Download or read book A Hardware/Software Co-integration Approach for Securing Network Infrastructure Using Reconfigurable Computing written by Wafi Danesh and published by . This book was released on 2022 with total page 0 pages. Available in PDF, EPUB and Kindle. Book excerpt: In the last two decades, there has been a rapid proliferation of connected devices spanning various application domains. Coupled with the rise of novel computer networking paradigms, such as Internet-of-Things (IoT), edge computing, fog computing, cloud computing among others, experts predicted an estimated 50 billion connected devices by the year 2020. The emergence of these networking paradigms, however, raises critical security vulnerabilities. Such vulnerabilities, as a result, exposes new attack vectors to exploitation by increasingly competent attackers, with ever more sophisticated means at their disposal, at both the software and hardware level. The key reasons for the existence of such vulnerabilities in modern computer networks, arise due to the multifaceted constraints that need to be incorporated. Many current networking applications work under operating conditions of severe cost, power, and resource constraints. As a consequence of these constraints, the requisite computational resources required to incorporate critical security countermeasures are significantly reduced. Developers and system designers for the varied modern computer networking systems are often forced into a tradeoff of conventional security features, such as encryption, authentication, access control, network, and access security. At the software level, these vulnerabilities manifest in the form of unforeseen network intrusions, such as zero-day attacks. At the hardware level, a very serious threat are hardware Trojans (HT), which are clandestine, malicious circuits that can be inserted during runtime in the network infrastructure. In this dissertation, two key security countermeasures are proposed against vulnerabilities at both the hardware and software levels. Based on these countermeasures, an attempt is made to synthesize both countermeasures and propose a unified security paradigm, which can tackle both threat scenarios simultaneously. At the hardware level, this dissertation focuses on the serious threat posed by hardware Trojan (HT) insertion in the field programmable gate array (FPGA) configuration bitstream. Low-end FPGAs are widely used in networking infrastructure and forego critical security features such as encryption of bitstreams to optimize resource constrained deployment. An attacker can reverse engineer the configuration bitstream to insert HTs, which are clandestine malicious circuits, in the FPGA. The proposed countermeasure uses bitstream reverse engineering to perform HT detection and is scalable to any circuit size and topology. With regards to the software level, this dissertation focuses on the vulnerability of deep learning (DL) based network intrusion detection to adversarial examples in IoT networks. Even though DL approaches have proven extremely effective in intrusion detection given the high volume of network traffic in modern IoT networks, DL models are prone to misclassification to minute perturbations in input samples, called adversarial examples. In this dissertation, an unsupervised adversarial example detection approach is proposed which does not require extra hardware overhead for implementation and is based on the intrinsic characteristics of the DL model implemented. As an additional research focus, this dissertation investigates the use of multi-valued logic (MVL) in a circuit decomposition and synthesis approach for beyond Moore circuit implementations. MVL computing provides a larger information capacity compared to binary CMOS logic and is suitable for providing efficient data compression, processing, and communication with the massive network traffic volumes in modern computer networks. Some of the key issues preventing widespread adoption of MVL computing are the complex MVL expressions obtained from traditional logic decomposition approaches and the inefficient usage of binary switches for MVL data representation, communication, and processing. Therefore, this dissertation proposes a logic decomposition and synthesis algorithm for MVL, which combines concepts from machine learning and nanoelectronics. The proposed algorithm decomposes a MVL function to a set of linear expressions implemented by simple output summations, is adaptable to any device technology and radix of representation, and scalable with circuit size and topology. Compared to other popular MVL decomposition methods, the proposed algorithm presents significant savings in hardware overhead and computational complexity. In recent years, small but significant research efforts have been dedicated to usage of MVL in DL classifier design and HT detection. These innovations can pave the way for integrating MVL approaches in the security context at both the hardware and software level. In summary, this dissertation provides a detailed investigation of key security vulnerabilities at the software and hardware levels for modern computer networks, proposes adept and effective countermeasures and in addition, provides a proof-of-concept for a MVL decomposition and synthesis approach for beyond Moore circuits.