CIST: A Threat Modelling Approach for Hardware Supply Chain Security

Halak, Basel

doi:10.1007/978-3-030-62707-2_1

Cited by 10 publications

(7 citation statements)

References 149 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Military systems in a contested environment include a wide range of electronic devices used for espionage and undercover activities. In both of the above cases, it is reasonable to assume that the adversary is either a large criminal organization or a statefunded actor, as they are the most likely beneficiaries of attacking such systems [23].…”

Section: Imentioning

confidence: 99%

Toward Autonomous Physical Security Defenses Using Machine Learning

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

Section: Imentioning

confidence: 99%

Toward Autonomous Physical Security Defenses Using Machine Learning

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…The consequences of an insecure IC supply chain are not only limited to significant financial losses but also pose a national security threat. Another trend that has further increased the hardware attack surface is the proliferation of the Internet of Things technology and embedded systems (Halak, 2021). A lack of focus on the early detection and mitigation of hardware vulnerabilities can have devastating consequences that are far more costly and time-consuming to remediate than software incidents (Nygård et al , 2022).…”

Section: Introductionmentioning

confidence: 99%

“…used at system-level HRE [select from list inHalak (2021)] Created by author and is related to the use-case in reference …”

mentioning

confidence: 99%

Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure

Nygård,

Katsikas

2024

ICS

View full text Add to dashboard Cite

Purpose This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators. Design/methodology/approach A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development. Findings The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework. Originality/value To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.

show abstract

“…Ultrasound is highly susceptible to cyberattacks [36]. In most of the current research, there are various methods for generating noises but most of these studies are based on hardware [37]. Compared with hardware-based encrypting algorithms, software-based algorithms can be updated with software engineers to increase encrypting capability [38]; therefore, we applied a mathematically generated noise function to generate random bits for ultrasound systems.…”

Section: Introductionmentioning

confidence: 99%

A Mathematically Generated Noise Technique for Ultrasound Systems

Choi

Shin

2022

Sensors

View full text Add to dashboard Cite

Ultrasound systems have been widely used for consultation; however, they are susceptible to cyberattacks. Such ultrasound systems use random bits to protect patient information, which is vital to the stability of information-protecting systems used in ultrasound machines. The stability of the random bit must satisfy its unpredictability. To create a random bit, noise generated in hardware is typically used; however, extracting sufficient noise from systems is challenging when resources are limited. There are various methods for generating noises but most of these studies are based on hardware. Compared with hardware-based methods, software-based methods can be easily accessed by the software developer; therefore, we applied a mathematically generated noise function to generate random bits for ultrasound systems. Herein, we compared the performance of random bits using a newly proposed mathematical function and using the frequency of the central processing unit of the hardware. Random bits are generated using a raw bitmap image measuring 1000 × 663 bytes. The generated random bit analyzes the sampling data in generation time units as time-series data and then verifies the mean, median, and mode. To further apply the random bit in an ultrasound system, the image is randomized by applying exclusive mixing to a 1000 × 663 ultrasound phantom image; subsequently, the comparison and analysis of statistical data processing using hardware noise and the proposed algorithm were provided. The peak signal-to-noise ratio and mean square error of the images are compared to evaluate their quality. As a result of the test, the min entropy estimate (estimated value) was 7.156616/8 bit in the proposed study, which indicated a performance superior to that of GetSystemTime. These results show that the proposed algorithm outperforms the conventional method used in ultrasound systems.

show abstract

CIST: A Threat Modelling Approach for Hardware Supply Chain Security

Cited by 10 publications

References 149 publications

Toward Autonomous Physical Security Defenses Using Machine Learning

Toward Autonomous Physical Security Defenses Using Machine Learning

Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure

A Mathematically Generated Noise Technique for Ultrasound Systems

Contact Info

Product

Resources

About