February 13, 2017
Zachary K. Goldman poses questions for the Director of National Intelligence on information privacy, cybersecurity, and American businesses in The Hill.
February 1, 2017
Judith H. Germano
Third parties are a significant source of cybersecurity vulnerabilities, yet there remains much work to be done in terms of how third-party risk is assessed and controlled. This paper explains how properly understanding and addressing third-party cyber risk requires a proactive and comprehensive approach to enable parties on all sides to prevent harms and to prepare for and respond to incidents in a faster, better coordinated, less expensive and more effective manner.
January 6, 2017
Ryan J. Whelan, Timothy R. Leek, Joshua E. Hodosh, Patrick A. Hulin, and Brendan Dolan-Gavitt
Many problems brought on by faulty or malicious software code can be diagnosed through a reverse engineering technique known as dynamic analysis, in which analysts study software as it executes. Researchers at Lincoln Laboratory developed the Platform for Architecture-Neutral Dynamic Analysis to facilitate analyses that lead to profound insight into how software behaves.
December 19, 2016
Khaled Baqer, Danny Yuxing Huang, Damon McCoy, and Nicholas Weaver
In this paper, we present an empirical study of a recent spam campaign (a “stress test”) that resulted in a DoS attack on Bitcoin. The goal of our investigation being to understand the methods spammers used and impact on Bitcoin users.
December 15, 2016
Carol J. Fung and Quanyan Zhu
Computer systems evolve to be more complex and vulnerable. Cyber attacks have also grown to be more sophisticated and harder to detect. Intrusion detection is the process of monitoring and identifying unauthorized system access or manipulation. It becomes increasingly difficult for a single intrusion detection system (IDS) to detect all attacks due to limited knowledge about attacks. Collaboration among intrusion detection devices can be used to gain higher detection accuracy and cost efficiency as compared to its traditional single host-based counterpart.
December 2, 2016
Mid-November marked the end of the comment period for New York’s “first in nation” proposed cybersecurity legislation for financial institutions. As the hot topic of the day, many regulators and government officials have felt compelled to take a stand on cybersecurity. It seems counterintuitive to set out to protect constituents by inaction. But the wrong type of action, including through inflexible and far-reaching state required mandates, only adds to the growing clamor of distractions about how companies should best secure their systems.
December 1, 2016
Ozgur Sinanoglu and Ramesh Karri
There is a growing concern regarding the trustworthiness and reliability of the hardware underlying all information systems on which modern society is reliant. Trustworthy and reliable semiconductor supply chain, hardware components, and platforms are essential to all critical infrastructures including financial, healthcare, transportation, and energy.
November 24, 2016
Vinayaka Jyothi, Manasa Thoonoli, Richard Stern, and Ramesh Karri
This paper proposes a novel methodology FPGA Trust Zone (FTZ) to incorporate security into the design cycle to detect and isolate anomalies such as Hardware Trojans in the FPGA fabric. Anomalies are identified using violation to spatial correlation of process variation in FPGA fabric. Anomalies are isolated using Xilinx Isolation Design Flow (IDF) methodology. FTZ helps identify and partition the FPGA into areas that are devoid of anomalies and thus, assists to run designs securely and reliably even in an anomaly-infected FPGA. FTZ also assists IDF to select trustworthy areas for implementing isolated designs and trusted routes. We demonstrate the effectiveness of FTZ for AES and RC5 designs on Xilinx Virtex-7 and Atrix-7 FPGAs.
November 23, 2016
Kan Xiao, Domenic Forte, Yier Jin, Ramesh Karri, Swarup Bhunia, and Mark Mohammad Tehranipoor
Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure.
November 15, 2016
Zachary K. Goldman and Sasha Romanosky
What happens when the consequences of a cyberattack are not physical? What happens when a digital missile destroys or corrupts data in a manner that is not intended by the person launching a lawful cyberattack? Current legal and policy frameworks for assessing collateral damage do not squarely address the matter (or at least they do not do so publicly)—and that needs to change.
November 14, 2016
Minhui Xue, Cameron Ballard, Kelvin Liu, Carson Nemelka, Yanqiu Wu, Keith Ross, and Haifeng Qian
The recent growth of anonymous social network services – such as 4chan, Whisper, and Yik Yak – has brought online anonymity into the spotlight. For these services to function properly, the integrity of user anonymity must be preserved. If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message.
November 7, 2016
Davood Shahrjerdi, Bayan Nasri, Darren Armstrong, Abduallah Alharbi, Ramesh Karri
Proliferation of electronics and their increasing connectivity pose formidable challenges for information security. At the most fundamental level, nanostructures and nanomaterials offer an unprecedented opportunity to introduce new approaches to securing electronic devices. First, we discuss engineering nanomaterials, (e.g., carbon nanotubes (CNTs), graphene, and layered transition metal dichalcogenides (TMDs)) to make unclonable cryptographic primitives.
November 7, 2016
Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran
This paper presents CamoPerturb, a countermeasure to thwart the decamouflaging attack by integrating logic perturbation with IC camouflaging. CamoPerturb, contrary to all the existing camouflaging schemes, perturbs the functionality of the given design minimally, i.e., adds/removes one minterm, rather than camouflaging the design.
November 4, 2016
Quanyan Zhu, Tansu Alpcan, Emmanouil Panaousis, Milind Tambe, and William Casey
This book constitutes the refereed proceedings of the 7th International Conference on Decision and Game Theory for Security, GameSec 2016, held in New York, NY, USA, in November 2016.
November 1, 2016
Bodhisatwa Mazumdar, Sk. Subidh Ali, and Ozgur Sinanoglu
In this article, the authors present a compact implementation of the Salsa20 stream cipher that is targeted towards lightweight cryptographic devices such as radio-frequency identification (RFID) tags.
A Dual Perturbation Approach for Differential Private ADMM-Based Distributed Empirical Risk Minimization
October 28, 2016
Tao Zhang and Quanyan Zhu
In this paper, the authors develop a privacy-preserving method to a class of regularized empirical risk minimization (ERM) machine learning problems.
October 27, 2016
In this article, the authors offer a security analysis of nanoelectromechanical systems (NEMS) and carbon nanotube (CNT). They highlight the key technology-specific features of these post-CMOS technologies that can inform the design of secure systems.
October 24, 2016
Chandra K. H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali and Ozgur Sinanoglu
Continuous scaling of CMOS technology beyond sub-nanometer region has aggravated short-channel effects, resulting in increased leakage current and high power densities. Furthermore, elevated leakage current and power density render CMOS based security-critical applications vulnerable to power-side-channel attacks. Carbon Nanotubes (CNT) is a promising alternative to CMOS technology.