Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

Collusion-free for Cloud Verification toward the View of Game Theory

At present, clients can outsource lots of complex and abundant computation, e.g., Internet of things (IoT), tasks to clouds by the “pay as you go” model. Outsourcing computation can save costs for clients and fully utilize the existing cloud infrastructures. However, it is hard for clients to trust the clouds even if blockchain is used as the trusted platform. In this article, we utilize the verification method as SETI@home by only two rational clouds, who hope to maximize their utilities. Utilities are defined as the incomes of clouds when they provide computation results to clients. More specifically, one client outsources two jobs to two clouds and each job contains n tasks, which include k identical sentinels. Two clouds can either honestly compute each task or collude on the identical sentinel tasks by agreeing on random values. If the results of identical sentinels are identical, then client regards the jobs as correctly computed without verification. Obviously, rational clouds have incentives to deviate by collusion and provide identical random results for a higher income. We discuss how to prevent collusion by using deposits, e.g., bit-coins. Furthermore, utilities for each cloud can be automatically assigned by a smart contract. We prove that, given proper parameters, two rational clouds will honestly send correct results to the client without collusion.

A cross sectional study on COVID-19 vaccine acceptances and barriers to vaccination in district Jhansi

Background: The long-term control of the pandemic COVID-19 pandemic hinges on the uptake of vaccine and high immunization uptake is critical. Vaccine hesitancy is one of the top 10 threats to global health. Hesitancy will be a challenge to curbing this pandemic.Methods: A cross‐sectional study was done among the population in Jhansi where data was collected through an online questionnaire using Google forms and was distributed using social media platforms. Total of 220 data was collected.Results: 80.2% of the respondents were willing to get vaccinated. 78.9% of the respondents have taken previous vaccinations by the government. 70 of them trust government health care departments and media (82.2%) is the least trusted platform regarding vaccination. Majority agreed to the perceived benefits of COVID-19. 80.3% were willing to take free vaccination. 46.9% were willing to pay for COVID vaccine.Conclusions: The scenario in Jhansi was positive towards the vaccination drive and majority of them were willing to get vaccinated. But strategies must be made effective in terms of elevating the barriers to vaccination.

COVID-19 vaccine acceptances and barriers to vaccination in the context of Kerala: a cross-sectional survey

Background: The long-term control of the pandemic COVID-19 pandemic hinges on the uptake of vaccine and high immunization uptake is critical but barriers to immunization exists. Vaccine hesitancy is one of the top 10 threats to global health. Hesitancy will be a challenge to curbing this pandemic. Apt vaccination strategies are very essential to increase vaccine acceptance.Methods: A cross‐sectional study among the population in Kerala where data was collected through an online questionnaire using Google forms and was distributed using social media platforms. Total of 213 data was collected. Study focused on aspects of vaccine communication, preference of COVID-19 vaccine, perceived benefits, and barriers of COVID-19 vaccine acceptance and cues of vaccine.Results: 80.2% of the respondents were willing to get vaccinated. 78.9% of the respondents have taken previous vaccinations by the government. 70 of them trust government health care departments and media (82.2%) is the least trusted platform regarding vaccination. 56.3% are not getting enough information on COVID vaccine safety, while 81.2% of the respondents did not receive negative information. A majority of them (64.3%) relied on official government websites for information. Majority agrees to the perceived benefits of COVID-19. 80.3% are willing to take free vaccination. 46.9 % are willing to pay for COVID vaccine.Conclusions: The scenario in Kerala is positive towards the vaccination drive and majority of them are willing to get vaccinated. But strategies must be made effective in terms of elevating the barriers to vaccination.

Shared Mobility for Transport and Its Environmental Impact VeSIPreS: A Vehicular Soft Integrity Preservation Scheme for Shared Mobility

Car manufacturers are noticing and encouraging a trend away from individual mobility, where a vehicle is owned and driven by one or only a few other persons, and towards shared-mobility concepts. That means that many different people use and have access to the same vehicle. An attacker disguised as a regular short-time user can use the additional attack vectors (s)he gets by having physical access to tamper the vehicle’s software. The software takes a continuously more crucial role in cars for autonomous driving, and manipulations can have catastrophic consequences for the persons on board. Currently, there is no mechanism available to the vehicle owner to detect such manipulations in the vehicle done by the attacker (short-time user). In this work, a novel vehicle attestation scheme called Vehicular Soft Integrity Preservation Scheme (VeSIPreS) is proposed to detect tampering in the software stack of a vehicle and guarantee the upcoming driver that the previous user has not changed the software of the vehicle. The solution consists of a software module in the vehicle and a mobile-based user application for the vehicle owner to monitor the vehicle’s soft integrity. Inside the vehicle, the software module is implemented in the central gateway, which acts as the primary security component. VeSIPreS uses Trusted Platform Module (TPM) in the central gateway, which anchors trust in our proposed solution. This paper also provides a proof-of-concept implementation with a TPM, demonstrating its application and deployment feasibility and presentig a security analysis to show the security of VeSIPreS.

Remote Attestation on Behavioral Traces for Crowd Quality Control Based on Trusted Platform Module

Behavioral traces of workers have emerged as a new evidence to check the quality of their produced outputs in crowd computing. Whether the evidence is trustworthy or not is a key problem during the process. Challenges will be encountered in addressing this issue, because the evidence comes from unknown or adversarial workers. In this study, we proposed an alternative approach to ensure trustworthy evidence through a hardware-based remote attestation to bridge the gap. The integrity of the evidence was used as the trustworthy criterion. Trusted Platform Module (TPM) was considered the trusted anchor inspired by trusted computing to avoid unreliable or malicious workers. The module carefully recorded and stored many workers’ behavioral traces in the storage measurement log (SML). Each item in the log was extended to a platform configuration register (PCR) by the occurrence sequence of each event. The PCR was a tamper-proof storage inside the TPM. The value of the PCR was also considered evidence together with the SML. The evidence was sent to the crowdsourcing platform with the TPM signature. The platform checked the integrity of the evidence by a series of operations, such as validating the signature and recomputing the SML hash. This process was designed as a remote attestation protocol. The effectiveness, efficiency, and security of the protocol were verified theoretically and through experiments based on the open dataset, WebCrowd25K, and custom dataset. Results show that the proposed method is an alternative solution for ensuring the integrity of behavioral traces.

TAMEC: Trusted Augmented Mobile Execution on Cloud

Cloud computing has emerged as an attractive platform for individuals and businesses to augment their basic processing capabilities. Mobile devices with access to Internet are also turning towards clouds for resource-intensive tasks by working out a trade-off between resources required for performing computation on-device against those required for off-loading task to the cloud. However, as with desktop clients, mobile clients face significant concerns related to confidentiality and integrity of data and applications moved to and from the cloud. Cloud-related security solutions proposed for desktop clients could not be readily ported to mobile clients owing to the obvious limitation in their processing capabilities and restrained battery life. We address this problem by proposing architecture for secure exchange and trusted execution between mobile devices and cloud hosts. We establish a symmetric-key-based secure communication channel between mobile and cloud, backed by a trusted coordinator. We also employee a Trusted Platform Module- (TPM-) based attestation of the cloud nodes on which the data and applications of mobile device will be hosted. This gives a comprehensive solution for end-to-end secure and trusted interaction of the mobile device with cloud hosts.

Establishment of Trust in Internet of Things by Integrating Trusted Platform Module: To Counter Cybersecurity Challenges

With the increasing day-to-day acceptance of IOT computing, the issues related to it are also getting more attention. The current IOT computing infrastructure brings some security challenges concerned with the users/customers and CSP. The users can store their confidential data at IOT storage and can access them anytime when they need. Lack of trust exists among IOT users and between IOT users and CSP. The prevention of this risk is a big research issue and it needs to be solved. There is a need for trusted IOT computing in recent times to provide trusted services. Here, we propose the integration of TPM in IOT computing to performs cryptographic operations and provide hardware-based security. In this domain, different schemes and methods have been proposed to build trust in IOT computing, but the suitable solution has not been presented by these schemes because these schemes lack in terms of some security services. A comparative study based on trusted computing schemes has also been presented in this paper along with different implementations of critical analysis. Our study is based on an overview of the main issues and summarizing the literature along with their strengths and limitations. In the end, we integrated the trusted platform module in the IOT architecture to establish the trust in IOT computing and to enhance the cybersecurity challenges and evaluated it with the help of mathematical/algorithms/graph theory/matrices and logical diagrams.