shamsoshoara20survey

Abstract

The vast areas of applications for IoTs in future smart cities, smart transportation systems, and so on represent a thriving surface for several security attacks with economic, environmental and societal impacts. This survey paper presents a review of the security challenges of emerging IoT networks and discusses some of the attacks and their countermeasures based on different domains in IoT networks. Most conventional solutions for IoT networks are adopted from communication networks while noting the particular characteristics of IoT networks such as the nodes quantity, heterogeneity, and the limited resources of the nodes, these conventional security methods are not adequate. One challenge towards utilizing common secret key-based cryptographic methods in large-scale IoTs is the problem of secret key generation, distribution, and storage and protecting these secret keys from physical attacks. Physically unclonable functions (PUFs) can be utilized as a possible hardware remedy for identification and authentication in IoTs. Since PUFs extract the unique hardware characteristics, they potentially offer an affordable and practical solution for secret key generation. However, several barriers limit the PUFs’ applications for key generation purposes. We discuss the advantages of PUF-based key generation methods, and we present a survey of state-of-the-art techniques in this domain. We also present a proof-of-concept PUF-based solution for secret key generation using resistive random-access memories (ReRAM) embedded in IoTs.

Introduction

• One key challenge in IoT networks is the lack of a unified security, identification and authentication standard.

• The security challenges in IoTs can be broadly classified into identification, authentication, encryption, confidentially, jamming, cloning, hijacking, and privacy.

• Several widely-used encryption mechanisms including public Key infrastructure (PKI), advanced encryption standard (AES), and elliptic curve cryptography (ECC) rely on secret keys.

• These keys are usually stored in the Non-volatile memory (NVM) of the devices such as ROM and one-time electronic fuse.

• However, due to the electrical nature of these memories they are highly susceptible to physical attacks. For instance, using a scanning electron microscope (SEM), attackers can implement many invasive threats on these chips. Moreover, using these kinds of memories requires additional fabrication steps during the
  production of the device.

• Antifuse or electronic fuse is another security technique which is being used for key storage using FinFET transistors. The main benefit of this technology is that the information about the power consumption is not disclosed during the reading process. The disadvantage is that it fails to remove the key from the
  device.

• The cryptographic keys are sensitive information and therefore, several mechanisms have been developed to protect these keys.

• There are two types of software-based, and hardware-based mechanisms to protect IoT devices from various attacks:

  • Software-based security mechanisms rely solely on software to protect their messages.

    • They are based on mathematical approaches (e.g., a discrete logarithmic problem) which may not be easily solvable using today’s computers but when the existence of quantum computers becomes a reality, they can be solved in a shorter time compared to traditional methods in order to extract the keys.

    • Moreover, the keys are stored in the NVM of the devices which are prone to attacks.

    • All the existing software security mechanisms are at high risk, which calls for additional security solutions.

    • White box cryptography (WBC) is a software based solution to protect these keys and allow secure distribution of valuable information. WBC requires high processing power and memory and is only applicable to symmetric cryptographic methods; therefore, it will not be a competing candidate for the security of IoT networks.

  • Hardware-based security uses a dedicated hardware integrated circuit or processor to perform cryptographic functions and store the keys.

    • They can prevent read-and-write access to data and offer a stronger protection against various attacks.

    • The hardware-based mechanisms such as Hardware Security Modules (HSM) have been used for crypto processing and strong authentication where it can encrypt, decrypt, store, and manage the digital keys. HSM have been used alongside with software mechanisms such as PKI, AES to encrypt their messages.

• One of the main problems with the hardware-based security solutions is that they are prone to the Man-in-the-middle attacks. In these attacks, when the hardware security module is stolen, the attackers can clone the device.

• This can be compared to a simple physical lock and key, where the key is stolen and cloned to mimic the actual key.

• Open

  

  figure to be added to the presentation

   

• Physically unclonable functions (PUFs) can provide a solution to this mentioned problem.

• PUF utilizes the intrinsic manufacturing variations in a device to generate a fingerprint of the hardware that offers the valuable advantage of unclonability.

• Other advantages for PUFs:

  • Therefore, PUFs are unique to their device and can be used as a security primitive to enable device-based identification, and authentication.

  • Furthermore, PUFs can provide a low cost alternative solution for on-demand generation of cryptographic keys from the device rather than the conventional methods, where the secret keys are produced and distributed by the server and stored in the IoT device memories.

    • the use of PUFs eliminates the security issues related to key storage and distribution.

• PUF reproducibility:

  • The data derived from PUFs is often highly sensitive to environmental changes and the physical conditions where the device is being tested. In other words, the readings from the PUFs are not perfectly reproducible.

  • Therefore, different types of PUFs have been used for the purpose of identification and authentication of devices, where a certain margin of error rate is tolerable.

  • However, even a small amount of variation in the PUF’s responses in different conditions can prevent
    them from being utilized in key generation because the key used for encryption needs to be perfectly reproducible to decrypt the messages.

Review of recent relevant survey papers and the contributions of this paper

→ Refer to the paper (post-quantum PUF is mentioned)

Key contribution

• The key contribution of this survey compared to the previously published surveys in IoT security:

  • studying the role of memory-based PUFs in authentication and identification of the various IoT devices.

  • discussing the potential advantages and challenges of using PUF-based secret key generation mechanisms to add another level of security to popular key-based cryptographic methods. Such
    mechanisms, if successful can enhance the security of a huge number of IoT devices against physical attacks. The current memory-based PUF technologies do not have the required robustness to generate fully reproducible responses for low-power IoT devices. This need calls for key generation schemes with error correction mechanisms to generate robust secret keys as required in cryptographic systems as discussed in this paper.

Paper organization

1. we discuss various security challenges in different domains of IoT networks, with a focus on TCP/IP Stack protocol

2. we briefly describe different attacks in an IoT network

3. we explain the chain of integrated circuit manufacturing and point out hardware attacks based on the vulnerable points

4. the concept of PUF, their classification along with their application in different security applications are
   discussed.

5. we investigate the role of PUFs in preventing hardware attacks

6. the role of fuzzy extractors in PUF to generate keys is described

7. we provide a survey on the state-of-the-art key generation mechanisms.

8. we investigate different types of attacks on fuzzy extractors

Security challenges and attacks in IoTs

Domain taxonomy to consider the security

One key challenge related to utilizing some traditional security protocols is the heterogeneous nature of IoT networks.

Different concepts of security based on four domains are introduced:

1. Data

   1. Data privacy and confidentiality are important aspects of security in different networks.

      1. confidentiality is a security concept which ensures that unauthorized users cannot access the data or try to hijack the information

      2. data privacy refers to the required regulations related to the collection, storage and sharing of data in such a way to protect the users’ personal information from third parties.

   2. Most of the time, the main focus of confidentiality is on the encryption of the data; however, privacy defines the level of access to the received data for different users.

2. Communication

   1. Communication in IoT networks is defined based on exchanging or sharing information between the users, devices or even exchanging information between different IoT layers.

   2. Several communication protocols have been used in IoT networks making these networks vulnerable to various communication attacks

   3. Many PUF solutions are available to handle security issues in the communication domain

3. Architecture

   1. There are no global and specific architectures for IoT networks to validate the security concepts for authorization and authentication.

4. Application

   1. Scope, scale, heterogeneity, accessibility, and repeatability are among the application features that can be used to evaluate different security techniques.

Attacks on IoT devices

1. Denial of service attack (DoS)

   • the attacker attempts to exploit all the reserves and resources in the network which can seriously degrade the network performance

2. Sybil attack

   • a single node is identified with different IDs.

3. Spoofed, alter, or replay routing information

   • an attacker changes the routing information or tried to manipulate the routing packets by listening to
     the legitimate transmitter and impersonating the identity of the real transmitter. Then, it sends fake data to the receiver and introduces loops into the network

4. Attacks based on access-level

   • Based on the level of access to the network, these types of attacks are categorized into two different branches namely, passive and active attacks.

     • Passive Attacks: In most passive attacks, the attacker just eavesdrops the communication between the legitimate transmitter and its receiver to exploit their data.

     • Active Attacks: In active attacks, the intruder attempts to disturb the connection between the legitimate entities, perform impersonation itself, or even disrupt the connection by manipulating the routing information.

5. Attacks in communication protocols

   • Open

     

     Taxonomy of attacks based on different layers of the TCP/IP reference model

      

6. Attacks based on device property

   • IoT devices are categorized into two groups: high-end and low-end device classes.

     • High-end device class attacks: In this class of attacks, powerful devices such as laptops and computers are used to launch attacks on the IoT network. Most of the time, the Internet protocol is used between the attacker and the IoT network.

     • Low-end device class attacks: In contrast to the previous class of attacks, in this class, the devices which have low power and energy are engaged in attacks on IoT devices. The attacker uses the radio connection between itself and the IoT device to perform the attack.

7. Attacks based on transmitting data

   • Sensors are also prone to different sorts of attacks which can be used to launch network attacks which can be categorized into six groups:

     • man-in-the-middle attack,

     • message replay attack,

     • fabrication attack,

     • alteration attack,

     • eavesdropping attack,

     • interruption attack.

   • PUFs can provide lots of solutions for these kind of attacks.

8. Host-based attacks

   1. The intruder targets the host resources such as the operating system (OS) or the hardware.

   2. The assumption in this attack is that the intruder has managed to access to the host.

   3. Host-based attacks are categorized into three groups: hardware-, software- and user-based attacks.

Classification of IoT security attacks on different layers of IoT networks

Although there is no well-defined layered model for IoT, the figure below illustrates a three-layered model for IoT devices.

• Memory-based PUFs have gained high importance in recent years because they are available as embedded memories in every IoT Device as cache or storage, and unlike other PUF technologies, they require minimal or no additional hardware.

• Therefore, memory-based PUFs can offer a unique solution for identification, authentication and even extracting the private cryptographic keys from the embedded memory in these devices without introducing additional fabrication costs to the device.

Hardware-based attacks

In this section, we focus on hardware-based attacks in IoT networks to lay the groundwork to discuss the role of PUFs in securing the IoT devices:

• Fake replica

  • the intruder counterfeits the original IP illegally.

  • Fake replica and piracy are totally different. Piracy means overbuilding the entire IC.

• Side-channel attack

  • In some cases, physical states’ parameters such as power consumption, timing values, or electromagnetic reflection from hardware can reveal important information to the intruder.

  • Such attacks which involve extracting the behavior of devices, are very common in public-crypto systems such as Rivest–Shamir–Adleman (RSA).

  • In a work, the authors proposed a public key exchange method using a PUF which is hard to break by physical and side-channel attacks.

• Reverse Engineering (RE)

  • Reverse engineering is the process wherein the intruder follows a reverse path from the application to the design point for the IC or the IP to reconstruct it, modify it, or implant malicious circuit into it.

  • In a work, the authors proposed new approaches using PUFs to obfuscate the hardware. The authors hide the circuit functionality using two methods: (i) Hiding the signal path and (ii)
    Replacing a logic using PUFs. They showed that these techniques are resilient to reverse engineering attacks.

• Intellectual Property (IP) hijacking

  • When the IC is designed, the designers of the IP company or people involved in the fabrication process might hijack the design information without respecting the copyright terms.

  • Moreover, an attacker at the fabrication stage may reproduce additional chips to sell them on the black market.

  • In these cases, unreliable people can steal the design information and assert a right to possess the proprietary of the IP or the IC.

  • In a work, the authors used the variation of delays in specific arrays of gates in an FPGA to employ a unique signature for IP protection and anti-hijacking.

• Trojans in hardware

  • Malicious modifications to an IC can be defined as a hardware Trojan. This Trojan can mislead the communication or cause a failure in control and processing units. In this kind of attack, the intruder can modify and alter the circuit or add a malicious circuit to it.

  • In a work, the authors proposed novel hardware protection techniques using PUF to prevent the use of hardware Trojan and unauthorized overproduction.

Hardware-based assisted security

Attacks can be generally categorized into two classes.

1. The attacker does not have physical access to the IoT device, hence, the attacker exploits software or network connections to gain access to the IoT device remotely. In this case, the attacker can draw out the cryptographic keys and disturb the authentication mechanism.

2. In the second case, the attacker has physical access to the IoT device or the chip. For instance, the intruder can perform fake replica, reverse engineering or the IP hijacking.

Hence, the existence of an environment is necessary to avoid these kind of adversaries.

In the following, two types of hardware-based security methods are proposed. These methods work based on environment splitting which means dividing the hardware and environment into two sections:

1. the secured area

2. the unsecured area.

In the first approach, which is ‘‘ARM TrustZone’’, a new state is defined in the processor to bring a meaningful separation. In the latter one, a specific hardware ‘‘Security Controller’’ such as a microcontroller takes the responsibility to define the reliable environment.

ARM TrustZone

• This technology initiates at the hardware level on a single core which divides the processor into two secured and unsecured areas.

• Since attackers can target the boot up procedure for microcontrollers, this method also secures the boot up process.

• The new secure state in the processor splits all partitions in the CPU. Using this method, all signals and interrupts of the secured area are isolated from the unsecured one.

Security controller

• The security controller or the secure microcontroller is an individual IC in the IoT device which brings a group of predefined cryptographic tasks.

• The security controller safeguards the confidentiality and the authenticity of the cryptosystems.

• PUF is a principle which is being used for authentication and authorization that does not call for any non-volatile memory.

• They can be also used for cryptographic key generation, where the digital key is not saved in the device, rather, it is extracted from the physical features of the device.

• In general, cryptographic methods are currently the most reliable way to secure IoT devices in a vulnerable environment. However, power utilization and key storage are amongst the main concerns when implementing these cryptographic methods in IoT networks.

Physically Unclonable Functions (PUFs)

Introduction to PUFs

PUFs use the unique variations introduced in the fabrication of the device, to extract a fingerprint unique to the device.

When the devices’ parameter is being measured for the first time, the measurement is called an ‘‘original response’’ for a specific input stimulus or a specific address in the memory-called as a ‘‘challenge’’ used to obtain this measurement and they are both stored in the server.

When the same parameter is measured again, and the same external stimulus is applied it is called a response.

These challenges and responses form a pair, called the Challenge Response Pair (CRP) and are generally compared with each other to validate the identity of the device.

The error between the challenge and response of a PUF during the registration and authentication phases is referred to as the Challenge Response Pair error (CRP error).

Subject to the number of possible CRPs a PUF has, they can be broadly classified into: ‘‘strong PUFs’’ and ‘‘weak PUFs’’.

1. Weak PUFs

   1. Weak PUFs leverage the manufacturing variability and allow digitization of some ‘‘fingerprint’’ of the hardware device.

   2. The number of responses in a weak PUF is a function of the number of components in the device used for generation of CRPs. This fact results in a small number of CRPs with stable responses which are usually robust to environmental conditions.

   3. Due to high stability and reproducibility of weak PUF responses, they are generally used for secret key generation.

2. Strong PUFs

   1. Strong PUFs have a large number of CRPs in a device.

   2. Ideally, if the number of unique CRPs is high, even though an attacker gets temporary accesses to the system, he/she will not be able to apply all the responses (brute force attack) and get access to the system.

   3. Hence, strong PUFs are generally used for authentication.

   4. However, a large set of PUF responses may offer stronger cryptographic strength as it leads to longer cryptographic keys.

PUFs can also be classified based on how their unique-randomness was obtained.

1. If the PUFs had their variation obtained by externally applying additional steps as in the case of coating PUFs they are called explicit PUFs.

2. If the randomness was natural through variations in the manufacturing process they are called implicit PUFs.

Usability of PUF can be determined by two statistical parameters of intra-distance and inter-distance which are defined as follows in:

1. ‘‘Intra-distance: the Hamming or the fractional Hamming distance between two different responses to the same PUF challenge’’

2. ‘‘Inter-distance: the Hamming or the fractional hamming distance between two responses of two different PUFs to a given challenge’’

These measurements indicate the PUFs reproducibility and uniqueness, respectively.

PUF-based security mechanisms depend on the unique CRP’s produced from a device.

Every PUF device initially needs to be registered with the server in order to use it with any cryptographic method.

• During the registration phase, the server uses a stimulus to challenge the client’s PUF and as a result a corresponding original response will be produced. This challenge and response pair is stored in the server’s memory.

• During the authentication process, the server uses the same challenge for the client’s PUF to extract the corresponding response. These responses depend on the manufacturing behavior and variations in PUF. The user is authenticated if the number of bits in error between a CRP at the registration phase and authentication phase is statistically low enough.

• Another application of PUFs is to utilize the high randomness introduced during its manufacturing to create a secure key from the device. Such key generation requires ideal PUFs that are robust, tamper evident, and unpredictable. In order to correct the noise in a PUF response and generate cryptographic keys, fuzzy extractors (FE) are utilized.

Types of PUFs

• An optical PUF uses the physical property of a transparent material, in which the light particles scatter in an uncontrolled manner. When a laser beam falls on it, a unique and random pattern is produced.

• A coating PUF can be built by filling the space between a network of metal wires on top of an IC with a randomly doped opaque with dielectric particles. Due to the random placement of doping, each couple of wires will have a random capacitance value. This PUF is generally used on the top layer of the ICs which is generally used to protect the underlying circuits from attackers’ inspection. The capacitance between the wires will change when a portion of the coating is removed. These PUFs have been used as RFID tags.

Silicon PUFs exploit the intrinsic variations in the IC manufacturing process.

• Leaked current-based PUFs were dependent on the concept that the combination of different intrinsic variations in a circuit will result in a different leakage current.

• Another example of silicon PUFs are Delay-based PUFs, where distinct delays are caused in a circuit due to the manufacturing variations in its components even in an identical layout.

  • The most popular examples of delay-based PUFs are Arbiter PUFs and Ring Oscillator PUFs. These PUFs need huge groups of device components to make them secure. These PUFs tend to take a
    substantial amount of chip space and are vulnerable to side channel attacks because they give off information due to heat and therefore, they may not be suitable for IoT nodes.

• Therefore, PUFs which can be easily deployed, occupy less space, and require less power are required for security purposes. These characteristics can be found in PUFs made from memory devices: Memory-based PUFs

Memory based PUFs

PUFs can be made from different types of memory including SRAM, Flash, MRAM, memristor, and ReRAM.

• SRAM PUFs were introduced in a work where the initial values of the cells, on powering on the SRAM were used to generate a unique fingerprint.

  • SRAMs tend to emit energy when they switch states which can be detected by checking the wavelength of the laser by using a signal analyzer. When this side channel information is leaked, it can provide enough information to the attacker about the device in order to clone it.

  • In our experiments, we utilize addressable PUF generator protocol to extract the fingerprint of the Memory device. In this protocol, a random number and a password which is known to both the client
    and server is exclusively-or’ed and sent to a hash function. This random number acts as our challenge for the protocol. The message digest obtained from the hash gives us the information in terms of address of the memory cell, from which the response of the PUF is extracted. This protocol can also be further extended to use multiple addresses to extract a key from different places of the device. A new key can also be easily developed by changing the Random number which will give rise to new addresses for fingerprint extraction.

Comparison and applications of different types of PUFs

Robustness of PUF responses

Analog physical parameters which are used to extract fingerprint of a device, are prone to noise and may change due to temperature, supply voltage and other parameters.

Differential design techniques are applied in order to mitigate some of the environmental dependencies in a PUF to make it more stable.

Although differential design techniques may improve reliability, the change in environmental conditions will introduce noise in the PUF output.

Different error correction coding techniques are being employed to improve the reproducibility of the PUF using ‘‘Fuzzy Extractor’’ schemes.

PUF-based security solutions

In this section, we study the role of PUFs in mitigating different types of attacks.

• Controlled PUFS (C-PUFs) is one possible solution to prevent man-in-the-middle attacks.

• Public-PUF (PPUF) prevents different physical attacks such as side channels.

• Hardware obfuscation using PUFs is one of the methods that researchers use to avoid the reverse engineering attacks.

• Using PUF with additional logic gates to mitigate hardware trojans and IP hijacking attacks

Fuzzy extractors

• Fuzzy extractors (FE) are mechanisms which help to extract original registered responses from noisy responses.

• These mechanisms are said to be information-theoretic secure, i.e., a crypto-system whose security is derived only from information theory, where the adversary cannot break the encryption due to insufficient information, thereby allowing them to be used in cryptography.

Refer to the paper for further details.

Generation of cryptographic keys from PUFs using fuzzy extractors

There are many factors that depend on the generation of a new key. Some of these factors include the entropy space of the PUF, time delay to read the PUF response, time delay caused in the generation of a key using a FE, and so on. A strong PUF has a high entropy and will be able to generate multiple keys for each
message while a weak PUF has to repeat the same keys over a period of time. In a SRAM PUF, there is an additional delay cost because one has to wait for the PUF to turn ON/OFF in order to read the PUF response.
This cost is also a key factor in generating the on-demand-keys.

Other Things

Interesting Facts (general knowledge)

Cardiac devices can be attacked by hackers leading to severe consequences or even death in some cases.

New Ideas

• study various security challenges with focus on the openwsn stack protocol instead of TCP/IP to see the possible threats on SCuM, and edit the excel table.

To know

• only public-key based encryption algorithms are at high risk with the creation of quantum computers, symmetric encryption algorithms are not.

To read later

• “Physical Unclonable Functions in the Internet of Things: State of the Art and Open Challenges”, this survey is done in 2019, similar to this survey, but it doesn’t focus on the study the role of memory-based
  PUFs in authentication and identification of the various IoT devices.

• A Survey on Hardware Security Techniques Targeting Low-Power SoC Designs https://ieeexplore.ieee.org/document/8916486

• In https://ieeexplore.ieee.org/document/7005393, the authors focused on securing communications between IoT devices using different protocols and mechanisms and the security weaknesses of IoT
  at different layers of communication were also discussed.