contract
3. Different buyers buy the component from the manufacturers. OT Smart Contract
4. When the components are assembled into an IoT Device, a unique ID will be generated based on all
the component’s unique IDs which the IoT device consists of. Register_IoTDevice Smart Contract
5. At any point of time, the registered users can query the blockchain using Query_Component smart
contract
a. Returns the list of previous owners.
37
References
1. Alireza Shamsoshoara, Ashwija Korenda, Fatemeh Afghah, Sherali Zeadally, “A survey on physical unclonable function (PUF)-based
security solutions for Internet of Things” Computer Networks, Volume 183, 2020, 107593, ISSN 1389-1286,
https://doi.org/10.1016/j.comnet.2020.107593.
2. V. Hassija, V. Chamola, V. Gupta, S. Jain and N. Guizani, "A Survey on Supply Chain Security: Application Areas, Security Threats,
and Solution Architectures," in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6222-6246, 15 April15, 2021, doi:
10.1109/JIOT.2020.3025775.
3. Md Nazmul Islam and Sandip Kundu. 2019. Enabling IC Traceability via Blockchain Pegged to Embedded PUF. ACM Trans. Des.
Autom. Electron. Syst. 24, 3, Article 36 (June 2019), 23 pages. DOI:https://doi.org/10.1145/3315669
4. Basics of SRAM PUF and how to deploy it for IoT security - Embedded.com
38
Thank You.
kiranmanjappa@nitk.edu.in
kiranmanjappa@gmail.com
39

More Related Content

Similar to SCM + PUF_Day 3.pptx

Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013
Huzaifa Saadat
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: Greybus
Anne Nicolas
 
12f675
12f67512f675
PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...
SARADINDU SENGUPTA
 
14k50 auto
14k50 auto14k50 auto
14k50 auto
Alfredo Santillan
 
IPLOOK PGW product information
IPLOOK PGW product informationIPLOOK PGW product information
IPLOOK PGW product information
IPLOOK Networks
 
675
675675
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
Jorge Orchilles
 
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Igor Stoppa
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
CHIACHE lee
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
PIC16F1934.PDF
PIC16F1934.PDFPIC16F1934.PDF
PIC16F1934.PDF
BrayanJulian8
 
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
RootedCON
 
DWH Monitoring System
DWH Monitoring SystemDWH Monitoring System
DWH Monitoring System
Jaime Torres
 
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityIIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
Chijioke “CJ” Ejimuda
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT system
Arron Zhao
 
[114] DRC hubo technical review
[114] DRC hubo technical review[114] DRC hubo technical review
[114] DRC hubo technical review
NAVER D2
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
Yogesh Ojha
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
asconindia
 
Project_updated
Project_updatedProject_updated
Project_updated
Shaikh Zaid
 

Similar to SCM + PUF_Day 3.pptx (20)

Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: Greybus
 
12f675
12f67512f675
12f675
 
PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...
 
14k50 auto
14k50 auto14k50 auto
14k50 auto
 
IPLOOK PGW product information
IPLOOK PGW product informationIPLOOK PGW product information
IPLOOK PGW product information
 
675
675675
675
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
PIC16F1934.PDF
PIC16F1934.PDFPIC16F1934.PDF
PIC16F1934.PDF
 
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
 
DWH Monitoring System
DWH Monitoring SystemDWH Monitoring System
DWH Monitoring System
 
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityIIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT system
 
[114] DRC hubo technical review
[114] DRC hubo technical review[114] DRC hubo technical review
[114] DRC hubo technical review
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
 
Project_updated
Project_updatedProject_updated
Project_updated
 

More from nagarajan740445

HR Analytics First module corporate expericence.pptx
HR Analytics First module corporate expericence.pptxHR Analytics First module corporate expericence.pptx
HR Analytics First module corporate expericence.pptx
nagarajan740445
 
principles of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxprinciples of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptx
nagarajan740445
 
how to start the MSME business in India.pptx
how to start the MSME business in India.pptxhow to start the MSME business in India.pptx
how to start the MSME business in India.pptx
nagarajan740445
 
digital age mode Industry presentation.pptx
digital age mode Industry presentation.pptxdigital age mode Industry presentation.pptx
digital age mode Industry presentation.pptx
nagarajan740445
 
Statistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptxStatistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptx
nagarajan740445
 
scorpio case study.pptx
scorpio case study.pptxscorpio case study.pptx
scorpio case study.pptx
nagarajan740445
 
SENCER_panel.ppt
SENCER_panel.pptSENCER_panel.ppt
SENCER_panel.ppt
nagarajan740445
 
geetha 1SP21BA009.pptx
geetha 1SP21BA009.pptxgeetha 1SP21BA009.pptx
geetha 1SP21BA009.pptx
nagarajan740445
 
gagana ppt 1.pptx
gagana ppt 1.pptxgagana ppt 1.pptx
gagana ppt 1.pptx
nagarajan740445
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptx
nagarajan740445
 
MDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).pptMDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).ppt
nagarajan740445
 
Intestinal Obstruction (1).ppt
Intestinal Obstruction (1).pptIntestinal Obstruction (1).ppt
Intestinal Obstruction (1).ppt
nagarajan740445
 
marketing analytics 1.pptx
marketing analytics 1.pptxmarketing analytics 1.pptx
marketing analytics 1.pptx
nagarajan740445
 
first rule of marketing analytics forget about the customer.pptx
first rule of marketing analytics  forget about the customer.pptxfirst rule of marketing analytics  forget about the customer.pptx
first rule of marketing analytics forget about the customer.pptx
nagarajan740445
 
marketing analytics.pptx
marketing  analytics.pptxmarketing  analytics.pptx
marketing analytics.pptx
nagarajan740445
 
Cardiac.pptx
Cardiac.pptxCardiac.pptx
Cardiac.pptx
nagarajan740445
 
NERCOMPfinal_jfg.ppt
NERCOMPfinal_jfg.pptNERCOMPfinal_jfg.ppt
NERCOMPfinal_jfg.ppt
nagarajan740445
 
Data Analytics .pptx
Data Analytics .pptxData Analytics .pptx
Data Analytics .pptx
nagarajan740445
 
BUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.pptBUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.ppt
nagarajan740445
 
Tamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdfTamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdf
nagarajan740445
 

More from nagarajan740445 (20)

HR Analytics First module corporate expericence.pptx
HR Analytics First module corporate expericence.pptxHR Analytics First module corporate expericence.pptx
HR Analytics First module corporate expericence.pptx
 
principles of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxprinciples of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptx
 
how to start the MSME business in India.pptx
how to start the MSME business in India.pptxhow to start the MSME business in India.pptx
how to start the MSME business in India.pptx
 
digital age mode Industry presentation.pptx
digital age mode Industry presentation.pptxdigital age mode Industry presentation.pptx
digital age mode Industry presentation.pptx
 
Statistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptxStatistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptx
 
scorpio case study.pptx
scorpio case study.pptxscorpio case study.pptx
scorpio case study.pptx
 
SENCER_panel.ppt
SENCER_panel.pptSENCER_panel.ppt
SENCER_panel.ppt
 
geetha 1SP21BA009.pptx
geetha 1SP21BA009.pptxgeetha 1SP21BA009.pptx
geetha 1SP21BA009.pptx
 
gagana ppt 1.pptx
gagana ppt 1.pptxgagana ppt 1.pptx
gagana ppt 1.pptx
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptx
 
MDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).pptMDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).ppt
 
Intestinal Obstruction (1).ppt
Intestinal Obstruction (1).pptIntestinal Obstruction (1).ppt
Intestinal Obstruction (1).ppt
 
marketing analytics 1.pptx
marketing analytics 1.pptxmarketing analytics 1.pptx
marketing analytics 1.pptx
 
first rule of marketing analytics forget about the customer.pptx
first rule of marketing analytics  forget about the customer.pptxfirst rule of marketing analytics  forget about the customer.pptx
first rule of marketing analytics forget about the customer.pptx
 
marketing analytics.pptx
marketing  analytics.pptxmarketing  analytics.pptx
marketing analytics.pptx
 
Cardiac.pptx
Cardiac.pptxCardiac.pptx
Cardiac.pptx
 
NERCOMPfinal_jfg.ppt
NERCOMPfinal_jfg.pptNERCOMPfinal_jfg.ppt
NERCOMPfinal_jfg.ppt
 
Data Analytics .pptx
Data Analytics .pptxData Analytics .pptx
Data Analytics .pptx
 
BUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.pptBUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.ppt
 
Tamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdfTamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdf
 

Recently uploaded

Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17
Celine George
 
How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17
Celine George
 
How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17
Celine George
 
How To Create a Transient Model in Odoo 17
How To Create a Transient Model in Odoo 17How To Create a Transient Model in Odoo 17
How To Create a Transient Model in Odoo 17
Celine George
 
How to Manage Shipping Connectors & Shipping Methods in Odoo 17
How to Manage Shipping Connectors & Shipping Methods in Odoo 17How to Manage Shipping Connectors & Shipping Methods in Odoo 17
How to Manage Shipping Connectors & Shipping Methods in Odoo 17
Celine George
 
A beginner’s guide to project reviews - everything you wanted to know but wer...
A beginner’s guide to project reviews - everything you wanted to know but wer...A beginner’s guide to project reviews - everything you wanted to know but wer...
A beginner’s guide to project reviews - everything you wanted to know but wer...
Association for Project Management
 
Introduction to Banking System in India.ppt
Introduction to Banking System in India.pptIntroduction to Banking System in India.ppt
Introduction to Banking System in India.ppt
Dr. S. Bulomine Regi
 
modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254
NurFitriah45
 
CTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDFCTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDF
hammadmughal76316
 
modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025
NurFitriah45
 
Imagination in Computer Science Research
Imagination in Computer Science ResearchImagination in Computer Science Research
Imagination in Computer Science Research
Abhik Roychoudhury
 
Genetics Teaching Plan: Dr.Kshirsagar R.V.
Genetics Teaching Plan: Dr.Kshirsagar R.V.Genetics Teaching Plan: Dr.Kshirsagar R.V.
Genetics Teaching Plan: Dr.Kshirsagar R.V.
DrRavindrakshirsagar1
 
New Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 SlidesNew Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 Slides
Celine George
 
Allopathic M1 Srudent Orientation Powerpoint
Allopathic M1 Srudent Orientation PowerpointAllopathic M1 Srudent Orientation Powerpoint
Allopathic M1 Srudent Orientation Powerpoint
Julie Sarpy
 
How to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POSHow to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POS
Celine George
 
SEQUNCES Lecture_Notes_Unit4_chapter11_sequence
SEQUNCES  Lecture_Notes_Unit4_chapter11_sequenceSEQUNCES  Lecture_Notes_Unit4_chapter11_sequence
SEQUNCES Lecture_Notes_Unit4_chapter11_sequence
Murugan Solaiyappan
 
What is Rescue Session in Odoo 17 POS - Odoo 17 Slides
What is Rescue Session in Odoo 17 POS - Odoo 17 SlidesWhat is Rescue Session in Odoo 17 POS - Odoo 17 Slides
What is Rescue Session in Odoo 17 POS - Odoo 17 Slides
Celine George
 
How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17
Celine George
 
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.pptFEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
JenezarieTarra1
 
C Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdfC Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdf
Scholarhat
 

Recently uploaded (20)

Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17
 
How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17
 
How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17
 
How To Create a Transient Model in Odoo 17
How To Create a Transient Model in Odoo 17How To Create a Transient Model in Odoo 17
How To Create a Transient Model in Odoo 17
 
How to Manage Shipping Connectors & Shipping Methods in Odoo 17
How to Manage Shipping Connectors & Shipping Methods in Odoo 17How to Manage Shipping Connectors & Shipping Methods in Odoo 17
How to Manage Shipping Connectors & Shipping Methods in Odoo 17
 
A beginner’s guide to project reviews - everything you wanted to know but wer...
A beginner’s guide to project reviews - everything you wanted to know but wer...A beginner’s guide to project reviews - everything you wanted to know but wer...
A beginner’s guide to project reviews - everything you wanted to know but wer...
 
Introduction to Banking System in India.ppt
Introduction to Banking System in India.pptIntroduction to Banking System in India.ppt
Introduction to Banking System in India.ppt
 
modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254
 
CTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDFCTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDF
 
modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025
 
Imagination in Computer Science Research
Imagination in Computer Science ResearchImagination in Computer Science Research
Imagination in Computer Science Research
 
Genetics Teaching Plan: Dr.Kshirsagar R.V.
Genetics Teaching Plan: Dr.Kshirsagar R.V.Genetics Teaching Plan: Dr.Kshirsagar R.V.
Genetics Teaching Plan: Dr.Kshirsagar R.V.
 
New Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 SlidesNew Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 Slides
 
Allopathic M1 Srudent Orientation Powerpoint
Allopathic M1 Srudent Orientation PowerpointAllopathic M1 Srudent Orientation Powerpoint
Allopathic M1 Srudent Orientation Powerpoint
 
How to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POSHow to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POS
 
SEQUNCES Lecture_Notes_Unit4_chapter11_sequence
SEQUNCES  Lecture_Notes_Unit4_chapter11_sequenceSEQUNCES  Lecture_Notes_Unit4_chapter11_sequence
SEQUNCES Lecture_Notes_Unit4_chapter11_sequence
 
What is Rescue Session in Odoo 17 POS - Odoo 17 Slides
What is Rescue Session in Odoo 17 POS - Odoo 17 SlidesWhat is Rescue Session in Odoo 17 POS - Odoo 17 Slides
What is Rescue Session in Odoo 17 POS - Odoo 17 Slides
 
How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17
 
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.pptFEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
 
C Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdfC Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdf
 

SCM + PUF_Day 3.pptx

  • 1. How To Secure Devices in Supply Chain Management ? Dr. Kiran Manjappa Assistant Professor, Dept. of IT, NITK
  • 2. IoT ● IoT Network has improved the quality of our life. ○ Industry 4.0 ● 2025 - 75 Billion IoT Devices will be connected to the world wide network [1] ○ Supply-Chain, Healthcare, Location Information, Tracking Devices, ○ Smart City Networks ● Security Threats are also growing parallelly. ● At one side, IoT network provide security to us, On the other side, IoT network itself needs security. ○ IoT network needs security to provide security to us. ● 2019 - 2.9 Billion Attacks [1] ○ Increased by threefold when compared to 2018 statistics. 2
  • 3. Security Breaches - Real World Examples ● Ransomware - WannaCry - 2017 ○ Took advantage of anonymity in Bitcoin ● Petya - Exploited the third party software present. ○ Ukraine. ● The Dyn Cyber Attack - DNS 3
  • 6. Conventional Security in IoT - Problems ● IoT Devices are resource Constrained Devices ○ Usually low cost designs. ● The conventional Security Techniques requires higher resources ○ Not Suitable for IoT Devices ● Hence, other security techniques for IoT are being explored. 6
  • 7. Hardware Security ● Hardware (or Device) - Threats ○ Cloning, Hijacking ○ Gray Market ○ Recycled ICs, Duplicate Devices, Hardware Trojans, Counterfeits, Pirated Products, Copy Cats…. ○ Gradually Increasing - A Threat for IoT Devices ○ IoT Devices - Easily Targetable. ○ Industry as well as academia going hand in hand to stem the tide. ○ Counterfeit of an IoT Device can happen during any stage of its life cycle. ■ Manufacturing ■ While In the Field. ■ Supply Chain - Most common Image Source: PUF (part 1) - YouTube 7
  • 8. 8
  • 9. Hardware Authentication Image Source: PUF (part 1) - YouTube ● Storing Keys in the Device Itself. ● There should be a Memory in each device specifically for storing Keys. ● Additional Hardware in the Device - EEPROM or Flash Memory ● Expensive 9
  • 10. Hardware Authentication Image Source: PUF (part 1) - YouTube Server Internet ● Entire Device can be Cloned. ● Keys can be compromised. ● What is the other option ? 10
  • 11. Physically Unclonable Function (PUF) ● Hardware Security ○ Very Important ○ If Hardware itself is compromised, all the applications sitting above it will be vulnerable. ● Each hardware has its own unique characteristics ○ Ex. Startup Values of the Memory ● These characteristics will be exploited to implement PUF ● It is a hardware Root of Trust, Digital Fingerprint, Hardware ID etc. ● Uniquely Identifies a Device ● Lightweight, Cost Efficient protocols. ● No Additional Hardware or softwares (resource hungry) involved ○ All we need is a single comparison. 11
  • 12. PUFs ● PUF is a function Which Works on Challenge - Response Pairs (CRPs) ● CRPs - The inherent characteristics of the devices for the particular events. ○ Stored in the Server. ● In future, if the same hardware device is exposed to the same event, it should produce the same result. ○ A challenge is given to PUF in the hardware - response is read from the PUF ○ The Received Response is then compared with the CRP pairs stored in the server. 12
  • 13. PUF and CRPs 13 During Manufacturing Challenge Reponse 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table Trusted Third Party
  • 14. Cloning/Counterfeit/Foreign Element 14 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table C2
  • 15. Cloning/Counterfeit/Foreign Element 15 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table C2 R’ = R2 ?
  • 16. More about CRPs ● Who will Give these CRPs ? ○ Manufacturers have to give these CRPs ● How they will get these CRPs ? ○ Different Methods ○ One of the method is exposing the device to different voltages and finding the response ■ P voltage - Response from the Device ■ Q Voltage - Response from the Device ■ X Parameter - Y Responses ● These Responses will be stored securely for future use. 16
  • 17. -- -- -- -- -- -- -- -- - CRPs Response is Compared ● These CRP Table will not be stored in Device. ● It will be stored in the Trusted Neutral Place. ● Nothing is stored in the device except a function !! ● PUF receives the Challenge, Executes it on the hardware gets the result and passes the result to the Calling function 17
  • 18. Smart Watch Image clipart - Google Search 2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com) Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115 (dreamstime.com) Image References: PUF Challenge (c) 18
  • 19. Smart Watch Image clipart - Google Search 2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com) Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115 (dreamstime.com) Image References: PUF Challenge (c) R1 R2 R3 R4 R1 ≠ R2 ≠ R3 ≠ R4 19
  • 20. PUF Device 1 Device 2 R1 R2 R1 ≠ R2 Uniqueness Property PUF R1 @ Time t PUF R2 @ Time t+n R1 ≈ R2 Reliable Property 20
  • 22. SRAM PUF - Memory Based PUF ● Each and every IoT device has a memory ● Easy to implement - No additional hardware ○ Practical and Cost Effective ○ Robust to Voltage and Temperature Fluctuation ● Memory based PUF ○ SRAM ○ SRAM Failure PUF ○ DRAM ○ DRAM Access Latency PUFs ○ Row Hammer PUFs 22
  • 23. PUF Types - Based on Robustness ● Two Types ○ Weak PUF and Strong PUF Sl. No Weak PUF Strong PUF 1 Smaller Number of CRPs More CRPs 2 Vulnerable for the Attack Attacker can guess CRPs Invulnerable to the Attack Difficult to Guess 3 Assumption: Human Presence Assumption: May be Random Places 4 SRAM (MBs) DRAM (GBs) 23
  • 24. -- -- -- -- -- -- CRPs Weak PUF ● PUF can be reused ● Man in the Middle Attack Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos 24
  • 25. - - - - - - - - - - - - - - - - - - - - - - - - - - - CRPs Strong PUF 25
  • 26. - - - - - - - - - - - - x - - - - - - - - - - - - - - - CRPs Strong PUF Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos 26
  • 27. - - - - - - - - - - - - x - - - - - - - - - - - - - - - CRPs Strong PUF Hashing Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos ● Encryption and Decryption modules should be added in the IoT Device ● Memory Expensive 27
  • 28. Supply Chain ● Globalization - The International Market - More Geographical Area - More space for the attackers. ● May Cost Reputation of the legitimate suppliers, a Financial Loss. ● Tracking and Tracing is introduced in the supply chain. ○ Tracking - Current Possession of the product ○ Tracing - Transaction Transparency of the product’s life time. ● The cutting Edge Technologies like 5G and Blockchain Technology have eased the Supply Chain Process. 28
  • 29. Reference [2] Supply Chain Eco-System - UpStream 29
  • 30. Reference [2] Supply Chain Eco-System - UpStream CRPs PUF PUF PUF PUF PUF 30
  • 31. -- -- -- -- -- -- -- -- - CRPs CRP Tables ● Centralized Database ● Trusted Third Party ● Cloud ● Encrypted or Plain Text Disadvantages ● SPF and SPA ● Compromised Trusted Third Party ● 75 Billion Devices !!! 75 Billion CRPs ○ How to manage ? 31
  • 32. PUF + Blockchain Technology ● Recent Research ● Blockchain - Distributed Storage ○ No SPA, SPF ● Blockchain is used to store CRPs ● Safe and Immutable ● Access Control - Registered Users 32
  • 33. Blockchain + PUF ● All the CRPs are stored in the Blockchain ○ Recall, Blockchain is immutable and secured ○ The unregistered user does not have access to PUF 33
  • 34. Ownership Transfer (OT) ● One of the use case of PUF ● Before the actual device reaches the buyer, the OT process is completed. ● This may lead to inappropriate OT because of the following circumstances:, ○ Buyer can blame that the seller/owner has sent the wrong product/device. ○ A seller can send accidentally or purposefully Cloned/Recycled IC’s/devices to the buyer. ○ There could be delayed/wrong/failed Logistics or Supply chain events. ○ There can be unfaithful events in the supply chain. 34
  • 35. PUF in SCM ● PUF - Identifies the integrity of each one of the individual components and IoT Devices ● Once the seller has sent the product to the buyer, buyer runs the PUF ● The OT is completed only after PUF function returns a matching CRP ● Otherwise, OT will stands cancelled. ● In Supply Chain every stage involves OT. ○ PUF can guarantee genuinity and integrity of the devices at every step. 35
  • 36. Header Header Transactions Header Header Block n Block n + 1 Genesis Block -- -- -- -- -- -- -- -- - 1 2 3 4 Profile Userpic Stock Illustrations – 442 Profile Userpic Stock Illustrations, Vectors & Clipart - Dreamstime 36
  • 37. Smart Contracts Smart Contract: 1. Manufacturer registers to the blockchain Register_Manufacturer smart contract 2. Each Manufacturer registers each generated component in the blockchain. Register_Component Smart Contract 3. Different buyers buy the component from the manufacturers. OT Smart Contract 4. When the components are assembled into an IoT Device, a unique ID will be generated based on all the component’s unique IDs which the IoT device consists of. Register_IoTDevice Smart Contract 5. At any point of time, the registered users can query the blockchain using Query_Component smart contract a. Returns the list of previous owners. 37
  • 38. References 1. Alireza Shamsoshoara, Ashwija Korenda, Fatemeh Afghah, Sherali Zeadally, “A survey on physical unclonable function (PUF)-based security solutions for Internet of Things” Computer Networks, Volume 183, 2020, 107593, ISSN 1389-1286, https://doi.org/10.1016/j.comnet.2020.107593. 2. V. Hassija, V. Chamola, V. Gupta, S. Jain and N. Guizani, "A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures," in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6222-6246, 15 April15, 2021, doi: 10.1109/JIOT.2020.3025775. 3. Md Nazmul Islam and Sandip Kundu. 2019. Enabling IC Traceability via Blockchain Pegged to Embedded PUF. ACM Trans. Des. Autom. Electron. Syst. 24, 3, Article 36 (June 2019), 23 pages. DOI:https://doi.org/10.1145/3315669 4. Basics of SRAM PUF and how to deploy it for IoT security - Embedded.com 38