Jason R. Hamlet

Network Randomization and Dynamic Defense for Critical Infrastructure Systems

Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation’s most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and development to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.

A new power-aware FPGA design metric

Dozens of Advanced Encryption Standard (AES) implementations have been presented since AES was officially published by the National Institute of Standards and Technology in 2001. Many of these implementations have targeted FPGA platforms either for ASIC prototyping or as the destination hardware. Typically, these publications have comparative metrics to show how the proposed implementation compares to previously published work. Unfortunately, these metrics often present inaccurate comparisons. To date, these metrics have focused on area and speed, neglecting the third point of the hardware optimization triangle, power. As AES becomes more prolific and attractive for use in embedded devices, power considerations will be increasingly important. In this paper, we discuss the subtleties and qualities of metrics previously applied to FPGA AES publications. We then propose a power metric to generate a more complete, quantitative description of the quality of the implementation. The proposed metric is not specific to AES but has general FPGA design applicability. Finally, we present a comparison between four AES-256 implementations that demonstrates the inconsistent conclusions drawn when various metrics are used.

Throughput-optimized implementations of QUAD

We present several software and hardware implementations of QUAD, a recently introduced stream cipher designed to be provably secure and practical to implement. The software implementations target both a personal computer and an ARM microprocessor. The hardware implementations target field-programmable gate arrays. The purpose of our work was to first find the baseline performance of QUAD implementations, then to optimize our implementations for throughput. Our software implementations perform comparably to prior work. Our hardware implementations are the first known implementations to use random coefficients, in agreement with QUAD’s security argument, and achieve much higher throughput than prior implementations.

Dependency Graph Analysis and Moving Target Defense Selection

Moving target defense (MTD) is an emerging paradigm in which system defenses dynamically mutate in order to decrease the overall system attack surface. Though the concept is promising, implementations have not been widely adopted. The field has been actively researched for over ten years, and has only produced a small amount of extensively adopted defenses, most notably, address space layout randomization (ASLR). This is despite the fact that there currently exist a variety of moving target implementations and proofs-of-concept. We suspect that this results from the moving target controls breaking critical system dependencies from the perspectives of users and administrators, as well as making things more difficult for attackers. As a result, the impact of the controls on overall system security is not sufficient to overcome the inconvenience imposed on legitimate system users. In this paper, we analyze a successful MTD approach. We study the controls dependency graphs, showing how we use graph theoretic and network properties to predict the effectiveness of the selected control.

Unique signatures from printed circuit board design patterns and surface mount passives

Counterfeiting or surreptitious modification of electronic systems is of increasing concern, particularly for critical infrastructure and national security systems. Such systems include avionics, medical devices, military systems, and utility infrastructure. We present experimental results from an approach to uniquely identify printed circuit boards (PCBs) on the basis of device unique variations in surface mount passive components and wire trace patterns. We also present an innovative approach for combining measurements of each of these quantities to create unique, random identifiers for each PCB and report the observed entropy, reliability, and uniqueness of the signatures. These unique signatures can be used directly for verifying the integrity and authenticity of the PCBs, or can serve as the basis for generating cryptographic keys for more secure authentication of the devices during system acquisition or field deployment. Our results indicate that the proposed approaches for measuring and combining these quantities are capable of generating high-entropy, unique signatures for PCBs. The techniques explored do not require system designers to utilize specialized manufacturing processes and implementation is low-cost.

Supply Chain Lifecycle Decision Analytics.

The globalization of todays supply chains (e.g., information and communication technologies, military systems, etc.) has created an emerging security threat that could degrade the integrity and availability of sensitive and critical government data, control systems, and infrastructures. Commercial-off-the-shelf (COTS) and even government-off-the-self (GOTS) products often are designed, developed, and manufactured overseas. Counterfeit items, from individual chips to entire systems, have been found in commercial and government sectors. Supply chain attacks can be initiated at any point during the product or system lifecycle, and can have detrimental effects to mission success. To date, there is a lack of analytics and decision support tools used to analyze supply chain security holistically, and to perform tradeoff analyses to determine how to invest in or deploy possible mitigation options for supply chain security such that the return on investment is optimal with respect to cost, efficiency, and security. This paper discusses the development of a supply chain decision analytics framework that will assist decision makers and stakeholders in performing risk-based cost-benefit prioritization of security investments to manage supply chain risk. Key aspects of our framework include the hierarchical supply chain representation, vulnerability and mitigation modeling, risk assessment and optimization. This work is a part of a long term research effort on supply chain decision analytics for trusted systems and communications research challenge.