Jeffrey Todd McDonald

In-Vehicle Networks: Attacks, Vulnerabilities, and Proposed Solutions

Vehicles made within the past years have gradually become more and more complex. As a result, the embedded computer systems that monitor and control these systems have also grown in size and complexity. Unfortunately, the technology that protects them from external attackers has not improved at a similar rate. In this paper we discuss the vulnerabilities of modern in-vehicle networks, focusing on the Controller Area Network (CAN) communications protocol as a primary attack vector. We discuss the vulnerabilities of CAN, the types of attacks that can be used against it, and some of the solutions that have been proposed to overcome these attacks.

Software Security and Randomization through Program Partitioning and Circuit Variation

The commodity status of Field Programmable Gate Arrays (FPGAs) has allowed computationally intensive algorithms, such as cryptographic protocols, to take advantage of faster hardware speed while simultaneously leveraging the reconfigurability and lower cost of software. Numerous security applications have been transitioned into FPGA implementations allowing security applications to operate at real-time speeds, such as firewall and packet scanning on high speed networks. However, the utilization of FPGAs to directly secure software vulnerabilities is seemingly non-existent.n Protecting program integrity and confidentiality is crucial as malicious attacks through injected code are becoming increasingly prevalent. This paper lays the foundation of continuing research in how to protect software by partitioning critical sections using reconfigurable hardware. This approach is similar to a traditional coprocessor approach to scheduling opcodes for execution on specialized hardware as opposed to running on the native processor. However, the partitioned program model enables the programmer the ability to split portions of an application to reconfigurable hardware at compile time. The fundamental underlying hypothesis is that synthesizing portions of programs onto hardware can mitigate potential software vulnerabilities. Further, this approach provides an avenue for randomization or diversity for software layout and circuit variation.

Foundations for Security Aware Software Development Education

Most instances of software exploitation are really software failure. Even though we cannot eliminate vulnerability from modern information systems, we can reduce exploitable code long term with sound, robust development practices. We argue that the current hot topic of so-called secure coding represents commonly taught coding techniques that ensure robustness, rather than ensuring any commonly understood concept of security. Weaving the practice of rigorous coding techniques into curriculum is essential — coding for security is useless apart from fault-tolerant foundations. However, security-specific coding techniques need to be integrated pedagogically alongside robustness so that students can differentiate the two. We propose in this paper a shift in instructional methods based on this distinction to help future programmers, developers, and software engineers produce security-aware software.

Functional polymorphism for intellectual property protection

Polymorphic gates and circuits have been used in the past to design evolutionary components that can sense the environment. In general, polymorphic gates can change their function based on environmental properties such as temperature and power. In the modern digital logic threat landscape, adversarial reverse engineering and illegal cloning pose two risks for hardware-based applications with embedded intellectual property (IP). In this paper, we implement the concept of functional polymorphism at the design level using realized polygates and consider its application for IP protection in specific digital supply chain settings. We introduce a transformation algorithm for general circuits that utilize polygates to produce variants of a target circuit or component. We provide results of a case study analysis on traditional combinational benchmark circuits and components that illustrates efficacy of the approach for circuit watermarking and the ability to defeat adversarial reverse engineering as part of the supply chain lifecycle.

Applications for Provably Secure Intent Protection with Bounded Input-Size Programs

The de facto standard program obfuscation security model, termed the virtual black box (VBB), declares a program to be securely obfuscated if and only if an adversary can prove no more when given the obfuscated code than it can when only given oracle access to the original program. In this paper, we define and give methodology for a perfectly secure program intent obfuscation that is general and practical for bounded input-size programs, including those with input/output relationships that are easily learned. We also lay foundations for how to embed a key securely in a private-key encryption setting using such constructions

Evaluating component hiding techniques in circuit topologies

Security for Cyber physical systems includes not only guaranteeing operational security of data they process, but preventing malicious alteration of their execution due to knowledge of their underlying structure. With the advent of software in the form of reprogrammable hardware descriptions, protection of field programmable units from malicious reverse engineering and subversion becomes more critical. We compare four different white-box transformation algorithms aimed at hindering adversarial reverse engineering by changing component and signal configurations within combinational logic programs. We present security and efficiency analysis for these techniques and show positive results for achieving measurable hiding of signal and component information.

Creating digital fingerprints on commercial field programmable gate arrays

In this paper, we discuss the method of creating a circuit identifier, or digital fingerprint, for field programmable gate arrays (FPGAs). The proposed digital fingerprint is a function of the natural variations in the semiconductor manufacturing process that cannot be duplicated or forged. The proposed digital fingerprint allows the use of any arbitrary of nodes internal to the circuit or the circuit outputs as monitoring locations. Changes in the signal on a selected node or output can be quantified digitally over a period of time or at a specific instance of time. Two monitoring methods are proposed, one using cumulative observation of the nodes and the other samples the nodes based on a signal transition. Two monitoring methods were validated on a small sample of twenty Xilinxreg Virtex-II Pro FPGAs, where both methods successfully created unique identifiers for each FPGA. In addition, the effects of temperature and voltage fluctuations are also discussed.

Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

The continued integration of technology into all naspects of society stresses the need to identify and nunderstand the risk associated with assimilating new ntechnologies. This necessity is heightened when ntechnology is used for medical purposes like nambulatory devices that monitor a patient’s vital signs. nThis integration creates environments that are nconducive to malicious activities. The potential impact npresents new challenges for the medical community. nHence, this research presents attack graph nmodeling as a viable solution to identifying nvulnerabilities, assessing risk, and forming mitigation nstrategies to defend ambulatory medical devices from nattackers. Common and frequent vulnerabilities and nattack strategies related to the various aspects of nambulatory devices, including Bluetooth enabled nsensors and Android applications are identified in the nliterature. Based on this analysis, this research npresents an attack graph modeling example on a ntheoretical device that highlights vulnerabilities and nmitigation strategies to consider when designing nambulatory devices with similar components

Developing a power measurement framework for cyber defense

Energy Delivery Systems (EDS) have become smarter by incorporating chips and data communication capabilities. As a result, they have become more vulnerable to cyber-attacks as well. As part of a systems health monitoring approach, we investigate whether cyber-events targeting EDS can be detected by monitoring component-level data such as temperature, voltage, power, and process indicative variables---collectively referred to as component health indicators. We report our experiences with developing a measurement framework for power consumption in different EDS components such as Cabinet Distribution Units (CDU), Power Distribution Units (PDU), and standard enterprise desktops. Our plan for gathering and analyzing power consumption data involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. As a contribution, we report on initial experiments with power measurement techniques and outline future work for evaluating components under normal and anomalous operating regimes.

Integrating Historical Security Jewels in Information Assurance Education

Information assurance (IA) programs are becoming increasingly viable options for computer science and IT students in universities across the US. Although the sophistication of and number of attacks on the cyber domain increase every year, the foundational principles that IA professionals need to learn to advance security and implement new technology remain stable. This article looks at jewels of security education that remain timeless in terms of their teaching value in IA. Secure communication and protocol analysis are key facets of security education, and previous research provides some foundational tenets thereof. These and other jewels give timeless principles to IA professionals for interpreting current practical applications and theoretic limits found in the larger body of security-related research.