Jubayer Mahmod scite author profile

Jubayer Mahmod

3Publications

7Citation Statements Received

102Citation Statements Given

How they've been cited

How they cite others

Affiliations

Virginia Tech, Auburn University

Publications

Order By: Most citations

A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications

Mahmod

Guin

2020

Cryptography

View full text Add to dashboard Cite

The edge devices connected to the Internet of Things (IoT) infrastructures are increasingly susceptible to piracy. These pirated edge devices pose a serious threat to security, as an adversary can get access to the private network through these non-authentic devices. It is necessary to authenticate an edge device over an unsecured channel to safeguard the network from being infiltrated through these fake devices. The implementation of security features demands extensive computational power and a large hardware/software overhead, both of which are difficult to satisfy because of inherent resource limitation in the IoT edge devices. This paper presents a low-cost authentication protocol for IoT edge devices that exploits power-up states of built-in SRAM for device fingerprint generations. Unclonable ID generated from the on-chip SRAM could be unreliable, and to circumvent this issue, we propose a novel ID matching scheme that alleviates the need for enhancing the reliability of the IDs generated from on-chip SRAMs. Security and different attack analysis show that the probability of impersonating an edge device by an adversary is insignificant. The protocol is implemented using a commercial microcontroller, which requires a small code overhead. However, no modification of device hardware is necessary.

show abstract

Invisible bits: hiding secret messages in SRAM’s analog domain

Mahmod

Hicks

2022

View full text Add to dashboard Cite

Electronic devices are increasingly the subject of inspection by authorities. While encryption hides secret messages, it does not hide the transmission of those secret messagesÐin fact, it calls attention to them. Thus, an adversary, seeing encrypted data, turns to coercion to extract the credentials required to reveal the secret message. Steganographic techniques hide secret messages in plain sight, providing the user with plausible deniability, removing the threat of coercion.This paper unveils Invisible Bits a new steganographic technique that hides secret messages in the analog domain of Static Random Access Memory (SRAM) embedded within a computing device. Unlike other memory technologies, the power-on state of SRAM reveals the analog-domain properties of its individual cells. We show how to quickly and systematically change the analog-domain properties of SRAM cells to encode data in the analog domain and how to reveal those changes by capturing SRAM's power-on state. Experiments with commercial devices show that Invisible Bits provides over 90% capacityÐtwo orders-of-magnitude more than previous on-chip steganographic approaches, while retaining device functionalityÐeven when the device undergoes subsequent normal operation or is shelved for months. Experiments also show that adversaries cannot differentiate between devices with encoded messages and those without. Lastly, we show how to layer encryption and error correction on top of our message encoding scheme in an end-to-end demonstration. CCS CONCEPTS• Hardware → Communication hardware, interfaces and storage; • Security and privacy → Pseudonymity, anonymity and untraceability.

show abstract

SRAM has no chill: exploiting power domain separation to steal on-chip secrets

Mahmod

Hicks

2022

View full text Add to dashboard Cite

The abundance of embedded systems and smart devices increases the risk of physical memory disclosure attacks. One such classic noninvasive attack exploits dynamic RAM's temperature-dependent ability to retain information across power cyclesÐknown as a cold boot attack. When exposed to low temperatures, DRAM cells preserve their state for a short time without power, mimicking nonvolatile memories in that time frame. Attackers exploit this physical phenomenon to gain access to a system's secrets, leading to data theft from encrypted storage. To prevent cold boot attacks, programmers hide secrets on-chip in Static Random-Access Memory (SRAM); by construction, on-chip SRAM is isolated from external probing and has little intrinsic capacitance, making it robust against cold boot attacks.While it is the case that SRAM protects against traditional cold boot attacks, we show that there is another way to retain information in on-chip SRAM across power cycles and software changes. This paper presents Volt Boot, an attack that demonstrates a vulnerability of on-chip volatile memories due to the physical separation common to modern system-on-chip power distribution networks. Volt Boot leverages asymmetrical power states (e.g., on vs. off) to force SRAM state retention across power cycles, eliminating the need for traditional cold boot attack enablers, such as low-temperature or intrinsic data retention time. Using several modern ARM Cortex-A devices, we demonstrate the effectiveness of the attack in caches, registers, and iRAMs. Unlike other forms of SRAM data retention attacks, Volt Boot retrieves data with 100% accuracyÐwithout any complex post-processing. CCS CONCEPTS• Hardware → Static memory; • Security and privacy → Embedded systems security; Hardware attacks and countermeasures.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jubayer Mahmod

A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications

Invisible bits: hiding secret messages in SRAM’s analog domain

SRAM has no chill: exploiting power domain separation to steal on-chip secrets

Contact Info

Product

Resources

About