- 11am, 27 July 2018 – Dr Basel Halak, University of Southampton
Bio: Dr Basel Halak is the director of the Embedded Systems master program at Southampton University, he has written over 50 conference and journal papers , and authored two books. He received his PhD degree in Microelectronics System Design from Newcastle University. He was then awarded a knowledge transfer fellowship to develop secure and energy efficient design for portable health care monitoring systems. His background is on the design and implementation of microelectronics systems, with special focus on reliability and security. In particular Dr Halak is interested in developing secure hardware implementation for cryptographic primitive such as physically unclonable functions. He has recently presented a tutorial session on the use of PUF for security applications in the IEEE 59th International Midwest Symposium on Circuits and Systems. Dr Halak is the recipient of the Vice Chancellor Teaching Award in 2016, and the bronze leaf award in IEEE PRIME conference for his paper on current-based physically Unclonable functions. Dr Basel Halak is a senior fellow of the Higher Education Academy (HEA), a guest editor of the IET CDT, and serves in several technical program committees such as IEEE ICCCA, ICCCS, MTV, IVSW, MicDAT and EWME. He is also member of hardware security working group of the World Wide Web Consortium (W3C).
Talk abstract: The internet of Things technology is expected to generate tremendous economic benefits, this promise is undermined by major security threats. First of all the vast majority of these devices are expected to communicate wirelessly, and will be connected to the Internet, which makes them especially susceptible to confidentiality threats from attackers snooping for messages contents. Second, most IoT devices are expected to be deployed in remote locations with little or no protection; therefore they can be vulnerable to both invasive and side channel attacks, malicious adversaries can potentially gain access to a device and apply well know power or timing analyses to extract sensitive data that might be stored on the IoT node, such as encryption keys, digital identifiers, and recorded measurements. Furthermore, with ubiquitous systems, it can no longer be assumed that the attacker is remote. Indeed, the attack could even come from within the system itself, from rogue embedded hardware (e.g. Trojans). A large proportion of IoT devices operate in an energy-constrained environment with very limited computing resources, this makes the use of typical defence mechanisms such as classic cryptography algorithms prohibitively expensive. The challenges for building secure IoT are threefold:
1) How to develop hardware which is inherently resilient to physical attacks
2) How to implement complex security protocols with very limited resources
3) How to detect/diagnose anomalous behaviour of an IoT device
This talk addresses the above three questions, as follows.
The first part of this talk addresses the first question, it presents two novel approaches for enhancing the security and reliability of physically unclonable functions, one of the enabling technologies designing Tamper resistant Hardwar.
The first technique propose a physically unclonable function using instruction cache, typically found in all embedded processors. The design is optimised to improve resilience to ageing effects. The second approach aim to enhance the security of physically unclonable functions against modelling attacks by combining these with low cryptographic primitives such as permutation and substitution. The proposed techniques makes its affordable, secure and reliable to use physically unclonable technology in resources constrained systems.
The second part of this talk addressees the second question, it presents a new authentication protocol based on PUF technology, Then power consumption and memory utilization of the proposed protocol were estimated and compared with the existing solutions, namely: DTLS (datagram transport layer security) handshake protocol and UDP (user datagram protocol). Our results indicate that the proposed PUF based authentication saves up to 45% power and uses 12% less memory compared to DTLS handshake authentication.
The third part of this talk addresses the final question, it presents a new detection technique for malicious/abnormal behaviour of embedded using data from Hardware Performance Counters (HPCs).
Finally the talk concludes with a summary of outstanding challenges.