Kyriakos Stefanidis

Real-time service provisioning for mobile and wireless networks

As mobile devices and wireless networks are becoming ubiquitous, the interest of users to deploy real-time applications, e.g. online gaming or Voice-over-IP in such environments is also increasing. Due to the difference between traditional and wireless networks, in particular in terms of available bandwidth and network structure, the concepts used for supporting real-time applications in both networks are different. This paper gives an overview of the key technical challenges that are fundamental and need to be solved in order to easily support real-time applications in wireless and mobile environments. In a first step, issues related to service provisioning in mobile networks are discussed. This is followed by a look at the Quality of Service supported by wireless networks and possible techniques for improving it. Finally, concepts for securing the communication between the users of real-time applications in wireless and mobile networks are presented. For each of these issues, we provide a detailed analysis and an overview of the state-of-the-art. Moreover, we illustrate the main points using distributed online games as an example.

Efficient triggering of Trojan hardware logic

The detection of malicious hardware logic (hardware Trojan) requires test patterns that succeed in exciting the malicious logic part. Testing of all possible input patterns is often prohibitively expensive. As an alternative, we explored previously the applicability of the combinatorial testing principles. In this paper, we turn our focus on the efficiency of this approach for triggering the hidden malicious logic. We present a series of experiments with Trojan designs of various activation patterns and lengths that target a cryptographic module performing AES cryptography. Our findings indicate that the available test suites succeed in triggering the malicious logic in all cases requiring only a very small number of test vectors. Thus, it is an efficient means for detecting malicious hardware logic.

An HMM-Based Anomaly Detection Approach for SCADA Systems

We describe the architecture of an anomaly detection system based on the Hidden Markov Model (HMM) for intrusion detection in Industrial Control Systems (ICS) and especially in SCADA systems interconnected using TCP/IP. The proposed system exploits the unique characteristics of ICS networks and protocols to efficiently detect multiple attack vectors. We evaluate the proposed system in terms of detection accuracy using as reference datasets made available by other researchers. These datasets refer to real industrial networks and contain a variety of identified attack vectors. We benchmark our findings against a large set of machine learning algorithms and demonstrate that our proposal exhibits superior performance characteristics.

TERO-Based Detection of Hardware Trojans on FPGA Implementation of the AES Algorithm

A Transient Effect Ring Oscillator (TERO) is a special case of a Ring Oscillator (RO) design that exhibits increased sensitivity to intrinsic noise. It can serve as a basis for implementing a True Random Number Generator (TRNG) or a Physically Uncloneable Function (PUF). Also, as a digital sensor for detecting insertion of malicious hardware logic (Trojans) in digital circuits. Here, we explore the application of TERO for detecting hardware Trojans injected in FPGA implementations of the AES cryptographic algorithm. Experiments and comparisons are reported in terms of the frequency as a function of the TERO length. Our findings indicate that TERO-based digital sensors can be used to efficiently detect the presence of the Trojan.

Increasing lifetime of cryptographic keys on smartphone platforms with the controlled randomness protocol

A significant design parameter for secure embedded systems is the performance of the cryptographic algorithms implementation. We present a performance analysis on the same hardware of the cryptographic libraries available on the Google Android 2.2 and Microsoft Windows Phone 7 smartphone platforms and show that they exhibit quite different characteristics. This is an important consideration for designing multi-platform, security-aware applications. The use of cryptography requires mechanisms for handling the cryptographic keys. This is a hard-to-address and error-prone procedure, especially in systems with intermittent connectivity. The previously proposed Control Randomness Protocol (CRP) reduces the need for frequent key refreshing and extends the useful lifetime of a given set of keys. We present SCRP, an adaptation of the CRP for the smartphone environment. We show that SCRP achieves an adjustable security level in a fraction of computation and communication overhead.

Performance of the Controlled Randomness Protocol on .NET Compact Framework Embedded Systems

The Controlled Randomness Protocol (CRP) for management of cryptographic keys is a method to improve the security level of secure communication protocols. We assess the performance of the CRP when implemented on embedded systems running the .NET Compact Framework. We present our findings from two different platforms: one smartphone running .NET Compact Framework 3.5 and one smartphone running .NET Compact Framework 4.0. Our assessment verifies that when implemented in the .NET Compact Framework, the controlled randomness protocol imposes a configurable and tolerable amount of overhead computation while it offers a significant security improvement compared to a conventional implementation of a key management protocol.

On the effects of ring oscillator length and hardware Trojan size on an FPGA-based implementation of AES

Abstract The recent trend in a wide range of application domains, from the Internet of Things to space communications, is to deploy computing systems on FPGA devices. Modern FPGA technology encompasses billions of gates integrated in a single chip. In this setting, it is easier for an attacker to inject or introduce additional, malicious logic or to modify an existing one in order to cause abnormal behavior. As a result, new security requirements arise from the design process perspective. A Ring Oscillator (RO) is an established technique to realize a digital sensor in FPGA designs to detect additional or modified malicious circuit, i.e., a hardware Trojan horse or simply a Trojan. Variable-length Ring Oscillators (VLROs) were proposed in the literature as an advanced detection mechanism for run-time configuration of RO length to avoid bypassing. Here, we expand VLROs effectiveness studies in two families of Trojans (combinational and sequential) and Trojans of varying size. We analyze the effect of the Trojan size and the length of the RO on the ability to detect malicious logic injected in a reference FPGA implementation of the AES cryptographic algorithm.

Information system framework architecture for organization agnostic logistics utilizing standardized IoT technologies

Logistics or supply-chain services provide enterprises and organizations with the necessary level of flexibility and efficiency in order to retain competitiveness under the increasingly turbulent e-business area. Web-Services are utilized by organizations in order to integrate high and low level applications, thus providing a collaborative environment without affecting inter- and intra-enterprise processes. Nevertheless, the above context should be enhanced in order to comply with the Web-of-Things concept. This paper describes a sustainable approach towards the above requirement by employing ONS based services able to provide targeted information regarding RFID-enabled physical objects that are handled in an organization agnostic collaborative environment.

Detection, traceback and filtering of denial of service attacks in networked embedded systems

This work presents a composite scheme for detection, traceback and filtering of distributed denial of service (DDoS) attacks in networked embedded systems. A method based on algorithmic analysis of various node and network parameters is used to detect attacks while a packet marking method is used to mitigate the effects of the attack by filtering the incoming traffic that is part of this attack and trace back to the origin of the attack. The combination of the detection and mitigation methods provide an increased level of security in comparison to approaches based on a single method. Furthermore, the scheme is developed in a way to comply with the novel SHIELD secure architecture being developed, which aims at providing interoperability with other secure components as well as metrics to quantify their security properties.