SlideShare una empresa de Scribd logo

SCM + PUF_Day 3.pptx

Descargar como PPTX, PDF
N
nagarajan740445

Supply chain management

Educación
1 de 39
How To Secure Devices in Supply Chain Management ? Dr. Kiran Manjappa Assistant Professor, Dept. of IT, NITK
IoT ● IoT Network has improved the quality of our life. ○ Industry 4.0 ● 2025 - 75 Billion IoT Devices will be connected to the world wide network [1] ○ Supply-Chain, Healthcare, Location Information, Tracking Devices, ○ Smart City Networks ● Security Threats are also growing parallelly. ● At one side, IoT network provide security to us, On the other side, IoT network itself needs security. ○ IoT network needs security to provide security to us. ● 2019 - 2.9 Billion Attacks [1] ○ Increased by threefold when compared to 2018 statistics. 2
Security Breaches - Real World Examples ● Ransomware - WannaCry - 2017 ○ Took advantage of anonymity in Bitcoin ● Petya - Exploited the third party software present. ○ Ukraine. ● The Dyn Cyber Attack - DNS 3
Cloning/Counterfeit/Foreign Element 4 During Manufacturing In SCM
Cloning/Counterfeit/Foreign Element 5 During Manufacturing In SCM
Conventional Security in IoT - Problems ● IoT Devices are resource Constrained Devices ○ Usually low cost designs. ● The conventional Security Techniques requires higher resources ○ Not Suitable for IoT Devices ● Hence, other security techniques for IoT are being explored. 6
Hardware Security ● Hardware (or Device) - Threats ○ Cloning, Hijacking ○ Gray Market ○ Recycled ICs, Duplicate Devices, Hardware Trojans, Counterfeits, Pirated Products, Copy Cats…. ○ Gradually Increasing - A Threat for IoT Devices ○ IoT Devices - Easily Targetable. ○ Industry as well as academia going hand in hand to stem the tide. ○ Counterfeit of an IoT Device can happen during any stage of its life cycle. ■ Manufacturing ■ While In the Field. ■ Supply Chain - Most common Image Source: PUF (part 1) - YouTube 7
8
Hardware Authentication Image Source: PUF (part 1) - YouTube ● Storing Keys in the Device Itself. ● There should be a Memory in each device specifically for storing Keys. ● Additional Hardware in the Device - EEPROM or Flash Memory ● Expensive 9
Hardware Authentication Image Source: PUF (part 1) - YouTube Server Internet ● Entire Device can be Cloned. ● Keys can be compromised. ● What is the other option ? 10
Physically Unclonable Function (PUF) ● Hardware Security ○ Very Important ○ If Hardware itself is compromised, all the applications sitting above it will be vulnerable. ● Each hardware has its own unique characteristics ○ Ex. Startup Values of the Memory ● These characteristics will be exploited to implement PUF ● It is a hardware Root of Trust, Digital Fingerprint, Hardware ID etc. ● Uniquely Identifies a Device ● Lightweight, Cost Efficient protocols. ● No Additional Hardware or softwares (resource hungry) involved ○ All we need is a single comparison. 11
PUFs ● PUF is a function Which Works on Challenge - Response Pairs (CRPs) ● CRPs - The inherent characteristics of the devices for the particular events. ○ Stored in the Server. ● In future, if the same hardware device is exposed to the same event, it should produce the same result. ○ A challenge is given to PUF in the hardware - response is read from the PUF ○ The Received Response is then compared with the CRP pairs stored in the server. 12
PUF and CRPs 13 During Manufacturing Challenge Reponse 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table Trusted Third Party
Cloning/Counterfeit/Foreign Element 14 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table C2
Cloning/Counterfeit/Foreign Element 15 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table C2 R’ = R2 ?
More about CRPs ● Who will Give these CRPs ? ○ Manufacturers have to give these CRPs ● How they will get these CRPs ? ○ Different Methods ○ One of the method is exposing the device to different voltages and finding the response ■ P voltage - Response from the Device ■ Q Voltage - Response from the Device ■ X Parameter - Y Responses ● These Responses will be stored securely for future use. 16
-- -- -- -- -- -- -- -- - CRPs Response is Compared ● These CRP Table will not be stored in Device. ● It will be stored in the Trusted Neutral Place. ● Nothing is stored in the device except a function !! ● PUF receives the Challenge, Executes it on the hardware gets the result and passes the result to the Calling function 17
Smart Watch Image clipart - Google Search 2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com) Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115 (dreamstime.com) Image References: PUF Challenge (c) 18
Smart Watch Image clipart - Google Search 2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com) Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115 (dreamstime.com) Image References: PUF Challenge (c) R1 R2 R3 R4 R1 ≠ R2 ≠ R3 ≠ R4 19
PUF Device 1 Device 2 R1 R2 R1 ≠ R2 Uniqueness Property PUF R1 @ Time t PUF R2 @ Time t+n R1 ≈ R2 Reliable Property 20
PUF Types 21
SRAM PUF - Memory Based PUF ● Each and every IoT device has a memory ● Easy to implement - No additional hardware ○ Practical and Cost Effective ○ Robust to Voltage and Temperature Fluctuation ● Memory based PUF ○ SRAM ○ SRAM Failure PUF ○ DRAM ○ DRAM Access Latency PUFs ○ Row Hammer PUFs 22
PUF Types - Based on Robustness ● Two Types ○ Weak PUF and Strong PUF Sl. No Weak PUF Strong PUF 1 Smaller Number of CRPs More CRPs 2 Vulnerable for the Attack Attacker can guess CRPs Invulnerable to the Attack Difficult to Guess 3 Assumption: Human Presence Assumption: May be Random Places 4 SRAM (MBs) DRAM (GBs) 23
-- -- -- -- -- -- CRPs Weak PUF ● PUF can be reused ● Man in the Middle Attack Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos 24
- - - - - - - - - - - - - - - - - - - - - - - - - - - CRPs Strong PUF 25
- - - - - - - - - - - - x - - - - - - - - - - - - - - - CRPs Strong PUF Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos 26
- - - - - - - - - - - - x - - - - - - - - - - - - - - - CRPs Strong PUF Hashing Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos ● Encryption and Decryption modules should be added in the IoT Device ● Memory Expensive 27
Supply Chain ● Globalization - The International Market - More Geographical Area - More space for the attackers. ● May Cost Reputation of the legitimate suppliers, a Financial Loss. ● Tracking and Tracing is introduced in the supply chain. ○ Tracking - Current Possession of the product ○ Tracing - Transaction Transparency of the product’s life time. ● The cutting Edge Technologies like 5G and Blockchain Technology have eased the Supply Chain Process. 28
Reference [2] Supply Chain Eco-System - UpStream 29
Reference [2] Supply Chain Eco-System - UpStream CRPs PUF PUF PUF PUF PUF 30
-- -- -- -- -- -- -- -- - CRPs CRP Tables ● Centralized Database ● Trusted Third Party ● Cloud ● Encrypted or Plain Text Disadvantages ● SPF and SPA ● Compromised Trusted Third Party ● 75 Billion Devices !!! 75 Billion CRPs ○ How to manage ? 31
PUF + Blockchain Technology ● Recent Research ● Blockchain - Distributed Storage ○ No SPA, SPF ● Blockchain is used to store CRPs ● Safe and Immutable ● Access Control - Registered Users 32
Blockchain + PUF ● All the CRPs are stored in the Blockchain ○ Recall, Blockchain is immutable and secured ○ The unregistered user does not have access to PUF 33
Ownership Transfer (OT) ● One of the use case of PUF ● Before the actual device reaches the buyer, the OT process is completed. ● This may lead to inappropriate OT because of the following circumstances:, ○ Buyer can blame that the seller/owner has sent the wrong product/device. ○ A seller can send accidentally or purposefully Cloned/Recycled IC’s/devices to the buyer. ○ There could be delayed/wrong/failed Logistics or Supply chain events. ○ There can be unfaithful events in the supply chain. 34
PUF in SCM ● PUF - Identifies the integrity of each one of the individual components and IoT Devices ● Once the seller has sent the product to the buyer, buyer runs the PUF ● The OT is completed only after PUF function returns a matching CRP ● Otherwise, OT will stands cancelled. ● In Supply Chain every stage involves OT. ○ PUF can guarantee genuinity and integrity of the devices at every step. 35
Header Header Transactions Header Header Block n Block n + 1 Genesis Block -- -- -- -- -- -- -- -- - 1 2 3 4 Profile Userpic Stock Illustrations – 442 Profile Userpic Stock Illustrations, Vectors & Clipart - Dreamstime 36
Smart Contracts Smart Contract: 1. Manufacturer registers to the blockchain Register_Manufacturer smart contract 2. Each Manufacturer registers each generated component in the blockchain. Register_Component Smart Contract 3. Different buyers buy the component from the manufacturers. OT Smart Contract 4. When the components are assembled into an IoT Device, a unique ID will be generated based on all the component’s unique IDs which the IoT device consists of. Register_IoTDevice Smart Contract 5. At any point of time, the registered users can query the blockchain using Query_Component smart contract a. Returns the list of previous owners. 37
References 1. Alireza Shamsoshoara, Ashwija Korenda, Fatemeh Afghah, Sherali Zeadally, “A survey on physical unclonable function (PUF)-based security solutions for Internet of Things” Computer Networks, Volume 183, 2020, 107593, ISSN 1389-1286, https://doi.org/10.1016/j.comnet.2020.107593. 2. V. Hassija, V. Chamola, V. Gupta, S. Jain and N. Guizani, "A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures," in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6222-6246, 15 April15, 2021, doi: 10.1109/JIOT.2020.3025775. 3. Md Nazmul Islam and Sandip Kundu. 2019. Enabling IC Traceability via Blockchain Pegged to Embedded PUF. ACM Trans. Des. Autom. Electron. Syst. 24, 3, Article 36 (June 2019), 23 pages. DOI:https://doi.org/10.1145/3315669 4. Basics of SRAM PUF and how to deploy it for IoT security - Embedded.com 38
Thank You. kiranmanjappa@nitk.edu.in kiranmanjappa@gmail.com 39

Recomendados

Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Python on Rails - Victory Levy
Python on Rails - Victory LevyPython on Rails - Victory Levy
Python on Rails - Victory LevyHakka Labs
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Pic16 f676
Pic16 f676Pic16 f676
Pic16 f676veenaarams
 
Infecting the Embedded Supply Chain
Infecting the Embedded Supply Chain Infecting the Embedded Supply Chain
Infecting the Embedded Supply ChainPriyanka Aash
 
6datasheets
6datasheets6datasheets
6datasheetsMuhammad Iman Santoso
 

Recomendados

Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Python on Rails - Victory Levy
Python on Rails - Victory LevyPython on Rails - Victory Levy
Python on Rails - Victory LevyHakka Labs
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Pic16 f676
Pic16 f676Pic16 f676
Pic16 f676veenaarams
 
Infecting the Embedded Supply Chain
Infecting the Embedded Supply Chain Infecting the Embedded Supply Chain
Infecting the Embedded Supply ChainPriyanka Aash
 
6datasheets
6datasheets6datasheets
6datasheetsMuhammad Iman Santoso
 
Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Huzaifa Saadat
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusAnne Nicolas
 
12f675
12f67512f675
12f675YesseniaMadelaineAro
 
PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...SARADINDU SENGUPTA
 
14k50 auto
14k50 auto14k50 auto
14k50 autoAlfredo Santillan
 
IPLOOK PGW product information
IPLOOK PGW product informationIPLOOK PGW product information
IPLOOK PGW product informationIPLOOK Networks
 
675
675675
675Alfredo Santillan
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Igor Stoppa
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
PIC16F1934.PDF
PIC16F1934.PDFPIC16F1934.PDF
PIC16F1934.PDFBrayanJulian8
 
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]RootedCON
 
01
01 01
01 Jadavsejal
 
DWH Monitoring System
DWH Monitoring SystemDWH Monitoring System
DWH Monitoring SystemJaime Torres
 
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityIIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityChijioke “CJ” Ejimuda
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemArron Zhao
 
[114] DRC hubo technical review
[114] DRC hubo technical review[114] DRC hubo technical review
[114] DRC hubo technical reviewNAVER D2
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfasconindia
 
principles of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxprinciples of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxnagarajan740445
 
how to start the MSME business in India.pptx
how to start the MSME business in India.pptxhow to start the MSME business in India.pptx
how to start the MSME business in India.pptxnagarajan740445
 

Más contenido relacionado

Similar a SCM + PUF_Day 3.pptx

Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Huzaifa Saadat
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusAnne Nicolas
 
PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...SARADINDU SENGUPTA
 
IPLOOK PGW product information
IPLOOK PGW product informationIPLOOK PGW product information
IPLOOK PGW product informationIPLOOK Networks
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Igor Stoppa
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]RootedCON
 
DWH Monitoring System
DWH Monitoring SystemDWH Monitoring System
DWH Monitoring SystemJaime Torres
 
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityIIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityChijioke “CJ” Ejimuda
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemArron Zhao
 
[114] DRC hubo technical review
[114] DRC hubo technical review[114] DRC hubo technical review
[114] DRC hubo technical reviewNAVER D2
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfasconindia
 

Similar a SCM + PUF_Day 3.pptx (20)

Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: Greybus
 
12f675
12f67512f675
12f675
 
PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...PyData Global 2022 - Things I learned while running neural networks on microc...
PyData Global 2022 - Things I learned while running neural networks on microc...
 
14k50 auto
14k50 auto14k50 auto
14k50 auto
 
IPLOOK PGW product information
IPLOOK PGW product informationIPLOOK PGW product information
IPLOOK PGW product information
 
675
675675
675
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
Open_IoT_Summit-Europe-2016-Building_an_IoT-class_Device_0
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
PIC16F1934.PDF
PIC16F1934.PDFPIC16F1934.PDF
PIC16F1934.PDF
 
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
Ismael Benito & Arnau Gàmez - Hacking Tokens: A Massive PoC [rooted2018]
 
01
01 01
01
 
DWH Monitoring System
DWH Monitoring SystemDWH Monitoring System
DWH Monitoring System
 
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> FacilityIIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
IIoT: The Whole Gamut - Exploration --> Drilling --> Production --> Facility
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT system
 
[114] DRC hubo technical review
[114] DRC hubo technical review[114] DRC hubo technical review
[114] DRC hubo technical review
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
 

Más de nagarajan740445

principles of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxprinciples of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxnagarajan740445
 
how to start the MSME business in India.pptx
how to start the MSME business in India.pptxhow to start the MSME business in India.pptx
how to start the MSME business in India.pptxnagarajan740445
 
digital age mode Industry presentation.pptx
digital age mode Industry presentation.pptxdigital age mode Industry presentation.pptx
digital age mode Industry presentation.pptxnagarajan740445
 
Statistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptxStatistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptxnagarajan740445
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxnagarajan740445
 
MDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).pptMDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).pptnagarajan740445
 
Intestinal Obstruction (1).ppt
Intestinal Obstruction (1).pptIntestinal Obstruction (1).ppt
Intestinal Obstruction (1).pptnagarajan740445
 
marketing analytics 1.pptx
marketing analytics 1.pptxmarketing analytics 1.pptx
marketing analytics 1.pptxnagarajan740445
 
first rule of marketing analytics forget about the customer.pptx
first rule of marketing analytics forget about the customer.pptxfirst rule of marketing analytics forget about the customer.pptx
first rule of marketing analytics forget about the customer.pptxnagarajan740445
 
marketing analytics.pptx
marketing analytics.pptxmarketing analytics.pptx
marketing analytics.pptxnagarajan740445
 
BUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.pptBUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.pptnagarajan740445
 
Tamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdfTamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdfnagarajan740445
 
malabsorptionsyndrome-141120082515-conversion-gate02.pdf
malabsorptionsyndrome-141120082515-conversion-gate02.pdfmalabsorptionsyndrome-141120082515-conversion-gate02.pdf
malabsorptionsyndrome-141120082515-conversion-gate02.pdfnagarajan740445
 

Más de nagarajan740445 (20)

principles of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptxprinciples of design thinking and start a new business in bengaluru.pptx
principles of design thinking and start a new business in bengaluru.pptx
 
how to start the MSME business in India.pptx
how to start the MSME business in India.pptxhow to start the MSME business in India.pptx
how to start the MSME business in India.pptx
 
digital age mode Industry presentation.pptx
digital age mode Industry presentation.pptxdigital age mode Industry presentation.pptx
digital age mode Industry presentation.pptx
 
Statistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptxStatistical Learning and Model Selection module 2.pptx
Statistical Learning and Model Selection module 2.pptx
 
scorpio case study.pptx
scorpio case study.pptxscorpio case study.pptx
scorpio case study.pptx
 
SENCER_panel.ppt
SENCER_panel.pptSENCER_panel.ppt
SENCER_panel.ppt
 
geetha 1SP21BA009.pptx
geetha 1SP21BA009.pptxgeetha 1SP21BA009.pptx
geetha 1SP21BA009.pptx
 
gagana ppt 1.pptx
gagana ppt 1.pptxgagana ppt 1.pptx
gagana ppt 1.pptx
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptx
 
MDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).pptMDD in CAP (Saundra Stock).ppt
MDD in CAP (Saundra Stock).ppt
 
Intestinal Obstruction (1).ppt
Intestinal Obstruction (1).pptIntestinal Obstruction (1).ppt
Intestinal Obstruction (1).ppt
 
marketing analytics 1.pptx
marketing analytics 1.pptxmarketing analytics 1.pptx
marketing analytics 1.pptx
 
first rule of marketing analytics forget about the customer.pptx
first rule of marketing analytics forget about the customer.pptxfirst rule of marketing analytics forget about the customer.pptx
first rule of marketing analytics forget about the customer.pptx
 
marketing analytics.pptx
marketing analytics.pptxmarketing analytics.pptx
marketing analytics.pptx
 
Cardiac.pptx
Cardiac.pptxCardiac.pptx
Cardiac.pptx
 
NERCOMPfinal_jfg.ppt
NERCOMPfinal_jfg.pptNERCOMPfinal_jfg.ppt
NERCOMPfinal_jfg.ppt
 
Data Analytics .pptx
Data Analytics .pptxData Analytics .pptx
Data Analytics .pptx
 
BUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.pptBUSINESS_ANALYTICS_ppt.ppt
BUSINESS_ANALYTICS_ppt.ppt
 
Tamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdfTamil Nadul List of Doctors-2020.pdf
Tamil Nadul List of Doctors-2020.pdf
 
malabsorptionsyndrome-141120082515-conversion-gate02.pdf
malabsorptionsyndrome-141120082515-conversion-gate02.pdfmalabsorptionsyndrome-141120082515-conversion-gate02.pdf
malabsorptionsyndrome-141120082515-conversion-gate02.pdf
 

Último

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfssuserdda66b
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 

Último (20)

Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 

SCM + PUF_Day 3.pptx

  • 1. How To Secure Devices in Supply Chain Management ? Dr. Kiran Manjappa Assistant Professor, Dept. of IT, NITK
  • 2. IoT ● IoT Network has improved the quality of our life. ○ Industry 4.0 ● 2025 - 75 Billion IoT Devices will be connected to the world wide network [1] ○ Supply-Chain, Healthcare, Location Information, Tracking Devices, ○ Smart City Networks ● Security Threats are also growing parallelly. ● At one side, IoT network provide security to us, On the other side, IoT network itself needs security. ○ IoT network needs security to provide security to us. ● 2019 - 2.9 Billion Attacks [1] ○ Increased by threefold when compared to 2018 statistics. 2
  • 3. Security Breaches - Real World Examples ● Ransomware - WannaCry - 2017 ○ Took advantage of anonymity in Bitcoin ● Petya - Exploited the third party software present. ○ Ukraine. ● The Dyn Cyber Attack - DNS 3
  • 6. Conventional Security in IoT - Problems ● IoT Devices are resource Constrained Devices ○ Usually low cost designs. ● The conventional Security Techniques requires higher resources ○ Not Suitable for IoT Devices ● Hence, other security techniques for IoT are being explored. 6
  • 7. Hardware Security ● Hardware (or Device) - Threats ○ Cloning, Hijacking ○ Gray Market ○ Recycled ICs, Duplicate Devices, Hardware Trojans, Counterfeits, Pirated Products, Copy Cats…. ○ Gradually Increasing - A Threat for IoT Devices ○ IoT Devices - Easily Targetable. ○ Industry as well as academia going hand in hand to stem the tide. ○ Counterfeit of an IoT Device can happen during any stage of its life cycle. ■ Manufacturing ■ While In the Field. ■ Supply Chain - Most common Image Source: PUF (part 1) - YouTube 7
  • 8. 8
  • 9. Hardware Authentication Image Source: PUF (part 1) - YouTube ● Storing Keys in the Device Itself. ● There should be a Memory in each device specifically for storing Keys. ● Additional Hardware in the Device - EEPROM or Flash Memory ● Expensive 9
  • 10. Hardware Authentication Image Source: PUF (part 1) - YouTube Server Internet ● Entire Device can be Cloned. ● Keys can be compromised. ● What is the other option ? 10
  • 11. Physically Unclonable Function (PUF) ● Hardware Security ○ Very Important ○ If Hardware itself is compromised, all the applications sitting above it will be vulnerable. ● Each hardware has its own unique characteristics ○ Ex. Startup Values of the Memory ● These characteristics will be exploited to implement PUF ● It is a hardware Root of Trust, Digital Fingerprint, Hardware ID etc. ● Uniquely Identifies a Device ● Lightweight, Cost Efficient protocols. ● No Additional Hardware or softwares (resource hungry) involved ○ All we need is a single comparison. 11
  • 12. PUFs ● PUF is a function Which Works on Challenge - Response Pairs (CRPs) ● CRPs - The inherent characteristics of the devices for the particular events. ○ Stored in the Server. ● In future, if the same hardware device is exposed to the same event, it should produce the same result. ○ A challenge is given to PUF in the hardware - response is read from the PUF ○ The Received Response is then compared with the CRP pairs stored in the server. 12
  • 13. PUF and CRPs 13 During Manufacturing Challenge Reponse 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table Trusted Third Party
  • 14. Cloning/Counterfeit/Foreign Element 14 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table C2
  • 15. Cloning/Counterfeit/Foreign Element 15 1 C1 R1 2 C2 R2 3 C3 R3 CRP Table C2 R’ = R2 ?
  • 16. More about CRPs ● Who will Give these CRPs ? ○ Manufacturers have to give these CRPs ● How they will get these CRPs ? ○ Different Methods ○ One of the method is exposing the device to different voltages and finding the response ■ P voltage - Response from the Device ■ Q Voltage - Response from the Device ■ X Parameter - Y Responses ● These Responses will be stored securely for future use. 16
  • 17. -- -- -- -- -- -- -- -- - CRPs Response is Compared ● These CRP Table will not be stored in Device. ● It will be stored in the Trusted Neutral Place. ● Nothing is stored in the device except a function !! ● PUF receives the Challenge, Executes it on the hardware gets the result and passes the result to the Calling function 17
  • 18. Smart Watch Image clipart - Google Search 2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com) Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115 (dreamstime.com) Image References: PUF Challenge (c) 18
  • 19. Smart Watch Image clipart - Google Search 2,810,717 Mobile Phone Stock Photos, Pictures & Royalty-Free Images - iStock (istockphoto.com) Washing machine design clipart Royalty Free Vector Image (vectorstock.com) Pda Handheld Computer Vector Illustration Stock Vector - Illustration of electronic, small: 1622115 (dreamstime.com) Image References: PUF Challenge (c) R1 R2 R3 R4 R1 ≠ R2 ≠ R3 ≠ R4 19
  • 20. PUF Device 1 Device 2 R1 R2 R1 ≠ R2 Uniqueness Property PUF R1 @ Time t PUF R2 @ Time t+n R1 ≈ R2 Reliable Property 20
  • 22. SRAM PUF - Memory Based PUF ● Each and every IoT device has a memory ● Easy to implement - No additional hardware ○ Practical and Cost Effective ○ Robust to Voltage and Temperature Fluctuation ● Memory based PUF ○ SRAM ○ SRAM Failure PUF ○ DRAM ○ DRAM Access Latency PUFs ○ Row Hammer PUFs 22
  • 23. PUF Types - Based on Robustness ● Two Types ○ Weak PUF and Strong PUF Sl. No Weak PUF Strong PUF 1 Smaller Number of CRPs More CRPs 2 Vulnerable for the Attack Attacker can guess CRPs Invulnerable to the Attack Difficult to Guess 3 Assumption: Human Presence Assumption: May be Random Places 4 SRAM (MBs) DRAM (GBs) 23
  • 24. -- -- -- -- -- -- CRPs Weak PUF ● PUF can be reused ● Man in the Middle Attack Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos 24
  • 25. - - - - - - - - - - - - - - - - - - - - - - - - - - - CRPs Strong PUF 25
  • 26. - - - - - - - - - - - - x - - - - - - - - - - - - - - - CRPs Strong PUF Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos 26
  • 27. - - - - - - - - - - - - x - - - - - - - - - - - - - - - CRPs Strong PUF Hashing Image Source: 17,365 Detective cartoon Vector Images, Detective cartoon Illustrations | Depositphotos ● Encryption and Decryption modules should be added in the IoT Device ● Memory Expensive 27
  • 28. Supply Chain ● Globalization - The International Market - More Geographical Area - More space for the attackers. ● May Cost Reputation of the legitimate suppliers, a Financial Loss. ● Tracking and Tracing is introduced in the supply chain. ○ Tracking - Current Possession of the product ○ Tracing - Transaction Transparency of the product’s life time. ● The cutting Edge Technologies like 5G and Blockchain Technology have eased the Supply Chain Process. 28
  • 29. Reference [2] Supply Chain Eco-System - UpStream 29
  • 30. Reference [2] Supply Chain Eco-System - UpStream CRPs PUF PUF PUF PUF PUF 30
  • 31. -- -- -- -- -- -- -- -- - CRPs CRP Tables ● Centralized Database ● Trusted Third Party ● Cloud ● Encrypted or Plain Text Disadvantages ● SPF and SPA ● Compromised Trusted Third Party ● 75 Billion Devices !!! 75 Billion CRPs ○ How to manage ? 31
  • 32. PUF + Blockchain Technology ● Recent Research ● Blockchain - Distributed Storage ○ No SPA, SPF ● Blockchain is used to store CRPs ● Safe and Immutable ● Access Control - Registered Users 32
  • 33. Blockchain + PUF ● All the CRPs are stored in the Blockchain ○ Recall, Blockchain is immutable and secured ○ The unregistered user does not have access to PUF 33
  • 34. Ownership Transfer (OT) ● One of the use case of PUF ● Before the actual device reaches the buyer, the OT process is completed. ● This may lead to inappropriate OT because of the following circumstances:, ○ Buyer can blame that the seller/owner has sent the wrong product/device. ○ A seller can send accidentally or purposefully Cloned/Recycled IC’s/devices to the buyer. ○ There could be delayed/wrong/failed Logistics or Supply chain events. ○ There can be unfaithful events in the supply chain. 34
  • 35. PUF in SCM ● PUF - Identifies the integrity of each one of the individual components and IoT Devices ● Once the seller has sent the product to the buyer, buyer runs the PUF ● The OT is completed only after PUF function returns a matching CRP ● Otherwise, OT will stands cancelled. ● In Supply Chain every stage involves OT. ○ PUF can guarantee genuinity and integrity of the devices at every step. 35
  • 36. Header Header Transactions Header Header Block n Block n + 1 Genesis Block -- -- -- -- -- -- -- -- - 1 2 3 4 Profile Userpic Stock Illustrations – 442 Profile Userpic Stock Illustrations, Vectors & Clipart - Dreamstime 36
  • 37. Smart Contracts Smart Contract: 1. Manufacturer registers to the blockchain Register_Manufacturer smart contract 2. Each Manufacturer registers each generated component in the blockchain. Register_Component Smart Contract 3. Different buyers buy the component from the manufacturers. OT Smart Contract 4. When the components are assembled into an IoT Device, a unique ID will be generated based on all the component’s unique IDs which the IoT device consists of. Register_IoTDevice Smart Contract 5. At any point of time, the registered users can query the blockchain using Query_Component smart contract a. Returns the list of previous owners. 37
  • 38. References 1. Alireza Shamsoshoara, Ashwija Korenda, Fatemeh Afghah, Sherali Zeadally, “A survey on physical unclonable function (PUF)-based security solutions for Internet of Things” Computer Networks, Volume 183, 2020, 107593, ISSN 1389-1286, https://doi.org/10.1016/j.comnet.2020.107593. 2. V. Hassija, V. Chamola, V. Gupta, S. Jain and N. Guizani, "A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures," in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6222-6246, 15 April15, 2021, doi: 10.1109/JIOT.2020.3025775. 3. Md Nazmul Islam and Sandip Kundu. 2019. Enabling IC Traceability via Blockchain Pegged to Embedded PUF. ACM Trans. Des. Autom. Electron. Syst. 24, 3, Article 36 (June 2019), 23 pages. DOI:https://doi.org/10.1145/3315669 4. Basics of SRAM PUF and how to deploy it for IoT security - Embedded.com 38