Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

Forest Fire Detection via Feature Entropy Guided Neural Network

Forest fire detection from videos or images is vital to forest firefighting. Most deep learning based approaches rely on converging image loss, which ignores the content from different fire scenes. In fact, complex content of images always has higher entropy. From this perspective, we propose a novel feature entropy guided neural network for forest fire detection, which is used to balance the content complexity of different training samples. Specifically, a larger weight is given to the feature of the sample with a high entropy source when calculating the classification loss. In addition, we also propose a color attention neural network, which mainly consists of several repeated multiple-blocks of color-attention modules (MCM). Each MCM module can extract the color feature information of fire adequately. The experimental results show that the performance of our proposed method outperforms the state-of-the-art methods.

Design of a Cryptographically Secure Pseudo Random Number Generator with Grammatical Evolution

This work investigates the potential of evolving an initial seed with Grammatical Evolution (GE), for the construction of cryptographically secure (CS) pseudo-random number generator (PRNG). We harness the flexibility of GE as an entropy source for returning initial seeds. The initial seeds returned by GE demonstrate an average entropy value of 7.920261600000001 which is extremely close to the ideal value of 8. The initial seed combined with our proposed approach, control_flow_incrementor, is used to construct both, GE-PRNG and GE-CSPRNG.The random numbers generated with CSPRNG meet the prescribed National Institute of Standards and Technology (NIST) SP800-22 requirements. Monte Carlo simulations established the efficacy of the PRNG. The experimental setup was designed to estimate the value for pi, in which 100,000,000 random numbers were generated by our system and which resulted in returning the value of pi to 3.146564000, with a precision up to six decimal digits. The random numbers by GE-PRNG were compared against those generated by Python’s rand() function for sampling. The sampling results, when measured for accuracy against twenty-nine real world regression datasets, showed that GE-PRNG had less error when compared to Python’s rand() against the ground truths in seventeen of those, while there was no discernible difference in the remaining twelve.

Design of True Random Number Generator Using Fingerprint as an Entropy Source and Its Implementation in S-Box

This paper deals with the design of a true random number generator (TRNG) using the fingerprint as an entropy source and its implementation in substitution box (S-box) of Advanced Encryption Standard (AES). Considering fingerprint as a unique and random arrangement of minutiae, these minutiae points are used as the source of entropy. The proposed design utilizes fewer resources minimizing hardware redundancy and enhancing the level of randomness. This TRNG has been designed and validated using Artix-7 FPGA. The data rate, speed and latency have been obtained as 40 Mbps, 5 Mbps and 305 ns, respectively. The generated random bit stream had also been sampled and converted to a binary format in MATLAB and tested through the National Institute of Standards and Technology (NIST) 800.22 statistical suite for validation. The proposed TRNG design pass efficiency achieved is more than 95% for a sample size of 10 binary sequences.

Sensor-Based Entropy Source Analysis and Validation for Use in IoT Environments

The IoT market has grown significantly in recent years, and it is estimated that it will continue to do so. For this reason, the need to identify new solutions to ensure security is vital for the future development in this field. Inadequate sources of entropy are one of the factors that negatively influence security. In this study, inspired by NIST’s latest entropy estimation recommendations, we proposed a methodology for analyzing and validating a sensor-based entropy source, highlighted by an innovative experiment design. Moreover, the proposed solution is analyzed in terms of resistance to multiple types of attacks. Following an analysis of the influence of sensor characteristics and settings on the entropy rate, we obtain a maximum entropy value of 0.63 per bit, and a throughput of 3.12 Kb/s, even when no motion is applied on the sensors. Our results show that a stable and resistant entropy source can be built based on the data obtained from the sensors. Our assessment of the proposed entropy source also achieves a higher complexity than previous studies, in terms of the variety of approached situations and the types of the performed experiments.

Chaos-Based Engineering Applications with a 6D Memristive Multistable Hyperchaotic System and a 2D SF-SIMM Hyperchaotic Map

In recent years, the research of chaos theory has developed from simple cognition and analysis to practical engineering application. In particular, hyperchaotic systems with more complex and changeable chaotic characteristics are more sensitive and unpredictable, so they are widely used in more fields. In this paper, two important engineering applications based on hyperchaos pseudorandom number generator (PRNG) and image encryption are studied. Firstly, the coupling 6D memristive hyperchaotic system and a 2D SF-SIMM discrete hyperchaotic mapping are used as the double entropy source structure. The double entropy source structure can realize a new PRNG that meets the security requirements, which can pass the NIST statistical test when the XOR postprocessing method is used. Secondly, based on the double entropy source structure, a new image encryption algorithm is proposed. The algorithm uses the diffusion-scrambling-diffusion encryption scheme to realize the conversion from the original plaintext image to the ciphertext image. Finally, we analyze the security of the proposed PRNG and image encryption mechanism, respectively. The results show that the proposed PRNG has good statistical output characteristics and the proposed image encryption scheme has high security, so they can be effectively applied in the field of information security and encryption system.

Enhancement of digital signature algorithm in bitcoin wallet

Bitcoin is a peer-to-peer electronic cash system largely used for online financial transactions. It gained popularity due to its anonymity, privacy, and comparatively low transaction cost. Its wallet heavily relies on Elliptic Curve Digital Signature Algorithm (ECDSA). Weaknesses in such algorithms can significantly affect the safety and the security of bitcoin wallets. In this paper, a secure key management wallet was designed based on several changes in the wallet parts. In the cold wallet, we employed an image-based passphrase to achieve a strong entropy source of master seed. The hot wallet, the proposed key_ Gen algorithm is modifying to the key generation step of the ECDSA that it is to generate a fresh key pair at each transaction. The final part ensures recovering all keys on both hot and cold wallets without daily backups in case of losing the wallet. The findings prove that the proposed cold wallet is resisting against a dictionary attack and overcoming the memorizing problem. The proposed hot wallet model acquires good anonymity and privacy for bitcoin users by eliminating transaction likability without additional cost. The execution time for signing a transaction of the proposed model is~70 millisecond, which is then important in the bitcoin domain.