Hardware Security for Critical Infrastructures - The CIPSEC Project Approach

Fournaris, Apostolos P.; Λαμπρόπουλος, Κωνσταντίνος; Koufopavlou, O.

doi:10.1109/isvlsi.2017.69

Cited by 6 publications

(4 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We present hereby the PLS-Box with a high-level description of its functionalities. The PLS-Box is conceptually similar to hardware-security-module (HSM) [81] or Trusted-Platform-Module [82,83]. The goal of the PLS-Box is to perform CRKG from the received communication data, as depicted by the block diagram in Fig.…”

Section: Pls Boxmentioning

confidence: 99%

Physical-Layer-Security Box: a concept for time-frequency channel-reciprocity key generation

Zoli

Barreto

Köpsell

et al. 2020

J Wireless Com Network

View full text Add to dashboard Cite

The motivation for this study about Physical Layer Security comes from bridging the gap between the vast theory and a feasible implementation. We propose a Physical-Layer-Security Box as a system-level Box is a system-level solution, named PLS-Box, to solve the key exchange between two wireless communicating parties. The PLS-Box performs a novel key generation method named time-frequency filter-bank. The entropy of the radio channel is harvested via a filter-bank processing, and then turned into a reciprocal security key, at both ends. In this concept work, we also focus on several PLS open issues, such as radio-frequency imperfections and accessibility to the baseband communication modem. The goal is to show a wide applicability of our PLS-Box to actual wireless systems, paving the way for an evolution of existing schemes.

show abstract

Section: Pls Boxmentioning

confidence: 99%

Physical-Layer-Security Box: a concept for time-frequency channel-reciprocity key generation

Zoli

Barreto

Köpsell

et al. 2020

J Wireless Com Network

View full text Add to dashboard Cite

show abstract

“…Security Monitoring loggers installed on such devices need to rely on an execution environment that is capable of supporting the ADS sensors' functionality and that is protected from malicious entities. To achieve high security in legacy devices, it has been proposed in several works to introduce external security tokens that can be considered trusted [23,[28][29][30]. Having that in mind, extending the work in [2], we propose a Hardware Security Token (HST) that could be used as an external security element on legacy devices in order to instill a level of trust on collected ADS sensor logs and provide a series of security services to an associated host device and user.…”

Section: Proposed Approach For Legacy Systemsmentioning

confidence: 99%

“…The HST is a synchronous System on Chip (SoC) device based on an ARM microprocessor with TrustZone support (e.g., ARM Cortex A processor class) that is connected through an AMBA AXI bus to a series of cryptographic accelerator peripheral IP cores and storage elements like RAM, ROM, and NVRAM memory modules. The cryptography accelerator peripherals act as a security element of the ARM Trustzone enabled processor and consist of an RSA signature unit, an Elliptic Curve (EC) Point Operation unit (ECPO), a SHA256 hash function unit as well as a symmetric key encryption/decryption and key generation unit (using the AES algorithm), following an architecture similar to the one presented in [29]. All the HST IP cores are protected against semi-invasive and non invasive attacks [23,31,32].…”

Section: Hst Architecturementioning

confidence: 99%

“…This software core has dedicated components for the HST communication with the external world. More specifically, the software core enables the HST, extending the functionality described in [2,29], to connect through USB cable to a Host device and through Ethernet to an IP network. The USB serial communication channel serves as a secure means of communication between the Host device and the HST while the Ethernet based IP communication channel serves as a mean of communication between the HST and a remote ADS security monitor and analyzer.…”

Section: Hst Architecturementioning

confidence: 99%

See 1 more Smart Citation

Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Fournaris

Dimopoulos

Λαμπρόπουλος

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

Critical infrastructures and associated real time Informational systems need some security protection mechanisms that will be able to detect and respond to possible attacks. For this reason, Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are needed for constantly monitoring and identifying potential threats inside an Information Technology (IT) system. Typically, ADS collect information from various sources within a CI system using security sensors or agents and correlate that information so as to identify anomaly events. Such sensors though in a CI setting (factories, power plants, remote locations) may be placed in open areas and left unattended, thus becoming targets themselves of security attacks. They can be tampering and malicious manipulated so that they provide false data that may lead an ADS or SIEM system to falsely comprehend the CI current security status. In this paper, we describe existing approaches on security monitoring in critical infrastructures and focus on how to collect security sensor–agent information in a secure and trusted way. We then introduce the concept of hardware assisted security sensor information collection that improves the level of trust (by hardware means) and also increases the responsiveness of the sensor. Thus, we propose a Hardware Security Token (HST) that when connected to a CI host, it acts as a secure anchor for security agent information collection. We describe the HST functionality, its association with a host device, its expected role and its log monitoring mechanism. We also provide information on how security can be established between the host device and the HST. Then, we introduce and describe the necessary host components that need to be established in order to guarantee a high security level and correct HST functionality. We also provide a realization–implementation of the HST overall concept in a FPGA SoC evaluation board and describe how the HST implementation can be controlled. In addition, in the paper, two case studies where the HST has been used in practice and its functionality have been validated (one case study on a real critical infrastructure test site and another where a critical industrial infrastructure was emulated in our lab) are described. Finally, results taken from these two case studies are presented, showing actual measurements for the in-field HST usage.

show abstract