Search Results (29)

As Android devices become more prevalent, their security risks extend beyond software vulnerabilities to include critical hardware weaknesses. This paper provides a comprehensive and systematic review of hardware-related vulnerabilities in Android systems, which can bypass even the most sophisticated software defenses. We compile and analyze an extensive range of reported vulnerabilities, introducing a novel categorization framework to facilitate a deeper understanding of these risks, classified by affected hardware components, vulnerability type, and the potential impact on system security. The paper addresses key areas such as memory management flaws, side-channel attacks, insecure system-on-chip (SoC) resource allocation, and cryptographic vulnerabilities. In addition, it examines feasible countermeasures, including hardware-backed encryption, secure boot mechanisms, and trusted execution environments (TEEs), to mitigate the risks posed by these hardware threats. By contextualizing hardware vulnerabilities within the broader security architecture of Android devices, this review emphasizes the importance of hardware security in ensuring system integrity and resilience. The findings serve as a valuable resource for both researchers and security professionals, offering insights into the development of more robust defenses against the emerging hardware-based threats faced by Android devices. Full article

With the exponential growth of the Internet of Things (IoT), ensuring robust end-to-end encryption is paramount. Current cryptographic accelerators often struggle with balancing security, area efficiency, and power consumption, which are critical for compact IoT devices and system-on-chips (SoCs). This work presents a novel approach to designing substitution boxes (S-boxes) for Advanced Encryption Standard (AES) encryption, leveraging dual quad-bit structures to enhance cryptographic security and hardware efficiency. By utilizing Algebraic Normal Forms (ANFs) and Walsh–Hadamard Transforms, the proposed Register Transfer Level (RTL) circuitry ensures optimal non-linearity, low differential uniformity, and bijectiveness, making it a robust and efficient solution for ASIC implementations. Implemented on 65 nm CMOS technology, our design undergoes rigorous statistical analysis to validate its security strength, followed by hardware implementation and functional verification on a ZedBoard. Leveraging Cadence EDA tools, the ASIC implementation achieves a central circuit area of approximately 199 μm². The design incurs a hardware cost of roughly 80 gate equivalents and exhibits a maximum path delay of 0.38 ns. Power dissipation is measured at approximately 28.622 μW with a supply voltage of 0.72 V. According to the ASIC implementation on the TSMC 65 nm process, the proposed design achieves the best area efficiency, approximately 66.46% better than state-of-the-art designs. Full article

The Trusted Execution Environment (TEE) is designed to establish a safe environment that prevents the execution of unauthenticated programs. The nature of TEE is a continuous verification process with hashing, signing, and verifying. Such a process is called the Chain-of-Trust, derived from the Root-of-Trust (RoT). Typically, the RoT is pre-programmed, hard-coded, or embedded in hardware, which is locally produced and checked before booting. The TEE employs various cryptographic processes throughout the boot process to verify the authenticity of the bootloader. It also validates other sensitive data and applications, such as software connected to the operating system. TEE is a self-contained environment and should not serve as the RoT or handle secure boot operations. Therefore, the issue of implementing hardware for RoT has become a challenge that requires further investigation and advancement. The main objective of this proposal is to introduce a secured RISC-V-based System-on-Chip (SoC) architecture capable of securely booting a TEE using a versatile boot program while maintaining complete isolation from the TEE processors. The suggested design has many cryptographic accelerators essential for the secure boot procedure. Furthermore, a separate 32-bit MicroController Unit (MCU) is concealed from the TEE side. This MCU manages sensitive information, such as the root key, and critical operations like the Zero Stage BootLoader (ZSBL) and key generation program. Once the RoT is integrated into the isolated sub-system, it becomes completely unavailable from the TEE side, even after booting, using any method. Besides providing a secured boot flow, the system is integrated with essential crypto-cores supporting Transport Layer Security (TLS) 1.3. The chip is finally fabricated using the Complementary Metal–Oxide–Semiconductor (CMOS) 180 nm process. Full article

Legitimate identification of devices is crucial to ensure the security of present and future IoT ecosystems. In this regard, AI-based systems that exploit intrinsic hardware variations have gained notable relevance. Within this context, on-chip sensors included for monitoring purposes in a wide range of SoCs remain almost unexplored, despite their potential as a valuable source of both information and variability. In this work, we introduce and release a dataset comprising data collected from the on-chip temperature and voltage sensors of 20 microcontroller-based boards from the STM32L family. These boards were stimulated with five different algorithms, as workloads to elicit diverse responses. The dataset consists of five acquisitions (1.3 billion readouts) that are spaced over time and were obtained under different configurations using an automated platform. The raw dataset is publicly available, along with metadata and scripts developed to generate pre-processed T–V sequence sets. Finally, a proof of concept consisting of training a simple model is presented to demonstrate the feasibility of the identification system based on these data. Full article

Managing Multi-Processor Systems-on-Chip (MPSoCs) is becoming increasingly complex as demands for advanced capabilities rise. This complexity is due to the involvement of more processing elements and resources, leading to a higher degree of heterogeneity throughout the system. Over time, management schemes have evolved from simple to autonomous systems with continuous control and monitoring of various parameters such as power distribution, thermal events, fault tolerance, and system security. Autonomous management integrates self-awareness into the system, making it aware of its environment, behavior, and objectives. Self-Aware Cyber-Physical Systems-on-Chip (SA-CPSoCs) have emerged as a concept to achieve highly autonomous management. Communication infrastructure is also vital to SoCs, and Software-Defined Networks-on-Chip (SDNoCs) can serve as a base structure for self-aware systems-on-chip. This paper presents a survey of the evolution of MPSoC management over the last two decades, categorizing research works according to their objectives and improvements. It also discusses the characteristics and properties of SA-CPSoCs and explains why SDNoCs are crucial for these systems. Full article

As the most widely used description code in digital circuits and system on chip (SoC), the security of register transfer level (RTL) code is extremely critical. Code obfuscation is a typical method to ensure the security of RTL code, but popular obfuscation methods are not fully applicable to RTL code. In addition, some RTL code obfuscation tools also have issues with incomplete functionality or obfuscation errors. In view of the above issues, this paper studies the RTL code security problem represented by obfuscation. Based on the extensible markup language (XML) syntax tree generated by parsing RTL code, a complete RTL code refactoring model is constructed, and four targeted RTL code obfuscation methods are proposed, namely: Layout obfuscation; Parameter obfuscation; Critical path obfuscation; Code increment obfuscation. Utilizing the developed obfuscation tool, an assessment of the performance and effectiveness of the obfuscation methods is conducted, alongside testing the equivalence between the obfuscated code and the source code. The experimental results show that the proposed obfuscation methods have higher practicability and reliability, and have the characteristics of high obfuscation coverage that can be stable at over 98% and preservation of compiler indicative Comments. Full article

The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm². Full article

This paper presents a prototype wearable Cryptographically Secure PseudoRandom Bit Generator CSPRBG (wearable CSPRBG). A vest prototype has been fabricated to which an evaluation board with a ZYBO (ZYnq BOard) Zynq Z-7010 has been mounted using tailoring technology. In this system, a seed generator and block cryptographic algorithms responsible for the generation of pseudo-random values were implemented. A microphone and an accelerometer recorded sound and acceleration during the use of the prototype vest, and these recordings were passed to the seed generator and used as entropy sources. Hardware implementations were made for several selected Block Cryptographic algorithms such as Advanced Encryption Standard (AES), Twofish and 3DES. The random binary values generated by the wearable CSPRBG were analyzed by National Institute of Standards and Technology (NIST) statistical tests as well as ENT tests to evaluate their randomness, depending on the configuration of the entropy sources used. The idea of possible development of the wearable CSPRBG as a System on Chip (SoC) solution is also presented. Full article

The security of Internet of Things (IoTs) devices in recent years has created interest in developing implementations of lightweight cryptographic algorithms for such systems. Additionally, open-source hardware and field-programable gate arrays (FPGAs) are gaining traction via newly developed tools, frameworks, and HDLs. This enables new methods of creating hardware and systems faster, more simply, and more efficiently. In this paper, the implementation of a system-on-chip (SoC) based on a 32-bit RISC-V processor with lightweight cryptographic accelerator cores in FPGA and an open-source integrating framework is presented. The system consists of a 32-bit VexRiscv processor, written in SpinalHDL, and lightweight cryptographic accelerator cores for the PRINCE block cipher, the PRESENT-80 block cipher, the ChaCha stream cipher, and the SHA3-512 hash function, written in Verilog HDL and optimized for low latency with fewer clock cycles. The primary aim of this work was to develop a customized SoC platform with a register-controlled bus suitable for integrating lightweight cryptographic cores to become compact embedded systems that require encryption functionalities. Additionally, custom firmware was developed to verify the functionality of the SoC with all integrated accelerator cores, and to evaluate the speed of cryptographic processing. The proposed system was successfully implemented in a Xilinx Nexys4 DDR FPGA development board. The resources of the system in the FPGA were low with 11,830 LUTs and 9552 FFs. The proposed system can be applicable to enhancing the security of Internet of Things systems. Full article

This study proposes a heterogeneous hardware-based framework for network intrusion detection using lightweight artificial neural network models. With the increase in the volume of exchanged data, IoT networks’ security has become a crucial issue. Anomaly-based intrusion detection systems (IDS) using machine learning have recently gained increased popularity due to their generation’s ability to detect unseen attacks. However, the deployment of anomaly-based AI-assisted IDS for IoT devices is computationally expensive. A high-performance and ultra-low power consumption anomaly-based IDS framework is proposed and evaluated in this paper. The framework has achieved the highest accuracy of 98.57% and 99.66% on the UNSW-NB15 and IoT-23 datasets, respectively. The inference engine on the MAX78000EVKIT AI-microcontroller is 11.3 times faster than the Intel Core i7-9750H 2.6 GHz and 21.3 times faster than NVIDIA GeForce GTX 1650 graphics cards, when the power drawn was 18mW. In addition, the pipelined design on the PYNQ-Z2 SoC FPGA board with the Xilinx Zynq xc7z020-1clg400c device is optimised to run at the on-chip frequency (100 MHz), which shows a speedup of 53.5 times compared to the MAX78000EVKIT. Full article

Emerging spintronics devices in recent research have received much interest in various fields. Their unique physical aspects are being explored to keep Moore’s law alive. Therefore, the hardware security aspects of system-on-a-chip (SoC) designs using spintronics devices becomes important. Magnetic tunnel junctions (MTJ) are a potential candidate in spintronics-based devices for beyond-CMOS applications. This work uses voltage-gated spin-orbit torque-assisted magnetic tunnel junction (VGSOT-MTJ) based on the Verilog-A behavioral model to design a possible logic-locking system for hardware security. Compared with the SOT MTJ, which uses a heavy metal strip below the MTJ stack, VGSOT-MTJ has an antiferromagnetic (AFM) strip that utilizes the voltage-controlled magnetic anisotropy (VCMA) effect to significantly reduce the $J_{SOT,critical}$. To design the logic-locking block, we performed a Monte Carlo analysis to account for the effect of process variation (PV) on critical MTJ parameters. Eye diagram tests and mask designing were performed, which included the effect of thermal noise and PV for high-speed digital circuit operations. Finally, transient performance was analyzed to demonstrate the VGSOT-MTJ’s ability to design logic-locking blocks from the circuit operation perspective. Full article

The security of Smart Meter (SM) systems will be a challenge in the era of quantum computing because a quantum computer might exploit characteristics of well-established cryptographic schemes to reach a successful security breach. From a practical perspective, this paper focuses on the feasibility of implementing a quantum-secure lattice-based key encapsulation mechanism in a SM, hardware-constrained equipment. In this regard, the post-quantum cryptography (PQC) scheme, FrodoKEM, an alternate candidate for the National Institute for Standards and Technology (NIST) post-quantum standardization process, is implemented using a System-on-a-Chip (SoC) device in which the Field Programmable Gate Array (FPGA) component is exploited to accelerate the most time-consuming routines in this scheme. Experimental results show that the execution time to run the FrodoKEM scheme in an SoC device reduces to one-third of that obtained by the benchmark implementation (i.e., the software implementation). Also, the attained execution time and hardware resource usage of this SoC-based implementation of the FrodoKEM scheme show that lattice-based cryptography may fit into SM equipment. Full article

With the improved hardware storage capabilities and the rapid development of artificial intelligence image recognition technology, information is becoming image-oriented. Increasingly sensitive image data needs to be processed. When facing a large amount of real-time sensitive image data encryption and decryption, ensuring both the speed and the security is an urgent demand. This paper proposes an original triple-hybrid encryption system for a real-time sensitive image acquisition chip. This encryption system optimizes the symmetric encryption algorithm AES, asymmetric encryption algorithm ECC, and chip authentication algorithm PUF in pursuit of security, calculation speed, and to ensure that it is lightweight. The three optimized algorithms are further mixed and reused on the circuit level, to ensure mutual protection while making full use of their advantages. Apart from sensitive image protection at the algorithm level, the image chip itself is also protected by an innovative PUF chip authentication method that prevents it from being tampered with and copied. Triple-hybrid encryption system hardware implementation achieves a frequency of 132.5 MHz under the Virtex-5 FPGA with an area of 2834 Slices; with Virtex-7 FPGA, it reaches a frequency of 137.6 MHz with an area of 2716 Slices. The system is also implemented on SMIC 40 nm ASIC, and the clock frequency reaches 480 MHz and the area is 94,812.4 $\mathsf{\mu }$m${}^2$. In terms of computing speed, the peak image encryption speed is 6.15 Gb/s, which meets the real-time image encryption requirement. In terms of hardware resource usage, AES reduced the hardware area by 60.1% compared with the results in other literature, ECC reduced the hardware area by 43.4%, and the PUF hardware area decreased exponentially with the increase in information entropy. The implementation of the three algorithms is reasonable and cost-effective, and the mixture of algorithms does not increase the required capacity of the hardware resource. The triple-hybrid encryption system cooperates with the image acquisition subsystem, storage subsystem, and asynchronous clock subsystem through software control to realize a complete triple-hybrid encryption SoC chip solution, and was successfully taped-out under the SMIC 40 nm process with all constraints passed and a total area of 10.59 mm${}^2$. Full article

A Trusted Execution Environment (TEE) is an efficient way to secure information. To obtain higher efficiency, the building of a dual-core system-on-chip (SoC) with TEE security capabilities is the hottest topic. However, TEE SoCs currently commonly use complex processor cores such as Rocket, resulting in high resource usage. More importantly, the cryptographic unit lacks flexibility and ignores secure communication in dual cores. To address the above problems, we propose DITES, a dual-core TEE SoC based on a Reduced Instruction Set Computer-V (RISC-V). At first, we designed a fully isolated multi-level bus architecture based on a lightweight RISC-V processor with an integrated crypto core supporting Secure Hashing Algorithm-1 (SHA1), Advanced Encryption Standard (AES), and Rivest–Shamir–Adleman (RSA), among which RSA can be configured to five key lengths. Then, we designed a secure boot based on Chain-of-Trust (CoT). Furthermore, we propose a hierarchical access policy to improve the security of inter-core communication. Finally, DITES is deployed on a Kintex 7 Field-Programmable-Gate-Array (FPGA) with a power consumption of 0.297 W, synthesized using TSMC 90 nm. From the results, the acceleration ratios of SHA1 and RSA1024 decryption/encryption can reach 75 and 1331/1493, respectively. Compared to exiting TEE SoCs, DITES has lower resource consumption, higher flexibility, and better security. Full article

Embedded systems are increasingly applied in numerous security-sensitive applications, such as industrial controls, railway transports, intelligent vehicles, avionics and aerospace. However, embedded systems are compromised in the execution of untrusted programs, where the instructions could be maliciously tampered with to cause unintended behaviors or program execution failures. Particularly for remote-controlled embedded systems, program execution monitoring and instruction fault self-repair are important to avoid unintended behaviors and execution interruptions. Therefore, this paper presents a hardware-enhanced embedded system with the integration of a Security Processing Unit (SPU) in which integrity signature checking and checkpoint-rollback mechanisms are coupled to achieve real-time program execution monitoring and instruction fault self-repairing. This System-on-Chip (SoC) design was implemented and validated on the Xilinx Virtex-5 FPGA development platform. Based on the evaluation of the SPU in terms of the performance overhead, security capability, and resource consumption, the experimental results show that, while the CPU executes different benchmarks, the average performance overhead of the SPU lowers to 1.92% at typical 8-KB I/D caches, and it provides both program monitoring and fault self-repairing capabilities. Unlike conventional hardware detection technologies that require manual handling to recovery program executions, the CPU–SPU collaborative SoC is a resilient architecture equipped with instruction tampering detection and a post-detection strategy of instruction fault self-repairing. Moreover, the embedded system satisfies a good balance between high security and resource consumption. Full article