Successfully reported this slideshow.

xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

0

Share

Dec. 14, 2016
0 likes 184 views
Upcoming SlideShare
What is network security and Types
What is network security and Types
Loading in …3
×
1 of 1
1 of 1

xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

Dec. 14, 2016
0 likes 184 views

0

Share

Download to read offline

Engineering

In this work, we propose a modified DEFENSE architecture termed as xDEFENSE that can detect and react to hardware attacks in real-time. In the past, several Root of Trust architectures such as DEFENSE and RETC have been proposed to foil attempts by hardware Trojans to leak sensitive information. In a typical Root of Trust architecture scenario, hardware is allowed to access the memory only by responding properly to a challenge requested by the memory guard. However in a recent effort, we observed that these architectures can in fact be susceptible to a variety of threats ranging from denial of service attacks, privilege escalation to information leakage, by injecting a Trojan into the Root of Trust modules such as memory guards and authorized hardware. In our work, we propose a security monitor that monitors all transactions between the authorized hardware, memory guard and memory. It also authenticates these components through the use of Hashed Message Authentication Codes (HMAC) to detect any invalid memory access or denial of service attack by disrupting the challenge-response pairs. The proposed xDEFENSE architecture was implemented on a Xilinx SPARTAN 3 FPGA evaluation board and our results indicate that xDEFENSE requires 143 additional slices as compared to DEFENSE and incurs a monitoring latency of 22ns.

In this work, we propose a modified DEFENSE architecture termed as xDEFENSE that can detect and react to hardware attacks in real-time. In the past, several Root of Trust architectures such as DEFENSE and RETC have been proposed to foil attempts by hardware Trojans to leak sensitive information. In a typical Root of Trust architecture scenario, hardware is allowed to access the memory only by responding properly to a challenge requested by the memory guard. However in a recent effort, we observed that these architectures can in fact be susceptible to a variety of threats ranging from denial of service attacks, privilege escalation to information leakage, by injecting a Trojan into the Root of Trust modules such as memory guards and authorized hardware. In our work, we propose a security monitor that monitors all transactions between the authorized hardware, memory guard and memory. It also authenticates these components through the use of Hashed Message Authentication Codes (HMAC) to detect any invalid memory access or denial of service attack by disrupting the challenge-response pairs. The proposed xDEFENSE architecture was implemented on a Xilinx SPARTAN 3 FPGA evaluation board and our results indicate that xDEFENSE requires 143 additional slices as compared to DEFENSE and incurs a monitoring latency of 22ns.

Engineering

Recommended

More Related Content

Viewers also liked

Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP
Trend Internet of Things
Deris Stiawan
Network Attack and Intrusion Prevention System
Deris Stiawan
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
Network Security Chapter 7
AfiqEfendy Zaen
Network security
Nkosinathi Lungu
Cyber Security: Trends and Globar War
Nasir Bhutta
Network security
Vikas Jagtap
Network security
fatimasaham
Network security
Simranpreet Singh
Network security and protocols
Online
Spectre and Meltdown
S.Mostafa Sayyedi
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
Network security - Defense in Depth
Dilum Bandara
IOT privacy and Security
noornabi16
Network security ppt
OECLIB Odisha Electronics Control Library
Network security
Madhumithah Ilango
Presentation network security
cegonsoft1999

Similar to xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
Vivek Venugopalan
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
The (In)Security of Topology Discovery in Software Defined Networks
Talal Alharbi
A REVIEW: TRUST, ATTACKS AND SECURITY CHALLENGES IN MANET
ieijjournal
Cyber-security of smart grids
Hamza AlBzoor
Forestalling Meticulous Jam Attacks Using Packet-Hiding Techniques
Eswar Publications
NFV Security PPT
Nisarg Shah
Enhanced Secure Routing Model for MANET
cscpconf
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Vladimir Eliseev
The Robust system for antivenin DDOS by Rioter Puddle Expertise
AM Publications
A Survey of Security Approaches for Wireless Adhoc Networks
International Journal for management Science and Technology - https://www.ijmst.com/
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
Review of Prevention Schemes for Man-In-The-Middle (MITM) Attack in Vehicular...
Dr. Amarjeet Singh
DESIGN AND IMPLEMENTATION OF A TRUST-AWARE ROUTING PROTOCOL FOR LARGE WSNS
IJNSA Journal
509286-Aki_Koivu-Review
Aki Koivu
The technique to detect and avoid the denial of service attacks in wireless s...
eSAT Publishing House
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...
cscpconf
An os independent heuristics based worm-containment system
UltraUploader
Secure and Efficient Hierarchical Data Aggregation in Wireless Sensor Networks
IJMER
woot15-paper-novella
Eduardo Novella

More from Vivek Venugopalan

Accelerating Real-Time LiDAR Data Processing Using GPUs
Vivek Venugopalan
Hardware acceleration of TEA and XTEA algorithms on FPGA, GPU and multi-core ...
Vivek Venugopalan
Real-time processing for ATST
Vivek Venugopalan
Accelerating Particle Image Velocimetry using Hybrid Architectures
Vivek Venugopalan
CISL talk
Vivek Venugopalan

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate Rose George
(4/5)
Free
Carrying the Fire: 50th Anniversary Edition Michael Collins
(4.5/5)
Free
Island of the Lost: An Extraordinary Story of Survival at the Edge of the World Joan Druett
(4/5)
Free
The Basics of Bitcoins and Blockchains: An Introduction to Cryptocurrencies and the Technology that Powers Them (Cryptography, Derivatives Investments, Futures Trading, Digital Assets, NFT) Antony Lewis
(4/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(3/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free

xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

  1. 1. xDEFENSE:An Extended DEFENSE for mitigating Next Generation Intrusions James Lamberti, Devu Manikantan Shila andVivekVenugopal • Hardware Trojan Threats (HTTs) are virus-like stealthy malicious components that can infect the Integrated Circuit (IC). • Various stages of an IC lifecycle are vulnerable to attacks due to the outsourcing of design and manufacture. • Majority of the ASICs and FPGAs fabricated in China and Taiwan (Source: DARPA) [1] M.Abramovici and P. Bradley.“Integrated circuit security: new threats and solutions”. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, page 55.ACM, 2009. [2] T. Huffmire,et. al,“Moats and drawbridges:An isolation primitive for reconfigurable hardware based systems,” in Security and Privacy, 2007. SP ’07. IEEE Symposium on, May 2007, pp. 281–295. Implementation and Results • Our results manifest that using power, the hardware Trojans remained undetected. • Using timing and resource utilization, the message spoofing and the denial of service HTTs indicated a visible change from the golden model, thus increasing it’s detection rate. • We implement an architectural refinement in the form of a trusted anchor for embedding user-defined policies that prevents HTTs from activating within the system. • The Trusted Anchor incurs a latency cost for the secure handshake protocol and utilizes more resources for the monitoring logic. Conclusion References Background work • DEFENSE improves bus guarding and scrambling techniques by adding hardware to provide real-time security monitoring. • RETC-CPS is an extension of DEFENSE, where a firewall constantly checks the model behavior against a set of user-defined security policies. • A classic Root of Trust (RoT) design consists of a secure memory and a key guard. The authorized module is allowed to access the contents of memory only via a guard module. However, this RoT can be compromised with the presence of a Man-In-The-Middle attack by a hardware Trojan. • The Trusted Anchor is configured with the following set of policies related to information leakage: (1) Unauthorized IP cores are restricted from memory access, (2) The key is never allowed to leave an IP core via IP core-IP core or IP core-I/O links. •The Trusted Anchor monitors the communication links for any violation of these policies and if detected, it will reset the device or perform memory/key zeroization. Introduction Address Logic Address Logic Response Generator Challenge Generator Encryption Response Generator Memory Authorized module Unauthorized module Guard module Man-In- The- Middle HTT Unknown USA Europe Asia USA Europe Asia FPGA manufacturing locations ASIC manufacturing locations • Also, in the RoT testbed, an unauthorized module can access the key from the authorized module, which remains undetected. • Both DEFENSE and RETC do not address spoofing attacks, as there is no security built into it. Trusted Anchor Unauthorized IP Memory Secure handshake Trusted module I/O Authorized IP I/O Secure handshake Reset key leakage no key leakage monitor Root of Trust with a Man-In-The-Middle HTT ChangefromtheGoldenmodel -1 -0.75 -0.5 -0.25 0 0.25 0.5 0.75 1 Timing Resource Beat the RoT (Denial of Service) Beat the RoT (Message Spoofing)

×