CESCA Research Day 2013 Abstracts
|Research Day Main||Program Schedule||Symposium Abstracts||New! Pictures||New! Videos|
Please click here to download all the presentation slides in a zip file (31MB). For a particular presentation, click "Slides" next to the presentation title.
Morning Research Presentations Jump to Afternoon Tutorials
Plenary Session (8:30am - 9:20am)
The field of information security seeks to protect the confidentiality, integrity, and availability of data. To achieve information security, we typically focus on securing the computer systems and networks that process, store, and transport that data. Researchers and security professionals seek to ensure those systems are free from vulnerabilities and configured according to a well-defined, comprehensive security policy, and they can then make claims about the security of the information contained by those systems.
However the past five years has seen a major shift in information technology. Companies no longer own the servers, networks, and desktop computers that are used to process, store, and transmit their data. Server infrastructure is outsourced to the cloud. The "bring your own device" movement has employees using personal laptops and smartphones as the endpoints. The last-mile networks are now 4G cellular and WiFi hotspot links. Without control over any of the infrastructure, how can organizations develop and enforce policies that protect their sensitive information?
This talk will investigate trends across the space of cloud and mobile computing, and discuss how they necessitate a complete change in the fields of computer and network security. Protecting the information is no longer adequate and significant research is required to begin addressing how we can protect the data itself as it is processed, stored, and transported by untrusted infrastructure.
Research Session 1: Secure Design (9:20am - 10am)
Hardware security and trust has never been more important in the history of digital design as we increasingly depend on these systems to achieve anything from day-to-day personal goals to immensely critical applications. In this talk, we provide some of our recent research finding on ASIC security and trust, including methods to identify authentic new ICs from old counterfeits, digital IC fingerprints and side-channel attack resistant circuits.
The use of hardware for encryption, hashing, random number generation, and system identification, offers several advantages over software. It is more energy-efficient and delivers a better performance. In addition, cryptographic hardware can be optimized against active and passive attacks. There is no free lunch, however, and the benefits of using cryptographic hardware come at the expense of overall system cost, overall power dissipation, and increased design complexity. This talk presents techniques to integrate dedicated crypto-hardware functions within the CPU. We aim to obtain a processor which offers the benefits of secure, dedicated hardware while keeping the flexibility of general-purpose software. We present two techniques. Our first technique is called Virtual Secure Circuit, and it uses a small specialized instruction-set to support side-channel resistant software design. Using just a few instructions, and possibly lookup tables, it is possible to support general side-channel resistant block cipher implementations. Our second technique demonstrates the design of a CPU-intrinsic Physical Unclonable Function, which can be used to uniquely identify a single CPU chip. The ability of recognizing the actual CPU, rather than a hardcoded (PROMmed) system identifier, is an excellent protection against malicious tampering. This research opens new perspectives for the embedded implementation of important cryptographic operations which would require dedicated cryptographic hardware otherwise.
Research Session 2: Applications (10:15am - 11:15am)
It is widely believed that along with other innovations, some form of shared dynamic spectrum access in some segments of the spectrum will be necessary to meet future spectrum demands. In this spectrum access model, a heterogeneous mix of wireless devices of differing access priorities, QoS requirements, and transmission characteristics need to coexist without causing interference to each other. One of the critical challenges that needs to be addressed to realize the shared access model is the development of technologies for enforcing spectrum access rules. One of the primary concerns in spectrum enforcement and security is preventing and/or identifying harmful interference caused by a malicious user.
In the past few years, with the development of software defined radio and smart antenna technologies, wireless radio has changed from a fixed piece of hardware to a highly flexible component that can be reconfigured by software. Such flexibility in radios brings both challenges in ensuring the security of wireless infrastructures and opportunities in protecting user privacies. For example, a malware infected software defined radio may jam critical wireless channels such as military band and health care band. A intelligent beam adaptation algorithm over smart antenna can protect a user’s location privacy from localization system. In this talk, we will discuss these new security threats and countermeasures and methods to take advantage of privacy-preserving opportunities.
Fingerprints have been used to identify individuals since the 1800s. Over that entire period, analysis of friction-ridge patterns has relied almost exclusively on static images. This is true for traditional ink-and-card images, as well as for images obtained with electronic “live-scan” systems. A fundamental problem with this approach, however, is that the appearance of a fingerprint in a single image depends heavily on skin elasticity and on the amount of pressure that is used when the fingertip presses against the imaging surface. This presentation will describe a new approach to fingerprint analysis that makes use of time-varying information from modern live-scan systems. These systems generate an image sequence (in essence, a short video clip) during the enrollment process. We show that it is possible to track image features throughout the sequence, and to construct a composite template that contains more genuine minutiae than are found in any single image from the sequence. Experiments have shown a significant improvement in recognition performance, especially when matching is performed using partial prints.
Research Session 3: Secure Design Methods (11:30am - 12:10pm)
We present new tamper-proof methods that can make it extremely difficult for an adversary to modify or insert malicious circuitry into the circuit. Our approach fuses two modes of operation via an embedded code-word that is integrated with the transition function. This results in a significantly higher level of protection against tamper. We also present a time-stamp circuitry to prevent counterfeiting. Finally, new methods to detect any inserted hardware Trojan will be presented.
Multi-core and multi-processor systems are becoming increasingly popular. However, our ability to effectively harness the power of parallelism is predicated upon advances in tools and algorithms for analyzing and verifying concurrent programs. Concurrent programs are notoriously difficult to write, and a key reason for this is the behavioral complexity resulting from the large number of interleavings of concurrent components. In this talk, I will introduce a symbolic predictive analysis for runtime detection of concurrency errors, by monitoring and subsequently analyzing the execution traces of a program. This analysis consists of two steps: First, we derive a predictive model using the trace information collected at run time as well as the program source code. What this model captures are not just the given traces, but all possible interleavings of events of these traces. Then, we use symbolic reasoning to check whether there are concurrency errors in any of these interleavings. Although the primary focus is to reduce the verification cost associated with today’s dominating practice of explicit parallel programming, the predictive model and analysis techniques can be used to address other important issues such as performance and security.
This tutorial gives an introduction to side-channel analysis, the reverse engineering of cryptography by passive observation of the power consumption, electromagnetic radiation or execution time of a secure implementation. The tutorial covers a review of classic side-channel analysis techniques, including simple and differential power analysis, and different methods for hypothesis testing. The tutorial also reviews recent advances in side-channel analysis, such as analysis using profiling or using the correlation of fault behavior and side-channel analysis.
In a second part of the talk, we will review techniques for countermeasures in hardware and software that can help thwart successful side-channel analysis. We will formulate general guidelines for symmetric-key and public-key cryptographic designs in order to achieve safe and secure implementations. Finally, the tutorial will describe how to create a practical setup for side-channel analysis, including a description of the equipment and analysis software required. This tutorial is based in part on research performed by CESCA.
TUTORIAL 2: Software Testing and Verification Video
Chao Wang and Michael Hsiao
The advent of ubiquitous computing that our everyday lives depend on necessitates a rigorous software testing and verification infrastructure. For example, the vast majority of security vulnerabilities in today’s cyber infrastructure originate from improper software implementations. Automated software testing and verification techniques can help eliminate implementation bugs and security vulnerabilities, thereby increasing the reliability and security of critical cyber infrastructures. In this tutorial, we will introduce the key concepts in ensuring correctness in sequential and concurrent software. Formal and informal methods for testing, abstraction, and search-space pruning will be addressed. In particular, we will present state-of-the-art algorithms for automated test input generation by using concrete and symbolic execution techniques.
Semiconductor manufacturing process has unavoidable and uncontrollable variations. Just like chocolate chip cookies made out of the same recipe, no two ICs, even with the same design, mask and fabrication process technology, are identical. Their minute differences usually do not affect the functionality of the chips because of the tolerances built into the design. Nevertheless, these differences can be harnessed in order to uniquely identify each chip. The construct that exploits these chip-unique, random variations is called Physical Unclonable Functions (PUF). Since it is effectively impossible to clone, model or control the manufacturing variations, even for the chip manufacturers, PUF technology makes each chip unique and unclonable, which is essential for a variety of secure applications.
TUTORIAL 4: Wireless Security Slides (Park) Slides (Yang) Video
Jerry Park and Yaling Yang
As the wireless industry grows exponentially, it faces a growing need for security in terms of confidentiality, data integrity, authentication, and non-repudiation. Providing security in the wireless computing environment is much more challenging than in the wired computing environment due to a number reasons, including the vulnerability of the transmission medium itself and the limited processing power of most mobile computing devices. Elliptic curve cryptography (ECC) provides a significant performance advantage over traditional cryptosystems, like RSA, and experts have advocated its use in wireless applications that require public key systems. In this tutorial, we will provide an overview of ECC and some of its applications.
Many applications in today’s wireless networks rely on location-based services. Ensuring the security and robustness of these location-based services turn out to be a fairly challenging issue. In this tutorial, we will review the current localization methods, threats to these mechanisms and countermeasures that can partially solve these problems.
All sessions will be simulcasted to Durham Hall 261 on Blacksburg Campus