The Experts below are selected from a list of 110133 Experts worldwide ranked by ideXlab platform
Alexander Szekely - One of the best experts on this subject based on the ideXlab platform.
-
CARDIS - Implementation and evaluation of an SCA-resistant embedded processor
Smart Card Research and Advanced Applications, 2011Co-Authors: Stefan Tillich, Mario Kirschbaum, Alexander SzekelyAbstract:Side-channel analysis (SCA) attacks are a threat for many embedded applications which have a need for Security. With embedded processors being at the very heart of such applications, it is desirable to address SCA attacks with countermeasures which "naturally" fit deployment in those processors. This paper describes our work in implementing one such protection Concept in an ASIC prototype and our results from a practical evaluation of its Security. We are able to demonstrate that the basic principle of limiting the "leaking" portion of the processor works rather well to reduce the side-channel leakage. From this result we can draw valuable conclusions for future embedded processor design. In order to minimize the remaining leakage, the Security Concept calls for the application of a secure logic style. We used two concrete secure logic styles (iMDPL and DWDDL) in order to demonstrate this increase in Security. Unfortunately, neither of these logic styles seems to do a particularly good job as we were still able to attribute SCA leakage to the secure-logic part of the processor. If a better suited logic style can be employed we believe that the overall leakage of the processor can be further reduced. Thus we deem the evaluated Security Concept as a viable method for protecting embedded processors.
-
Implementation and Evaluation of an SCA-Resistant Embedded Processor
2011Co-Authors: Stefan Tillich, Mario Kirschbaum, Alexander SzekelyAbstract:Side-channel analysis (SCA) attacks are a threat for many embedded applications which have a need for Security. With embedded processors being at the very heart of such applications, it is desirable to address SCA attacks with countermeasures which “naturally” fit deployment in those processors. This paper describes our work in implementing one such protection Concept in an ASIC prototype and our results from a practical evaluation of its Security. We are able to demonstrate that the basic principle of limiting the “leaking” portion of the processor works rather well to reduce the side-channel leakage. From this result we can draw valuable conclusions for future embedded processor design. In order to minimize the remaining leakage, the Security Concept calls for the application of a secure logic style. We used two concrete secure logic styles (iMDPL and DWDDL) in order to demonstrate this increase in Security. Unfortunately, neither of these logic styles seems to do a particularly good job as we were still able to attribute SCA leakage to the secure-logic part of the processor. If a better suited logic style can be employed we believe that the overall leakage of the processor can be further reduced. Thus we deem the evaluated Security Concept as a viable method for protecting embedded processors.
Stefan Tillich - One of the best experts on this subject based on the ideXlab platform.
-
CARDIS - Implementation and evaluation of an SCA-resistant embedded processor
Smart Card Research and Advanced Applications, 2011Co-Authors: Stefan Tillich, Mario Kirschbaum, Alexander SzekelyAbstract:Side-channel analysis (SCA) attacks are a threat for many embedded applications which have a need for Security. With embedded processors being at the very heart of such applications, it is desirable to address SCA attacks with countermeasures which "naturally" fit deployment in those processors. This paper describes our work in implementing one such protection Concept in an ASIC prototype and our results from a practical evaluation of its Security. We are able to demonstrate that the basic principle of limiting the "leaking" portion of the processor works rather well to reduce the side-channel leakage. From this result we can draw valuable conclusions for future embedded processor design. In order to minimize the remaining leakage, the Security Concept calls for the application of a secure logic style. We used two concrete secure logic styles (iMDPL and DWDDL) in order to demonstrate this increase in Security. Unfortunately, neither of these logic styles seems to do a particularly good job as we were still able to attribute SCA leakage to the secure-logic part of the processor. If a better suited logic style can be employed we believe that the overall leakage of the processor can be further reduced. Thus we deem the evaluated Security Concept as a viable method for protecting embedded processors.
-
Implementation and Evaluation of an SCA-Resistant Embedded Processor
2011Co-Authors: Stefan Tillich, Mario Kirschbaum, Alexander SzekelyAbstract:Side-channel analysis (SCA) attacks are a threat for many embedded applications which have a need for Security. With embedded processors being at the very heart of such applications, it is desirable to address SCA attacks with countermeasures which “naturally” fit deployment in those processors. This paper describes our work in implementing one such protection Concept in an ASIC prototype and our results from a practical evaluation of its Security. We are able to demonstrate that the basic principle of limiting the “leaking” portion of the processor works rather well to reduce the side-channel leakage. From this result we can draw valuable conclusions for future embedded processor design. In order to minimize the remaining leakage, the Security Concept calls for the application of a secure logic style. We used two concrete secure logic styles (iMDPL and DWDDL) in order to demonstrate this increase in Security. Unfortunately, neither of these logic styles seems to do a particularly good job as we were still able to attribute SCA leakage to the secure-logic part of the processor. If a better suited logic style can be employed we believe that the overall leakage of the processor can be further reduced. Thus we deem the evaluated Security Concept as a viable method for protecting embedded processors.
-
MobiQuitous - General Security Concept for embedded P2P systems
Proceedings of the 5th International ICST Conference on Mobile and Ubiquitous Systems: Computing Networking and Services, 2008Co-Authors: Stefan Kraxberger, Udo Payer, Stefan TillichAbstract:The importance of P2P systems in real-world applications has grown significantly over the recent years. Although P2P systems have found its way into almost every field of application the lack of an adequate general Security Concept, research for specific Security mechanisms and implementations of possible Security improvements is still limiting their full potential. We are focusing on getting an overall view on the Security of embedded P2P systems and on finding promising mechanisms and solutions to this challenging task. This work tries to make the first step towards secure heterogeneous pure P2P systems by specifying an appropriate overall Security Concept.
Thomas Kirkham - One of the best experts on this subject based on the ideXlab platform.
-
ontology based interoperation for securely shared services Security Concept matching for authorization policy interoperability
New Technologies Mobility and Security, 2011Co-Authors: Ioana Ciuciu, Gang Zhao, David W Chadwick, Quentin Reul, Robert Meersman, Cristian Vasquez, Mark Hibbert, Sandra Winfield, Thomas KirkhamAbstract:This paper addresses the problem of access control in the context of unified distributed architectures, in which a local authorization policy is not able to recognize all the terms applicable to the authorization decision requests. The approach is based on semantic interoperability between the different services of the architecture. More specifically, we present the ontologybased interoperation service (OBIS), which calculates the matching of Security Concepts extracted from access requests and local authorization policies. This service is then validated in an employability use case scenario.
-
NTMS - Ontology Based Interoperation for Securely Shared Services: Security Concept Matching for Authorization Policy Interoperability
2011 4th IFIP International Conference on New Technologies Mobility and Security, 2011Co-Authors: Ioana Ciuciu, Gang Zhao, David W Chadwick, Quentin Reul, Robert Meersman, Cristian Vasquez, Mark Hibbert, Sandra Winfield, Thomas KirkhamAbstract:This paper addresses the problem of access control in the context of unified distributed architectures, in which a local authorization policy is not able to recognize all the terms applicable to the authorization decision requests. The approach is based on semantic interoperability between the different services of the architecture. More specifically, we present the ontologybased interoperation service (OBIS), which calculates the matching of Security Concepts extracted from access requests and local authorization policies. This service is then validated in an employability use case scenario.
Andreas Springer - One of the best experts on this subject based on the ideXlab platform.
-
Lifetime Security Concept for Industrial Wireless Sensor Networks
2020 16th IEEE International Conference on Factory Communication Systems (WFCS), 2020Co-Authors: Leander B. Hörmann, Christian Kastl, Hans-peter Bernhard, Peter Priller, Andreas SpringerAbstract:Secure wireless communication is essential for most industrial applications. The secure and reliable control of processes as well as the data integrity of measured values are key targets in these applications. The industrial Internet-of-Things (IIoT) tries to connect an increasing number of sensors wirelessly. The wireless sensors form wireless sensor networks (WSNs). However, wireless sensor nodes are exposed to various Security threats ranging from physical modification on the device itself to remote attacks via the communication channel. It is important to secure the complete lifetime of the wireless sensor nodes and other system components. This includes the production phase, shipping, preparation phase and operational phase. This paper presents a lifetime Security Concept for a wireless sensor network applied in automotive test beds. In this application scenario, the wireless sensor nodes are used to capture various temperatures in an automotive unit under test. In order to indicate the current state of trustworthiness of the system, a trustworthiness indicator is implemented which is shown to the user. An evaluation of the impact of encrypted communication on power consumption shows that the increase is negligible, and can be expected to be provided by the wireless sensor node's power supply without reducing the node lifetime.
-
WFCS - Lifetime Security Concept for Industrial Wireless Sensor Networks
2020 16th IEEE International Conference on Factory Communication Systems (WFCS), 2020Co-Authors: Leander B. Hörmann, Christian Kastl, Hans-peter Bernhard, Peter Priller, Andreas SpringerAbstract:Secure wireless communication is essential for most industrial applications. The secure and reliable control of processes as well as the data integrity of measured values are key targets in these applications. The industrial Internet-of-Things (IIoT) tries to connect an increasing number of sensors wirelessly. The wireless sensors form wireless sensor networks (WSNs). However, wireless sensor nodes are exposed to various Security threats ranging from physical modification on the device itself to remote attacks via the communication channel. It is important to secure the complete lifetime of the wireless sensor nodes and other system components. This includes the production phase, shipping, preparation phase and operational phase. This paper presents a lifetime Security Concept for a wireless sensor network applied in automotive test beds. In this application scenario, the wireless sensor nodes are used to capture various temperatures in an automotive unit under test. In order to indicate the current state of trustworthiness of the system, a trustworthiness indicator is implemented which is shown to the user. An evaluation of the impact of encrypted communication on power consumption shows that the increase is negligible, and can be expected to be provided by the wireless sensor node's power supply without reducing the node lifetime.
Dirk Timmermann - One of the best experts on this subject based on the ideXlab platform.
-
Integration Approach for Communications-Based Train Control Applications in a High Assurance Security Architecture
Reliability Safety and Security of Railway Systems. Modelling Analysis Verification and Certification, 2019Co-Authors: Thorsten Schulz, Frank Golatowski, Dirk TimmermannAbstract:The secure integration of model-based, safety-critical applications implemented in the programming suite Ansys SCADE is explained with the help of a demonstrator. The interoperability between the embedded devices of the demonstrator is achieved using the new TRDP middleware. Remote connections are secured using the WireGuard secure network channel. The demonstrator Security Concept addresses the different life cycles of its heterogeneous components by adoption of the robust MILS separation architecture. The goal of this open demonstrator is to show how these essential technologies can be composed to a secure safety-critical system.
-
The Secure Access Node Project: A Hardware-Based Large-Scale Security Solution for Access Networks
2015Co-Authors: Jens Rohrbeck, Dirk Timmermann, Vlado Altmann, Stefan Pfeiffer, Peter Danielis, Jan Skodzik, Matthias NinnemannAbstract:Abstract—Providing network Security is one of the most important tasks in todays Internet. Unfortunately, many users are not able to protect themselves and their networks. There-fore, a novel Security Concept is presented to protect users by providing Security measures at the Internet Service Provider level. Already now, Internet Service Providers are using differ-ent Security measures, e.g., Virtual Local Area Network tags, MAC limitation, or MAC address translation. The presented approach extends these Security measures by three hardware-based Security subsystems. A firewall engine controls the header of Ethernet frames, Internet packets, and the next following protocols. Furthermore, a Web filter module disables access to violent and child pornography Web content. The third subsystem is a Bloom filter-based deep packet inspection engine to observe the payload after the protocol header. Based on dee
-
hardware Security Concept for spontaneous network integration of mobile devices
Lecture Notes in Computer Science, 2001Co-Authors: Igor Sedov, Marc Haase, Clemens H Cap, Dirk TimmermannAbstract:In this article we introduce an architecture of a mobile device that enables safe and authenticated data-transmission in a spontaneously configured network environment. The usage of this device is illustrated by a number of examples. The hardware and software components are presented. Particular, we compare Bluetooth and Infrared (IrDA) wireless networking technology, explain the usage of biometrics recognition methods, clarify the choice of the cryptographic module and consider possible platforms for the integration of this trustworthy device into a ubiquitous environment. Subsequently a first realization of the Concept will be explained. Referring to feasible possibilities of realization, different attack scenarios together with appropriate solutions are considered.
