-
Practical Non-Invasive Probing Attacks Against Novel Carbon-Nanotube-Based Physical Unclonable Functions
Authors:
Nikolaos Athanasios Anagnostopoulos,
Alexander Braml,
Nico Mexis,
Florian Frank,
Simon Böttger,
Martin Hartmann,
Sascha Hermann,
Elif Bilge Kavun,
Stefan Katzenbeisser,
Tolga Arul
Abstract:
As the number of devices being interconnected increases, so does also the demand for (lightweight) security. To this end, Physical Unclonable Functions (PUFs) have been proposed as hardware primitives that can act as roots of trust and security. Recently, a new type of PUF based on Carbon NanoTubes (CNTs) has been proposed. At the same time, attacks and testing based on direct electrical probing a…
▽ More
As the number of devices being interconnected increases, so does also the demand for (lightweight) security. To this end, Physical Unclonable Functions (PUFs) have been proposed as hardware primitives that can act as roots of trust and security. Recently, a new type of PUF based on Carbon NanoTubes (CNTs) has been proposed. At the same time, attacks and testing based on direct electrical probing appear to be moving towards non-invasive techniques. In this context, this work attempts to examine the potential for practical non-invasive probing attacks against the CNT-PUF, a novel PUF based on CNTs. Our results indicate that direct probing might potentially compromise the security of this PUF. Nevertheless, we note that this holds true only in the case that the attacker can directly probe the wire corresponding to the secret value of each CNT-PUF cell. Thus, we can conclude that the examined CNT-PUFs are rather resilient to direct probing attacks, that non-invasive probing methods appear to be promising for testing such PUFs, and that, in order for the attacker to gain the full-length value of the secret, all the relevant channels would need to be probed. Nevertheless, as our work proves, practical non-invasive attacks against the CNT-PUF are feasible and adequate countermeasures need to be employed in order to address this issue.
△ Less
Submitted 3 July, 2023;
originally announced July 2023.
-
ADR-Lite: A Low-Complexity Adaptive Data Rate Scheme for the LoRa Network
Authors:
Reza Serati,
Benyamin Teymuri,
Nikolaos Athanasios Anagnostopoulos,
Mehdi Rasti
Abstract:
The long-range and low energy consumption requirements in Internet of Things (IoT) applications have led to a new wireless communication technology known as Low Power Wide Area Network (LPWANs). In recent years, the Long Range (LoRa) protocol has gained a lot of attention as one of the most promising technologies in LPWAN. Choosing the right combination of transmission parameters is a major challe…
▽ More
The long-range and low energy consumption requirements in Internet of Things (IoT) applications have led to a new wireless communication technology known as Low Power Wide Area Network (LPWANs). In recent years, the Long Range (LoRa) protocol has gained a lot of attention as one of the most promising technologies in LPWAN. Choosing the right combination of transmission parameters is a major challenge in the LoRa networks. In LoRa, an Adaptive Data Rate (ADR) mechanism is executed to configure each End Device's (ED) transmission parameters, resulting in improved performance metrics. In this paper, we propose a link-based ADR approach that aims to configure the transmission parameters of EDs by making a decision without taking into account the history of the last received packets, resulting in a relatively low space complexity approach. In this study, we present four different scenarios for assessing performance, including a scenario where mobile EDs are considered. Our simulation results show that in a mobile scenario with high channel noise, our proposed algorithm's Packet Delivery Ratio (PDR) is 2.8 times outperforming the original ADR and 1.35 times that of other relevant algorithms.
△ Less
Submitted 26 October, 2022;
originally announced October 2022.
-
Real-World Chaos-Based Cryptography Using Synchronised Chua Chaotic Circuits
Authors:
Emiliia Nazarenko,
Nikolaos Athanasios Anagnostopoulos,
Stavros G. Stavrinides,
Nico Mexis,
Florian Frank,
Tolga Arul,
Stefan Katzenbeisser
Abstract:
This work presents the hardware demonstrator of a secure encryption system based on synchronised Chua chaotic circuits. In particular, the presented encryption system comprises two Chua circuits that are synchronised using a dedicated bidirectional synchronisation line. One of them forms part of the transmitter, while the other of the receiver. Both circuits are tuned to operate in a chaotic mode.…
▽ More
This work presents the hardware demonstrator of a secure encryption system based on synchronised Chua chaotic circuits. In particular, the presented encryption system comprises two Chua circuits that are synchronised using a dedicated bidirectional synchronisation line. One of them forms part of the transmitter, while the other of the receiver. Both circuits are tuned to operate in a chaotic mode. The output (chaotic) signal of the first circuit (transmitter) is digitised and then combined with the message to be encrypted, through an XOR gate. The second Chua circuit (receiver) is used for the decryption; the output chaotic signal of this circuit is similarly digitised and combined with the encrypted message to retrieve the original message. Our hardware demonstrator proves that this method can be used in order to provide extremely lightweight real-world, chaos-based cryptographic solutions.
△ Less
Submitted 13 July, 2023; v1 submitted 11 August, 2022;
originally announced October 2022.
-
Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature
Authors:
Florian Frank,
Wenjie Xiong,
Nikolaos Athanasios Anagnostopoulos,
André Schaller,
Tolga Arul,
Farinaz Koushanfar,
Stefan Katzenbeisser,
Ulrich Ruhrmair,
Jakub Szefer
Abstract:
The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately sense…
▽ More
The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately sense the temperature in the vicinity of the DRAM-carrying device. Among others, this enables adversaries to remotely and purely digitally spy on personal behavior in users' private homes, or to collect security-critical data in server farms, cloud storage centers, or commercial production lines. We demonstrate that our attack can be performed by merely compromising the software of an IoT device and does not require hardware modifications or physical access at attack time. It can achieve temperature resolutions of up to 0.5°C over a range of 0°C to 70°C in practice. Perhaps most interestingly, it even works in devices that do not have a dedicated temperature sensor on board. To complete our work, we discuss practical attack scenarios as well as possible countermeasures against our temperature espionage attacks.
△ Less
Submitted 3 August, 2022;
originally announced August 2022.
-
On the Sustainability of Lightweight Cryptography Based on PUFs Implemented on NAND Flash Memories Using Programming Disturbances
Authors:
Nikolaos Athanasios Anagnostopoulos,
Yufan Fan,
Muhammad Umair Saleem,
Nico Mexis,
Florian Frank,
Tolga Arul,
Stefan Katzenbeisser
Abstract:
In this work, we examine the potential of Physical Unclonable Functions (PUFs) that have been implemented on NAND Flash memories using programming disturbances to act as sustainable primitives for the purposes of lightweight cryptography. In particular, we investigate the ability of such PUFs to tolerate temperature and voltage variations, and examine the current shortcomings of existing NAND-Flas…
▽ More
In this work, we examine the potential of Physical Unclonable Functions (PUFs) that have been implemented on NAND Flash memories using programming disturbances to act as sustainable primitives for the purposes of lightweight cryptography. In particular, we investigate the ability of such PUFs to tolerate temperature and voltage variations, and examine the current shortcomings of existing NAND-Flash-memory PUFs that are based on programming disturbances as well as how these could potentially be addressed in order to provide more robust and more sustainable security solutions.
△ Less
Submitted 11 June, 2022; v1 submitted 5 April, 2022;
originally announced April 2022.
-
Ear Recognition
Authors:
Nikolaos Athanasios Anagnostopoulos
Abstract:
Ear recognition can be described as a revived scientific field. Ear biometrics were long believed to not be accurate enough and held a secondary place in scientific research, being seen as only complementary to other types of biometrics, due to difficulties in measuring correctly the ear characteristics and the potential occlusion of the ear by hair, clothes and ear jewellery. However, recent rese…
▽ More
Ear recognition can be described as a revived scientific field. Ear biometrics were long believed to not be accurate enough and held a secondary place in scientific research, being seen as only complementary to other types of biometrics, due to difficulties in measuring correctly the ear characteristics and the potential occlusion of the ear by hair, clothes and ear jewellery. However, recent research has reinstated them as a vivid research field, after having addressed these problems and proven that ear biometrics can provide really accurate identification and verification results. Several 2D and 3D imaging techniques, as well as acoustical techniques using sound emission and reflection, have been developed and studied for ear recognition, while there have also been significant advances towards a fully automated recognition of the ear. Furthermore, ear biometrics have been proven to be mostly non-invasive, adequately permanent and accurate, and hard to spoof and counterfeit. Moreover, different ear recognition techniques have proven to be as effective as face recognition ones, thus providing the opportunity for ear recognition to be used in identification and verification applications. Finally, even though some issues still remain open and require further research, the scientific field of ear biometrics has proven to be not only viable, but really thriving.
△ Less
Submitted 25 January, 2021;
originally announced January 2021.
-
The Role of Cost in the Integration of Security Features in Integrated Circuits for Smart Cards
Authors:
Nikolaos Athanasios Anagnostopoulos
Abstract:
This essay investigates the role of cost in the development and production of secure integrated circuits. Initially, I make a small introduction on hardware attacks on smart cards and some of the reasons behind them. Subsequently, I introduce the production phases of chips that are integrated to smart cards and try to identify the costs affecting each one of them. I proceed to identify how adding…
▽ More
This essay investigates the role of cost in the development and production of secure integrated circuits. Initially, I make a small introduction on hardware attacks on smart cards and some of the reasons behind them. Subsequently, I introduce the production phases of chips that are integrated to smart cards and try to identify the costs affecting each one of them. I proceed to identify how adding security features on such integrated circuits may affect the costs of their development and production. I then make a more thorough investigation on the costs of develo** a hardware attack for such chips and try to estimate the potential damages and losses of such an attack. I also go on to examine potential ways of reducing the cost of production for secure chips, while identifying the difficulties in adopting them.
This essay ends with the conclusion that adding security features to chips meant to be used for secure applications is well worth it, because the costs of develo** attacks are of comparable amounts to the costs of develo** and producing a chip and the potential damages and losses caused by such attacks can be way higher than these costs. Therefore, although the production and development of integrated circuits come at a certain cost and security introduces further additional costs, security is inherently unavoidable in such chips. Finally, I additionally identify that security is an evolving concept and does not aim to make a chip totally impenetrable, as this may be impossible, but to lower the potential risks, including that of being compromised, to acceptable levels. Thus, a balance needs be found between the level of security and the levels of cost and risk.
△ Less
Submitted 25 January, 2021;
originally announced January 2021.
-
Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security
Authors:
André Schaller,
Wenjie Xiong,
Nikolaos Athanasios Anagnostopoulos,
Muhammad Umair Saleem,
Sebastian Gabmeyer,
Stefan Katzenbeisser,
Jakub Szefer
Abstract:
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intr…
▽ More
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules; the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context: to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.
△ Less
Submitted 12 February, 2019;
originally announced February 2019.