| 1. |
- Arfaoui, Ghada, et al.
(författare)
-
A Security Architecture for 5G Networks
- 2018
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 6:17, s. 22466-22479
-
Tidskriftsartikel (refereegranskat)abstract
- 5G networks will provide opportunities for the creation of new services, for new business models, and for new players to enter the mobile market. The networks will support efficient and cost-effective launch of a multitude of services, tailored for different vertical markets having varying service and security requirements, and involving a large number of actors. Key technology concepts are network slicing and network softwarisation, including network function virtualisation and software-defined networking. The presented security architecture builds upon concepts from the 3G and 4G security architectures but extends and enhances them to cover the new 5G environment. It comprises a toolbox for security relevant modelling of the systems, a set of security design principles, and a set of security functions and mechanisms to implement the security controls needed to achieve stated security objectives. In a smart city use case setting, we illustrate its utility; we examine the high-level security aspects stemming from the deployment of large numbers of IoT devices and network softwarisation.
|
|
| 2. |
- Baumann, Christoph, et al.
(författare)
-
A High Assurance Virtualization Platform for ARMv8
- 2016
-
Ingår i: Networks and Communications (EuCNC), 2016 European Conference on. - : IEEE conference proceedings. - 9781509028931 - 9781509028948
-
Konferensbidrag (refereegranskat)abstract
- This paper presents the first results from the ongoing research project HASPOC, developing a high assurance virtualization platform for the ARMv8 CPU architecture. Formal verification at machine code level guarantees information isolation between different guest systems (e.g. OSs) running on the platform. To use the platform in networking scenarios, we allow guest systems to securely communicate with each other via platform-provided communication channels and to take exclusive control of peripherals for communication with the outside world.The isolation is shown to be formally equivalent to that of guests executing on physically separate platforms with dedicated communication channels crossing the air-gap. Common Criteria (CC) assurance methodology is applied by preparing the CC documentation required for an EAL6 evaluation of products using the platform. Besides the hypervisor, a secure boot component is included and verified to ensure system integrity.
|
|
| 3. |
- Bonow, Johan M., 1969-
(författare)
-
Palaeosurfaces and palaeovalleys on North Atlantic previously glaciated passive margins : reference forms for conclusions on uplift and erosion
- 2004
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Palaeosurfaces and palaeovalleys are landforms under destruction in the present climate and/or tectonic regime, and thus mainly reflect processes not active today. Uplifted palaeosurfaces exist along the formerly glaciated passive continental margins around the North Atlantic. Large-scale landform development has recently become a matter of interest also for geologists and geophysicists as the result of an increasing awareness that a thorough knowledge of uplift, erosion, deposition and development of landforms along continental margins can only be accomplished by combined studies using independent data from different scientific disciplines. The present study focuses on one of these above data sets; the landform record. Two uplifted areas, southern Norway and central West Greenland, were selected for landform analysis of high resolution digital elevation models, aerial photographs, relation between landforms in basement and cover rocks, offshore seismic lines and X-ray diffraction of clay minerals in saprolites. In southern Norway, analysis of slope angles within the range of pediment slopes was combined with analysis of main valley incision. This resulted in the identification of three main planation surfaces in a stepped sequence formed along the main valleys as a consequence of tectonic uplift events, maybe in the Palaeogene, (in total >1000 m). Two phases of late uplift (~900 m), probably in the Neogene, triggered incision of deep fluvial valleys, later reshaped by glacial erosion (up to 300 m). In central West Greenland palaeosurfaces were analysed in relation to cover rock of different age. An exhumed etch surface, characterized by a typical hilly relief, occurs on Disko and south of Disko Bugt, and are by the presence of cover rocks shown to be sub-Palaeocene in origin. To the north, a post-Eocene erosion surface on Nuussuaq, cuts across basement and basalt and was probably formed close to sea level. Uplift in two phases elevated this surface up to 2000 m above present sea level and broke it in differently tilted tectonic blocks. South of Disko Bugt, a planation surface, of probably the same age as the one on Nuussuaq, cuts the tilted etch surface, and also cuts across different bedrock types. The planation surface rises towards the south and splits in two surfaces, separated in altitude up to 300 m, within two highly elevated areas. The separation into two surfaces indicate two uplift events: A first minor event of a few hundred metres in the uplift centres resulted in incision of the lower planation surface. This event was later followed by a major uplift event amounting to >1000 m. Correlation with the offshore sedimentary record suggests that both uplift events occurred in the Neogene. The erosion pattern calculated from one reconstructed palaeosurface to present topography shows large spatial variations. This is interpreted as an effect of differential bedrock resistance and local variations of glacial erosion (400–1300 m in low areas). The results presented in this thesis demonstrate the usefulness of palaeosurfaces and palaeovalleys as tools for deciphering magnitude of uplift events, establishing relative event chronologies and for calculation of erosion. Moreover integrated studies of palaeolandforms, offshore geology and thermal chronologies, are shown to be invaluable when used to solve the spatial and temporal patterns of uplift, erosion and deposition.
|
|
| 4. |
- Dahl, Martin, et al.
(författare)
-
Effects of shading and simulated grazing on carbon sequestration in a tropical seagrass meadow
- 2016
-
Ingår i: Journal of Ecology. - : Wiley. - 0022-0477 .- 1365-2745. ; 104:3, s. 654-664
-
Tidskriftsartikel (refereegranskat)abstract
- 1. There is an ongoing world-wide decline of seagrass ecosystems, one of the world's most efficient carbon sink habitats. In spite of this, there is a clear lack of studies experimentally testing the effects of anthropogenic disturbances on carbon sequestration of seagrass systems. 2. We assessed the effects of two disturbances of global concern on the carbon sink function in a five-month in situ experiment within a tropical seagrass (Thalassia hemprichii) meadow by testing the impacts of shading and simulated grazing at two levels of intensity using shading cloths and clipping of shoot tissue. We measured the effects of these disturbances on the carbon sequestration process by assessing the net community production (NCP), carbon and nitrogen content in tissue biomass, and organic matter and THAA (total hydrolysable amino acids) in the sediment down to 40 cm depth. 3. Treatments of high-intensity shading and high-intensity clipping were similarly impacted and showed a significantly lower NCP and carbon content in the below-ground biomass compared to the seagrass control. No significant effects were seen in organic carbon, total nitrogen, C:N ratio and THAA in the sediment for the seagrass treatments. However, both clipping treatments showed different depth profiles of carbon and THAA compared to the seagrass control, with lower organic carbon and THAA content in the surface sediment. This can be explained by the clipping of shoot tissue causing a less efficient trapping of allochthonous carbon and reduced input of shredded seagrass leaves to the detritus sediment layer. In the clipping plots, erosion of the surface sediment occurred, which was also most likely caused by the removal of above-ground plant biomass. 4. Synthesis. Our findings show that during the course of this experiment, there were no impacts on the sedimentary carbon while the high-intensity disturbances caused a clear depletion of carbon biomass and reduced the seagrass meadow's capacity to sequester carbon. From a long-term perspective, the observed effect on the carbon biomass pool in the high-intensity treatments and the sediment erosion in the clipping plots may lead to loss in sedimentary carbon.
|
|
| 5. |
- Dubrova, Elena, et al.
(författare)
-
CRC-Based Message Authentication for 5G Mobile Technology
- 2015
-
Ingår i: Proceedings of 2015 IEEE Trustcom/BigDataSE/ISPA. - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 1186-1191
-
Konferensbidrag (refereegranskat)abstract
- Our society greatly depends on mobile technologies. As wirelessly connected devices take over the control of the electricity in our homes, the water we drink and the transportation we use, it becomes increasingly important to guarantee the security of interactions of all players involved in a network. Apart from the high security needs, 5G will require utmost efficiency in the use of bandwidth and energy. In this paper, we show how to make the type of CRC checksum used in current LTE standards cryptographically secure with minimum extra resources. We present a new CRC-based message authentication method and provide a quantitative analysis of the achieved security as a function of message and CRC sizes. The presented method retains most of the implementation simplicity of the traditional CRC except that the LFSR implementing the encoding and decoding is required to have re-programmable connections. Similarly to previously proposed cryptographically secure CRCs, the presented CRC enables combining the detection of random and malicious errors without increasing bandwidth. Its main advantage is the ability to detect all double-bit errors in a message, which is of special importance for systems using Turbo codes, including LTE.
|
|
| 6. |
- Dubrova, Elena, et al.
(författare)
-
Energy-Efficient Message Authentication for IEEE 802.15.4-Based Wireless Sensor Networks
- 2014
-
Ingår i: <em>Proceedings of 32nd Nordic Microelectronics Conference NORCHIP </em>. - : IEEE conference proceedings.
-
Konferensbidrag (refereegranskat)abstract
- The number of wirelessly connected devices is expected to increase to a few tens of billions by the year 2020. Newer generations of products and applications will sharpen demands for ultra-low energy consuming wireless devices. Various techniques for energy saving based on Discontinuous Reception (DRX) are known. However, DRX is vulnerable to unauthorized or fake trigger requests by malicious adversaries aiming to drain a device's battery. Existing message authentication methods can identify spoofed messages, but they require the reception of a complete message before its authenticity can be verified. In this paper, we present a method which inserts authentication checkpoints at several positions within a message. This enables a device to identify that a message is unauthorized and turn its radio receiver off as soon as the first checkpoint fails. The presented method has a low complexity with respect to the computational and memory resources and does not slow down the receiver. It can maintain the packet format prescribed by the IEEE 802.15.4 specification, which provides for backward compatibility. Finally, it incorporates authentication checkpoints at the MAC layer, which allows nodes that do not employ the presented method to participate in the communication.
|
|
| 7. |
- Dubrova, Elena, et al.
(författare)
-
Keyed Logic BIST for Trojan Detection in SoC
- 2014
-
Ingår i: <em>Proceedings of IEEE International Symposium on System-on-Chip (SOC'2014)</em>. - : IEEE conference proceedings. - 9781479968909
-
Konferensbidrag (refereegranskat)abstract
- As demonstrated by the recent attack on Intel’s Ivy Bridge processor, the traditional Logic Built-In Self-Test (LBIST) methods do not provide adequate protection of SoC against malicious modifications known as hardware Trojans. In this paper, we introduce a simple but efficient countermeasure against hardware Trojans which exploits non-zero aliasing probability of LBIST. We propose to generate LBIST test patterns based on a configurable key which is decided and programed into the circuit after the manufacturing stage. Since the key and hence expected LBIST signature are unknown at the manufacturing stage, an attack based on selecting suitable values for the Trojan which result in the same signature as a fault-free circuit signature becomes infeasible.
|
|
| 8. |
- Dubrova, Elena, et al.
(författare)
-
Lightweight message authentication for constrained devices
- 2018
-
Ingår i: WiSec 2018 - Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450357319 ; , s. 196-201
-
Konferensbidrag (refereegranskat)abstract
- Message Authentication Codes (MACs) used in today's wireless communication standards may not be able to satisfy resource limitations of simpler 5G radio types and use cases such as machine type communications. As a possible solution, we present a lightweight message authentication scheme based on the cyclic redundancy check (CRC). It has been previously shown that a CRC with an irreducible generator polynomial as the key is an -almost XOR-universal (AXU) hash function with = (m + n)/2n-1, where m is the message size and n is the CRC size. While the computation of n-bit CRCs can be efficiently implemented in hardware using linear feedback shift registers, generating random degree-n irreducible polynomials is computationally expensive for large n. We propose using a product of k irreducible polynomials whose degrees sum up to n as a generator polynomial for an n-bit CRC and show that the resulting hash functions are -AXU with = (m + n)k/2n -k. The presented message authentication scheme can be seen as providing a trade-off between security and implementation efficiency.
|
|
| 9. |
- Dubrova, Elena, et al.
(författare)
-
Secure and Efficient LBIST for Feedback Shift Register-Based Cryptographic Systems
- 2014
-
Ingår i: <em>Proceedings of 19th IEEE European Test Symposium (ETS'2014)</em>. - : IEEE conference proceedings.
-
Konferensbidrag (refereegranskat)abstract
- Cryptographic methods are used to protect confidential information against unauthorised modification or disclo-sure. Cryptographic algorithms providing high assurance exist, e.g. AES. However, many open problems related to assuring security of a hardware implementation of a cryptographic algorithm remain. Security of a hardware implementation can be compromised by a random fault or a deliberate attack. The traditional testing methods are good at detecting random faults, but they do not provide adequate protection against malicious alterations of a circuit known as hardware Trojans. For example, a recent attack on Intel's Ivy Bridge processor demonstrated that the traditional Logic Built-In Self-Test (LBIST) may fail even the simple case of stuck-at fault type of Trojans. In this paper, we present a novel LBIST method for Feedback Shift Register (FSR)-based cryptographic systems which can detect such Trojans. The specific properties of FSR-based cryptographic systems allow us to reach 100% single stuck-at fault coverage with a small set of deterministic tests. The test execution time of the proposed method is at least two orders of magnitude shorter than the one of the pseudo-random pattern-based LBIST. Our results enable an efficient protection of FSR-based cryptographic systems from random and malicious stuck-at faults.
|
|
| 10. |
- Dubrova, Elena, et al.
(författare)
-
Two Countermeasures Against Hardware Trojans Exploiting Non-Zero Aliasing Probability of BIST
- 2016
-
Ingår i: Journal of Signal Processing Systems. - : Springer Science+Business Media B.V.. - 1939-8018 .- 1939-8115.
-
Tidskriftsartikel (refereegranskat)abstract
- The threat of hardware Trojans has been widely recognized by academia, industry, and government agencies. A Trojan can compromise security of a system in spite of cryptographic protection. The damage caused by a Trojan may not be limited to a business or reputation, but could have a severe impact on public safety, national economy, or national security. An extremely stealthy way of implementing hardware Trojans has been presented by Becker et al. at CHES’2012. Their work have shown that it is possible to inject a Trojan in a random number generator compliant with FIPS 140-2 and NIST SP800-90 standards by exploiting non-zero aliasing probability of Logic Built-In-Self-Test (LBIST). In this paper, we present two methods for modifying LBIST to prevent such an attack. The first method makes test patterns dependent on a configurable key which is programed into a chip after the manufacturing stage. The second method uses a remote test management system which can execute LBIST using a different set of test patterns at each test cycle.
|
|
