scholarly journals CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering

Author(s):  
Matthias Ludwig ◽  
Alexander Hepp ◽  
Michaela Brunner ◽  
Johanna Baehr

Trust and security of microelectronic systems are a major driver for game-changing trends like autonomous driving or the internet of things. These trends are endangered by threats like soft- and hardware attacks or IP tampering -- wherein often hardware reverse engineering (RE) is involved for efficient attack planning. The constant publication of new RE-related scenarios and countermeasures renders a profound rating of these extremely difficult. Researchers and practitioners have no tools or framework which aid a common, consistent classification of these scenarios. In this work, this rating framework is introduced: the common reverse engineering scoring system (CRESS). The framework allows a general classification of published settings and renders them comparable. We introduce three metrics: exploitability, impact, and a timestamp. For these metrics, attributes are defined which allow a granular assessment of RE on the one hand, and attack requirements, consequences, and potential remediation strategies on the other. The system is demonstrated in detail via five case studies and common implications are discussed. We anticipate CRESS to evaluate possible vulnerabilities and to safeguard targets more proactively.

2021 ◽  
Author(s):  
Matthias Ludwig ◽  
Alexander Hepp ◽  
Michaela Brunner ◽  
Johanna Baehr

Trust and security of microelectronic systems are a major driver for game-changing trends like autonomous driving or the internet of things. These trends are endangered by threats like soft- and hardware attacks or IP tampering -- wherein often hardware reverse engineering (RE) is involved for efficient attack planning. The constant publication of new RE-related scenarios and countermeasures renders a profound rating of these extremely difficult. Researchers and practitioners have no tools or framework which aid a common, consistent classification of these scenarios. In this work, this rating framework is introduced: the common reverse engineering scoring system (CRESS). The framework allows a general classification of published settings and renders them comparable. We introduce three metrics: exploitability, impact, and a timestamp. For these metrics, attributes are defined which allow a granular assessment of RE on the one hand, and attack requirements, consequences, and potential remediation strategies on the other. The system is demonstrated in detail via five case studies and common implications are discussed. We anticipate CRESS to evaluate possible vulnerabilities and to safeguard targets more proactively.


2022 ◽  
pp. 51-68
Author(s):  
Vijay Prakash ◽  
Lalit Garg ◽  
Luke Camilleri ◽  
Joseph Curmi ◽  
Darren Camilleri

5G is a new universal wireless standard, a new form of mobile network engineered to bring everyone and everything virtually together. 5G is not only for mobile phones, but it is also the foundation for virtual reality (VR), the internet of things (IoT), and autonomous driving, connecting many electronic devices to the internet. Having good healthcare is very important as it affects all parts of human life and social well-being. Moreover, it is crucial to have a great healthcare system if we want economic growth, workforce productivity, and society to advance. Despite all the hard work done by scientists and medical professionals, today's healthcare is mainly inefficient, and a significant overhaul is required. This chapter discusses the primary advantages, including the 5G's main features in healthcare and their limitations and probable solutions and applications to the latest scenario.


Sensors ◽  
2019 ◽  
Vol 19 (13) ◽  
pp. 2956 ◽  
Author(s):  
Paolo Lo Giudice ◽  
Antonino Nocera ◽  
Domenico Ursino ◽  
Luca Virgili

In the last years, several attempts to combine the Internet of Things (IoT) and social networking have been made. In the meantime, things involved in IoT are becoming increasingly sophisticated and intelligent, showing a behavior that tends to look like the one of users in social networks. Therefore, it is not out of place to talk about profiles of things and about information and topics exchanged among them. In such a context, constructing topic-driven virtual communities starting from the real ones operating in a Multi-IoT scenario is an extremely challenging issue. This paper aims at providing some contributions in this setting. First of all, it presents the concept of profile of a thing. Then, it introduces the concept of topic-guided virtual IoT. Finally, it illustrates two approaches (one supervised and one unsupervised) to constructing topic-guided virtual IoTs in a Multi-IoT scenario.


2017 ◽  
Vol 13 (8) ◽  
pp. 155014771772868 ◽  
Author(s):  
Tri-Hai Nguyen ◽  
Myungsik Yoo

The Internet of Things is a network of physical devices consisting of embedded systems and sensors that interact with each other and connect to the Internet, and the quick growth of the Internet of Things industry has resulted in complex inter-networking on the Internet. Software-defined networking is a recent advance in computer networking that redefines the network paradigm for future communication, and the advantages of software-defined networking can also be applied to Internet of Things, namely as software-defined Internet of Things. In this article, we investigate the vulnerability of the software-defined Internet of Things platform device manager, which monitors the connected Internet of Things devices in the network. Although being the one that performs one of the most crucial services, the device managers in current primary controllers have a big security issue as they do not include any device verification, authentication, or authorization routines. Consequently, the device manager accepts all the changes of device information made by other devices, which leads to potential attacks as demonstrated in this article. To address this problem, a comprehensive and lightweight countermeasure is proposed and its effectiveness is verified through experiments.


SEEU Review ◽  
2018 ◽  
Vol 13 (1) ◽  
pp. 75-89
Author(s):  
Viona Rashica

Abstract As a product of globalization and as a fruit of new public diplomacy, digital diplomacy is considered one of the major trends of the twenty-first century in diplomatic communication. Being under the influence of the extraordinary advances in ICT, the internet and social media, the way of realization and presentation of diplomacy has been radically changed and is increasingly removed from the traditional diplomatic elements. The importance of digital diplomacy is based on the usage of ICT, the internet and social media, which at the same time represent its base, for the strengthening of the diplomatic relations. Therefore, knowledge about the role and importance of digital diplomacy is indispensable. This paper will offer information on the definition, goals, evolution and effectiveness of the digital diplomacy. Meanwhile, the main focus of the research lies in the classification of its benefits and risks. For international actors is more than clear how useful is exploitation of digital diplomacy benefits for achieving their goals in the international arena. However, the process of digitization is unseparated from cyber risks, as well as the freedom of the internet and social media is abused for various purposes that state and non-state actors may have. Although coupled with benefits on the one hand and risks on the other hand, the risks of digital diplomacy are still covered by benefits, making digital diplomacy a key element for the realization of diplomatic activities. Based on all the information over the features of the topic, the primary goal of the paper is to provide sufficient arguments for verifying the abovementioned hypothesis, which is also the general hypothesis of the paper.


Author(s):  
Elaine Cubillas Hernández ◽  
Caridad Anías Calderón ◽  
Tatiana Delgado Fernández

In the Institute of Tropical Geography (IGT), and in the rest of the centers that develop the Environmental Information System of the country, environmental measurements are not obtained in real-time. This is because the technology used to communicate this information, from the sensors that capture it to the center where it is processed, is obsolete. The objective of this work is to provide a solution to the problems raised above using Machine to Machine communication (M2M), as part of the Internet of Things (IoT) technology. To achieve the above, the M2M architecture defined by the European Telecommunications Standards Institute was revised and, based on it, the one that should be used to obtain environmental data in real-time was specified. Then, a geographical area with special characteristics was selected, located in a difficult-to-access pre-mountain zone on the outskirts of the Consolación del Sur municipality, in the Pinar del Río province of Cuba, where environmental factors of interest for the country are currently monitored using archaic methods. In the M2M area of this scenario, several alternatives were analyzed to obtain the data, which allowed selecting the most appropriate one, which is the one explained in this work


The Internet of Things (IoT) being a promising innovation of things to come and is required to associate billions of gadgets. Web of things (IoT) gadgets have been generally utilized, and Electronic correspondence is expanded quickly. The expanded number of correspondence is required to create piles of information and the security of information can be a danger. Information gathered by the IoT gadgets and the information which IoT gadget send might be the portal for an assailant to break client security. To guarantee secure correspondence between IoT centers and central point(server), a cryptographic plan for lightweight gadgets is proposed. In this plan, we make utilize pseudo stream cipher with key generation for rearranging key synchronization and improving security.. The common verification, secret key for meeting synchronization and refreshing secret key for session are finished by trading scrambled messages. Likewise, the key length and update cycle for mystery key for meeting are adaptable as indicated by application. Keys are created from mystery key for meeting for improving the security. We contrasted the plan's security and execution and some lightweight plans. As indicated by the investigation, the proposed plan can give greater security includes low overhead of correspondence which is correct for IoT Node with restricted resource and power. Encryption and decoding is finished utilizing trigonometric ideas and by utilizing the idea of stream figure. Trigonometric ideas are lightweight and improve the security up by an extraordinary degree by diminishing the odds of cryptanalysis. When contrasted with different calculations like Hill figure, RC4, RSA and Present(Lightweight square figure) and so forth, the proposed calculation gives better execution.


Author(s):  
Chandrasekar Ravi ◽  
Praveensankar Manimaran

Since the advent of the web, the number of users who started using the internet for everyday purpose has increased tremendously. Most of the common purposes are to access their data whenever they want and wherever they want. So many companies have started providing these services to normal users. These companies store huge volume of data in the data centers. So protecting the integrity of the data is the main responsibility of these companies. Blockchain is one of the trending solutions that gives storage immutability to the users. This chapter starts with the working of blockchain and smart contracts and advantages and disadvantages of blockchain and smart contracts and then goes on to explain how blockchain can be integrated into the internet of things (IOT). This chapter ends with an architecture based on the proof-of-concept for access management, which is blockchain-based fully distributed architecture.


Sign in / Sign up

Export Citation Format

Share Document