IEEE Spectrum February 16. 2021 Last summer, Darpa asked hackers to take their best shots at a set of newly designed hardware architectures designed under the DARPA System Security Integration Through Hardware and Firmware https://www.darpa.mil/program/ssith (SSITH) program. After 13,000 hours of hacking by 580 cybersecurity researchers only 10 vulnerabilities were found. Seven of the 10 vulnerabilities were deemed critical, according to the Common Vulnerability Scoring System 3.0 standards. Most of those resulted from weaknesses introduced by interactions between the hardware, firmware, and the operating system software…read more.
TechXplore.com December 7, 2020 When a voltage is applied an N type and a P type transistors perform computations. Right tools could clearly identify them—allowing you to go backwards, find out what each individual circuit component is doing and then reproduce the chip. A team of researchers in the US (Purdue University, University of Notre Dame) has shown that high-performance, low-voltage, two-dimensional black phosphorus FETs that have reconfigurable polarities are suitable for hardware security applications. Black phosphorus is so thin that it would enable electron and hole transport at a similar current level, making the two types of transistors appear […]
Phys.org November 6, 2020 Hardware-based Physical unclonable function (PUF) semiconductor chips have a unique physical code, however, the hardware structure had to be changed to increase the number of combinations of keys to enhance cryptographic characteristics. An international team of researchers (South Korea, USA – AFRL) has developed an encryption device that can greatly strengthen the cryptographic characteristics of PUFs selectively detecting circular polarization, without modify the hardware structure. They developed a phototransistor that can detect the circular polarization of light rotating in a clockwise or counterclockwise direction. As a proof‐of‐concept, the chiral phototransistor arrays are demonstrated as a physically […]
TechXplore November 5, 2020 Network operators are faced with securing 100Gbps networks with 100K+ concurrent connections by deploying IDS/IPSes to search for 10K+ rules concurrently. Through the Pigasus IDS/IPS, researchers at Carnegie Mellon University show that this goal is achievable by building on recent advances in FPGA-capable SmartNICs. Pigasus’ design takes an FPGA-first approach, where most of the processing, and all state and control flow are managed on the FPGA. However, doing so requires careful design of algorithms and data structures to ensure fast common-case performance while densely utilizing system memory resources. Their experiments with a variety of traces showed […]
FedScoop August 14, 2020 According to a report from the data analytics firm Govini, in a sample of more than 1,000 prime defense contractors’ supply chains there are several dozen Chinese suppliers from the IT, software, and telecommunications equipment industries. Federal government, including the DOD, has been required by law to remove certain Chinese-owned technology firms from it its supply chains as of Aug. 13. The risks of foreign — and Chinese, in particular — goods in the defense supply chain is greatest in the IT and software industries…read more.
Defense Systems August 18, 2020 IARPA has released a request for information for the Securing Compartmented Information with Smart Radio Systems (SCISRS) Research Program. It wants to find elusive radio frequency irregularities in increasingly complex radio environments, including low probability of intercept signals (LPIs), altered or mimicked signals, and abnormal unintended emissions using smart radio technologies…read more.
EurekAlert March 26, 2020 ACM, the Association for Computing Machinery, today announced the launch of Digital Threats: Research and Practice (DTRAP), a new peer-reviewed open access journal that targets the prevention, identification, mitigation and elimination of digital threats. As DTRAP seeks to bridge the gap between academic research and industry practice, the new journal is aimed at concrete, rather than theoretical, threats…read more.
Science Daily February 27, 2020 Researchers at UT Dallas aim to solve a major challenge to using artificial intelligence for cybersecurity: a shortage of data needed to train computers to detect intruders. They have developed a method called DEEP-Dig (DEcEPtion DIGging), which ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognize and stop future attacks. Most cyber defense programs try to disrupt intruders before anyone can monitor the intruders’ techniques. DEEP-Dig will give researchers a window into hackers’ methods as they enter a decoy […]
Phys.org February 12, 2020 According to researchers at the University of Denver the lack of cybersecurity standards and regulations for commercial satellites, in the U.S. and internationally, leaves them highly vulnerable to cyberattacks. If hackers took control of the satellites, they could shut them down, deny access to their services, jam or spoof the signals from satellites, creating havoc for critical infrastructure. If hackers took control of steerable satellites, they could alter the satellites’ orbits and crash them into other satellites. Complex supply chains and layers of stakeholders, and multiple parties involved in their management means it is often not […]
Eurekalert November 12, 2019 Researchers at Worcester Polytechnic Institute discovered two vulnerabilities located in trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smart phones, and tablets for the past 10 years. One of them was found in Intel’s TPM firmware, and another in STMicroelectronics’ TPM. The vulnerabilities have been addressed. They would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips. The recovered keys could be used to compromise a computer’s operating system, forge digital signatures on documents, […]