Yier Jin University of Florida United States 3 (Southeastern U.S.) Email 2019 2021 Talk(s): Introduction to Hardware and IoT Security Introduction to Hardware and IoT Security × Hardware has long been touted as a dependable and trustable entity than the software running on it. The illusion that attackers cannot easily access the isolated integrated circuit (IC) supply chain has once and again been invalidated by remotely activated hardware Trojan and untraceable break-ins of networking systems running on fake and subverted chips reported by businesses and military strategists, and confirmed by forensic security experts analyzing recent incidents. The situation was aggravated by the geographical dispersion of chip design activities and the heavy reliance on third-party hardware intellectual properties (IPs). Counterfeit chips (such as unauthorized copies, remarked/recycled dice, overproduced and subverted chips or cloned designs) pose a major threat to all stakeholders in the IC supply chain, from designers, manufacturers, system integrators to end users, in view of the severe consequence of potentially degraded quality, reliability and performance that they caused to the electronic equipment and critical infrastructure. Unfortunately, tools that can analyze the circuit netlist for malicious logic detection and full functionality recovery are lacking to prevent such design backdoors, counterfeit and malicious chips from infiltrated into the integrated circuit (IC) design and fabrication flow. This seminar addresses and reviews recent development in preventive countermeasures, post-manufacturing diagnosis techniques, and emerging security-enhanced primitives to avert these hardware security threats. This seminar also covers emerging topics where hardware platforms are playing an active role in system protection and intrusion detection. It aims to create an awareness of the ultimate challenges and solutions in addressing hardware security issues in the new age of the Internet of Things (IoT), where the intense interactions between devices and devices, and devices and humans have introduced new vulnerabilities of embedded devices and integrated electronic systems. Security of Internet of Things (IoT) and Cyber-Physical Systems (CPS): A Hands on Approach Security of Internet of Things (IoT) and Cyber-Physical Systems (CPS): A Hands on Approach × Internet of Things (IoT) has become prevalent in everyday life. These sensor-loaded devices are capable of collecting and processing information on their surroundings and transmitting them to remote locations. Harmless as it may seem, this new breed of devices have raised a number of privacy and security concerns. Device manufacturers are becoming increasingly aware of the ensuing complications and backslash an insecure device may have in the infrastructure. Security issues may come at different levels, from deployment issues that leave devices exposed to the internet with default credentials, to implementation issues where manufacturers incorrectly employ existing protocols or develop proprietary ones for communications that have not been examined for their sanity. On the hardware side, a device may also be vulnerable. An attacker with physical access to a device may be able to alter its functionality. A compromised device, whether by remote or physical access means, can then be used as a tool to exfiltrate sensitive network information, attack other devices, and as means of automatically sending malware over the internet. Cyber-physical systems (CPS) comprise the backbone of national critical infrastructures such as power grids, transportation systems, home automation systems, etc. Because cyber-physical systems are widely used in these applications, the security considerations of these systems should be of very high importance. While the security concerns of CPS can be divided into different layers with unique challenges in each layer, we will introduce the security vulnerabilities as well as potential countermeasures from the hardware perspective. We will provide detailed examples of our experimentation with CPS devices with emphasis on smart meters and PLC devices. We will then present solutions that have been proposed by both industry and academia. Besides the introduction to the IoT and CPS security, hands-on labs are also prepared for all audience. Customized smart devices will be provided where audiences can practice on how to design a commercial/industrial IoT/CPS devices and, more importantly, how to identify the security vulnerabilities of modern connected smart devices as well as how to exploit these vulnerabilities. Potential solutions to secure these devices will also be implemented in the hands-on labs. Tutorial table of contents (bulleted list): Introduction to IoT and wearable devices: what is an IoT device? Introduction to CPS: what is a CPS device? Challenges in manufacture: a vendor's view. Pitfalls and roadblocks: what is often overlooked? Security architectures for smart devices Hands-on Module I: IoT device designs Hands-on Module II: IoT security vulnerability exploitation Hands-on Module III: IoT security patches Hardware Supported Cybersecurity for IoT Hardware Supported Cybersecurity for IoT × Within the past decade, the number of IoT devices introduced in the market has increased dramatically. The total is approaching a staggering 15 billion, meaning that there are currently roughly two connected devices per living human. However, the massive deployment of IoT devices has led to significant security and privacy concerns given that security is often treated as an afterthought for IoT systems. Security issues may come at different levels, from deployment issues that leave devices exposed to the internet with default credentials, to implementation issues where manufacturers incorrectly employ existing protocols or develop proprietary ones for communications that have not been examined for their sanity. While existing cybersecurity and network security solutions can help protect IoT, they often suffer from limited onboard/on-chip resources. To mitigate this problem, researchers have developed multiple solutions based on a top-down (relying on the cloud for IoT data processing and authentication) or a bottom-up (leveraging hardware modifications for efficient cybersecurity protection). In this talk, I will first introduce the emerging security and privacy challenges in the IoT domain. I will then focus on the bottom-up solutions on IoT protection and will present our recent research effort in microarchitecture supported IoT runtime attack detection and device attestation. The developed methods will lead to a design-for-security flow towards trusted IoT and their applications.
