Search

Your search keyword '"Sadeghi, Ahmad-Reza"' showing total 60 results
Start Over Author "Sadeghi, Ahmad-Reza" Search Limiters Peer Reviewed
60 results on '"Sadeghi, Ahmad-Reza"'

8. With Great Complexity Comes Great Vulnerability: From Stand-Alone Fixes to Reconfigurable Security.

Author

Dessouky, Ghada, Frassetto, Tommaso, Jauernig, Patrick, Sadeghi, Ahmad-Reza, and Stapf, Emmanuel

Abstract

The increasing complexity of modern computing devices has rendered security architectures vulnerable to recent side-channel and transient-execution attacks. We discuss the most relevant defenses as well as their drawbacks and how to overcome them for next-generation secure processor design. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

9. Trusted Execution Environments: Properties, Applications, and Challenges.

Author

Jauernig, Patrick, Sadeghi, Ahmad-Reza, and Stapf, Emmanuel

Abstract

Software attacks on modern computer systems have been a persisting challenge for several decades, leading to a continuous arms race between attacks and defenses. As a first line of defense, operating system kernels enforce process isolation to limit potential attacks to only the code containing the vulnerabilities. However, vulnerabilities in the kernel itself (for example, various vulnerabilities found by Google Project Zero), side-channel attacks,1 or even physical attacks2 can be used to undermine process isolation. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

10. Key agreement for heterogeneous mobile ad-hoc groups

Author

Manulis, Mark and Sadeghi, Ahmad-Reza

Subjects
Ad hoc networks (Computer networks) -- Forecasts and trends, Mobile devices -- Technology application, Market trend/market analysis, Technology application, High technology industry
Abstract

Byline: Mark Manulis, Ahmad-Reza Sadeghi Security of various group-oriented applications for mobile ad-hoc groups requires a group secret shared between all participants. Contributory Group Key Agreement (CGKA) protocols can be used in mobile ad-hoc scenarios due to the absence of any trusted central authority (group manager) that actively participates in the computation of the group key. Members of spontaneously formed mobile ad-hoc groups are usually equipped with different kinds of mobile devices with varying performance capabilities. This heterogeneity opens new ways for the design of CGKA protocols and states additional security requirements with regard to the trustworthiness of the devices. In this paper we propose a CGKA protocol for mobile ad hoc groups that fairly distributes the computation costs amongst mobile devices by taking into account their performance limitations and preventing possible cheating through Trusted Computing techniques.

Published
2010

11. AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication.

Author

Marchal, Samuel, Miettinen, Markus, Nguyen, Thien Duc, Sadeghi, Ahmad-Reza, and Asokan, N.

Subjects
TELECOMMUNICATION systems, IDENTIFICATION, COMPUTER network security, COMMUNICATION models, LOGIC circuits
Abstract

IoT devices are being widely deployed. But the huge variance among them in the level of security and requirements for network resources makes it unfeasible to manage IoT networks using a common generic policy. One solution to this challenge is to define policies for classes of devices based on device type. In this paper, we present AuDI, a system for quickly and effectively identifying the type of a device in an IoT network by analyzing their network communications. AuDI models the periodic communication traffic of IoT devices using an unsupervised learning method to perform identification. In contrast to prior work, AuDI operates autonomously after initial setup, learning, without human intervention nor labeled data, to identify previously unseen device types. AuDI can identify the type of a device in any mode of operation or stage of lifecycle of the device. Via systematic experiments using 33 off-the-shelf IoT devices, we show that AuDI is effective (98.2% accuracy). [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

12. ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices.

Author

Asokan, N., Nyman, Thomas, Rattanavipanon, Norrathep, Sadeghi, Ahmad-Reza, and Tsudik, Gene

Subjects
EMBEDDED computer systems, EMBEDDED computer system design & construction, COMPUTER architecture, COMPUTER security, COMPUTER firmware, INTERNET of things, COMPUTER software, SCALABILITY
Abstract

Secure firmware update is an important stage in the Internet of Things (IoT) device life-cycle. Prior techniques, designed for other computational settings, are not readily suitable for IoT devices, since they do not consider idiosyncrasies of a realistic large-scale IoT deployment. This motivates our design of architecture for secure software update of realistic embedded devices (ASSURED), a secure and scalable update framework for IoT. ASSURED includes all stakeholders in a typical IoT update ecosystem, while providing end-to-end security between manufacturers and devices. To demonstrate its feasibility and practicality, ASSURED is instantiated and experimentally evaluated on two commodity hardware platforms. Results show that ASSURED is considerably faster than current update mechanisms in realistic settings. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

13. HardIDX: Practical and secure index with SGX in a malicious environment.

Author

Fuhry, Benny, Bahmani, Raad, Brasser, Ferdinand, Hahn, Florian, Kerschbaum, Florian, and Sadeghi, Ahmad-Reza

Subjects
SEARCH algorithms, DATA encryption software, COMPUTER security, MALWARE
Abstract

Software-based approaches for search over encrypted data are still either challenged by lack of proper, low-leakage encryption or slow performance. Existing hardware-based approaches do not scale well due to hardware limitations and software designs that are not specifically tailored to the hardware architecture, and are rarely well analyzed for their security (e.g. the impact of side channels). Additionally, existing hardware-based solutions often have a large code footprint in the trusted environment susceptible to software compromises. In this paper we present HardIDX: a hardware-based approach, leveraging Intel's SGX, for search over encrypted data. It implements only the security critical core, i.e., the search functionality, in the trusted environment and resorts to untrusted software for the remainder. HardIDX is deployable as a highly performant encrypted database index: it is logarithmic in the size of the index and searches are performed within a few milliseconds rather than seconds. We formally model and prove the security of our scheme showing that its leakage is equivalent to the best known searchable encryption schemes. Our implementation has a very small code and memory footprint yet still scales to virtually unlimited search index sizes, i.e., size is limited only by the general - non-secure - hardware resources. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

16. ACM CCS 2016 Interview, Part 3.

Author

Sadeghi, Ahmad-Reza and Zeitouni, Shaza

Abstract

IEEE Security & Privacy met with several interesting speakers at the 23rd ACM Conference on Computer and Communications Security (CCS), held 24–28 October 2016 in Vienna. This issue features two industry leaders: Intel Lab’s Anand Rajan and Robert Broberg of Cisco Advanced Research and Government. They discuss issues ranging from academia–industry collaboration to emerging technologies and legacy systems. [ABSTRACT FROM PUBLISHER]

Published
2017
Full Text
View/download PDF

17. ACM CCS 2016 Interviews, Part 2.

Author

Sadeghi, Ahmad-Reza and Zeitouni, Shaza

Abstract

IEEE Security & Privacy met with several interesting speakers at the 23rd ACM Conference on Computer and Communications Security (CCS), held 24-28 October 2016 in Vienna. IEEE S&P is highlighting these interviews in its Spotlight department. This issue features MIT Lincoln Laboratory's Hamed Okhravi, cryptographer and cryptanalyst Bart Preneel of KU Leuven, and former assistant director for US federal cybersecurity Gregory Shannon. They discuss issues ranging from moving-target defenses to Certificate Authorities to education and government regulation and strategies. [ABSTRACT FROM PUBLISHER]

Published
2017
Full Text
View/download PDF

18. ACM CCS 2016 Interviews, Part 1.

Author

Sadeghi, Ahmad-Reza and Zeitouni, Shaza

Abstract

IEEE Security & Privacy met with several interesting speakers at the 23rd ACM Conference on Computer and Communications Security (CCS), held 24-28 October 2016 in Vienna. IEEE S&P is highlighting these interviews in its Spotlight department. This issue features Turing Award winner Martin Hellman, who discusses issues including marriage and international security. [ABSTRACT FROM PUBLISHER]

Published
2017
Full Text
View/download PDF

19. Security & Privacy Week Interviews, Part 3.

Author

Sadeghi, Ahmad-Reza and Dessouky, Ghada

Abstract

IEEE Security & Privacy met with several interesting speakers at Security & Privacy Week (SPW) 2016 in Darmstadt, Germany. This issue features Srdan Capkun, computer science professor at ETH Zurich; Jeremy Epstein, a computer scientist at SRI International; George Danezis, security and privacy engineering professor at University College London; William Enck, associate professor at North Carolina State University; Panos Papadimitratos, associate professor at KTH; and Paul Francis, director at the Max Planck Institute for Software Systems. They discuss a variety of issues, including diversity, social norms, spoofing, privacy "guarantees," and mobile security. [ABSTRACT FROM PUBLISHER]

Published
2017
Full Text
View/download PDF

27. Security & Privacy Week Interviews, Part 2.

Author

Sadeghi, Ahmad-Reza and Dessouky, Ghada

Abstract

IEEE Security & Privacy met with several interesting speakers at Security & Privacy Week (SPW) 2016 in Darmstadt, Germany. This issue features Susan Landau, professor of social science and policy studies at Worcester Polytechnic Institute; Farinaz Koushanfar, professor of electrical and computer engineering at the University of California, San Diego; Vesselin Popov, business development director at the University of Cambridge Psychometrics Centre; and Negar Kiyavash, professor of electrical and computer engineering at the University of Illinois at Urbana-Champaign. They discuss a variety of issues, including governments' role in individuals' privacy, hardware breaches, psychology and digital living, and data analytics and privacy. [ABSTRACT FROM PUBLISHER]

Published
2016
Full Text
View/download PDF

28. Security & Privacy Week Interviews, Part 1.

Author

Sadeghi, Ahmad-Reza and Dessouky, Ghada

Abstract

IEEE Security & Privacy met with several interesting speakers at Security & Privacy Week (SPW) 2016 in Darmstadt, Germany. Kate Black, privacy officer at 23andMe.com; Johannes Buchmann, computer science and mathematics professor at Technische Universität Darmstadt; Nicolas Gisin, University of Geneva professor; Rei Safavi-Naini, founding director of the Institute for Security, Privacy and Information Assurance at the University of Calgary; and Gene Tsudik, computer science professor at the University of California, Irvine, discuss long-term security needs from both industry and research perspectives, touching on genomic privacy, postquantum cryptography, and potential attacks. [ABSTRACT FROM PUBLISHER]

Published
2016
Full Text
View/download PDF

29. Remanence Decay Side-Channel: The PUF Case.

Author

Zeitouni, Shaza, Oren, Yossef, Wachsmann, Christian, Koeberl, Patrick, and Sadeghi, Ahmad-Reza

Abstract

We present a side-channel attack based on remanence decay in volatile memory and show how it can be exploited effectively to launch a noninvasive cloning attack against SRAM physically unclonable functions (PUFs)—an important class of PUFs typically proposed as lightweight security primitives, which use existing memory on the underlying device. We validate our approach using SRAM PUFs instantiated on two 65-nm CMOS devices. We discuss countermeasures against our attack and propose the constructive use of remanence decay to improve the cloning resistance of SRAM PUFs. Moreover, as a further contribution of independent interest, we show how to use our evaluation results to significantly improve the performance of the recently proposed TARDIS scheme, which is based on remanence decay in SRAM memory and used as a time-keeping mechanism for low-power clockless devices. [ABSTRACT FROM PUBLISHER]

Published
2016
Full Text
View/download PDF

30. The Cybersecurity Landscape in Industrial Control Systems.

Author

McLaughlin, Stephen, Konstantinou, Charalambos, Wang, Xueyang, Davi, Lucas, Sadeghi, Ahmad-Reza, Maniatakos, Michail, and Karri, Ramesh

Subjects
INTERNET security, INDUSTRIAL applications, PROCESS control systems, INFORMATION & communication technologies, CYBERTERRORISM, COUNTERTERRORISM
Abstract

Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based systems to modern information and communication technology (ICT)-based systems creating a close coupling between cyber and physical components. In this paper, we explore the ICS cybersecurity landscape including: 1) the key principles and unique aspects of ICS operation; 2) a brief history of cyberattacks on ICS; 3) an overview of ICS security assessment; 4) a survey of “uniquely-ICS” testbeds that capture the interactions between the various layers of an ICS; and 5) current trends in ICS attacks and defenses. [ABSTRACT FROM AUTHOR]

Published
2016
Full Text
View/download PDF

34. Five Freedoms for the Homo Deus.

Author

Tene, Omer, Polonetsky, Jules, and Sadeghi, Ahmad-Reza

Abstract

With evidence mounting about the proliferation of “fake news” and hate speech online, policymakers around the world are already struggling to address the impact of new technologies on elections and public discourse in democratic societies. While the regulatory instinct may be to rein in AI, algorithms, and digital platforms, we should be cautious of knee-jerk reactions to complex public policy dilemmas. In this special issue of IEEE Security & Privacy, researchers from across disciplines discuss strategies to prevent a future in which artificial intelligence defeats liberal values, including privacy, equal protection under the law, and due process. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

36. EDA for secure and dependable cybercars.

Author

Koushanfar, Farinaz, Sadeghi, Ahmad-Reza, and Seudie, Hervé

Abstract

Modern vehicles integrate a multitude of embedded hard realtime control functionalities, and a host of advanced information and entertainment (infotainment) features. The true paradigm shift for future vehicles (cybercars) is not only a result of this increasing plurality of subsystems and functions, but is also driven by the unprecedented levels of intra- and inter-car connections and communications as well as networking with external entities. Several new cybercar security and safety challenges simultaneously arise. On one hand, many challenges arise due to increasing system complexity as well as new functionalities that should jointly work on the existing legacy protocols and technologies; such systems are likely unable to warrant a fully secure and dependable system without afterthoughts. On the other hand, challenges arise due to the escalating number of interconnections among the real-time control functions, infotainment components, and the accessible surrounding external devices, vehicles, networks, and cloud services. The arrival of cybercars calls for novel abstractions, models, protocols, design methodologies, testing and evaluation tools to automate the integration and analysis of the safety and security requirements. [ABSTRACT FROM AUTHOR]

Published
2012
Full Text
View/download PDF

37. PUF-based secure test wrapper design for cryptographic SoC testing.

Author

Das, Amitabh, Kocabas, Unal, Sadeghi, Ahmad-Reza, and Verbauwhede, Ingrid

Abstract

Globalization of the semiconductor industry increases the vulnerability of integrated circuits. This particularly becomes a major concern for cryptographic IP blocks integrated on a System-on-Chip (SoC). The trustworthiness of these cryptographic blocks can be ensured with a secure test strategy. Presently, the IEEE 1500 Test Wrapper has emerged as the test standard for industrial SoCs. Additionally a secure activation mechanism has been proposed to this standard in order to restrict access to the testing interface to eligible testers by using a cryptographic authentication mechanism. This access mechanism is necessary in order not to provide any side-channels which may leak secret information for attackers. However, this approach requires the authentication mechanism to be implemented in hardware incurring an area overhead, and the authentication secrets to be securely stored in non-volatile memory (NVM), which may be susceptible to side-channel attacks. In this work, we enhance the secure test wrapper allowing testing of multiple IP blocks using a PUF-based authentication mechanism which overcomes the necessity of secure NVM and reduces the implementation overhead. [ABSTRACT FROM PUBLISHER]

Published
2012
Full Text
View/download PDF

41. Mobile Trusted Computing.

Author

Asokan, N., Ekberg, Jan-Erik, Kostiainen, Kari, Rajan, Anand, Rozas, Carlos, Sadeghi, Ahmad-Reza, Schulz, Steffen, and Wachsmann, Christian

Subjects
MOBILE computing, MOBILE communication systems, COMPUTER security research, CELL phone security measures, WIRELESS communications security, SECURITY systems
Abstract

Trusted computing technologies for mobile devices have been researched, developed, and deployed over the past decade. Although their use has been limited so far, ongoing standardization may change this by opening up these technologies for easy access by developers and users. In this survey, we describe the current state of trusted computing solutions for mobile devices from research, standardization, and deployment perspectives. [ABSTRACT FROM PUBLISHER]

Published
2014
Full Text
View/download PDF

42. The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs.

Author

Schulz, Steffen, Varadharajan, Vijay, and Sadeghi, Ahmad-Reza

Abstract

Virtual private networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglected the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic without decrypting it. Many proposals have been made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this paper, we: 1) analyse the impact of covert channels in IPsec; 2) present several improved and novel approaches for covert channel mitigation in IPsec; 3) propose and implement a system for dynamic performance trade-offs; and 4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on information leakage. To encourage further research, we put our prototype code and data in the public domain. [ABSTRACT FROM PUBLISHER]

Published
2014
Full Text
View/download PDF

43. A systematic approach to practically efficient general two-party secure function evaluation protocols and their modular design.

Author

Kolesnikov, Vladimir, Sadeghi, Ahmad-Reza, and Schneider, Thomas

Subjects
*MATHEMATICAL functions, *COMPUTER security, *METHODOLOGY, *DATA encryption, *COMMUNICATION, *ALGORITHMS
Abstract

General two-party Secure Function Evaluation (SFE) allows mutually distrusting parties to correctly compute any function on their private input data, without revealing the inputs. Two-party SFE can benefit almost any client-server interaction where privacy is required, such as privacy-preserving credit checking, medical classification, or face recognition. Today, SFE is a subject of immense amount of research in a variety of directions and is not easy to navigate. In this article, we systematize the most practically important works of the vast research knowledge on general SFE. We argue that in many cases the most efficient SFE protocols are obtained by combining several basic techniques, e.g., garbled circuits and (additively) homomorphic encryption. As a valuable methodological contribution, we present a framework in which today's most efficient techniques for general SFE can be viewed as building blocks with well-defined interfaces that can be easily combined into a complete efficient solution. Further, our approach naturally allows automated protocol generation (compilation) and has been implemented partially in the TASTY framework. In summary, we provide a comprehensive guide in state-of-the-art SFE, with the additional goal of extracting, systematizing and unifying the most relevant and promising general SFE techniques. Our target audience are graduate students wishing to enter the SFE field and advanced engineers seeking to develop SFE solutions. We hope our guide paints a high-level picture of the field, including most common approaches and their trade-offs and gives precise and numerous pointers to formal treatment of its specific aspects. [ABSTRACT FROM AUTHOR]

Published
2013
Full Text
View/download PDF

44. La protection de la propriété terrienne entre loi et arbitrages.

Author

Sadeghi, Ahmad Reza

Abstract

The article examines the way legal conflicts pertaining to real property are handled in Afghanistan and analyzes some of the institutional and customary reasons why some of these resolutions fail. The author discusses the two legal regimes of public property, including the one known as public domain and the one known as malekiyat, which relates to the private domain of public property and recognizes the State as the rightful owner. Additional topics addressed include the protection of real property under the penal code, conflict resolution using the State Justice System, and the rules of judicial hearings concerning these real property conflicts.

Published
2013

45. Privacy-Preserving ECG Classification With Branching Programs and Neural Networks.

Author

Barni, Mauro, Failla, Pierluigi, Lazzeretti, Riccardo, Sadeghi, Ahmad-Reza, and Schneider, Thomas

Abstract

Privacy protection is a crucial problem in many biomedical signal processing applications. For this reason, particular attention has been given to the use of secure multiparty computation techniques for processing biomedical signals, whereby nontrusted parties are able to manipulate the signals although they are encrypted. This paper focuses on the development of a privacy preserving automatic diagnosis system whereby a remote server classifies a biomedical signal provided by the client without getting any information about the signal itself and the final result of the classification. Specifically, we present and compare two methods for the secure classification of electrocardiogram (ECG) signals: the former based on linear branching programs (a particular kind of decision tree) and the latter relying on neural networks. The paper deals with all the requirements and difficulties related to working with data that must stay encrypted during all the computation steps, including the necessity of working with fixed point arithmetic with no truncation while guaranteeing the same performance of a floating point implementation in the plain domain. A highly efficient version of the underlying cryptographic primitives is used, ensuring a good efficiency of the two proposed methods, from both a communication and computational complexity perspectives. The proposed systems prove that carrying out complex tasks like ECG classification in the encrypted domain efficiently is indeed possible in the semihonest model, paving the way to interesting future applications wherein privacy of signal owners is protected by applying high security standards. [ABSTRACT FROM PUBLISHER]

Published
2011
Full Text
View/download PDF

46. Towards automated security policy enforcement in multi-tenant virtual data centers.

Author

Cabuk, Serdar, Dalton, Chris I., Eriksson, Konrad, Kuhlmann, Dirk, Ramasamy, HariGovind V., Ramunno, Gianluca, Sadeghi, Ahmad-Reza, Schunter, Matthias, and Stüble, Christian

Subjects
DIGITAL libraries, VIRTUAL machine systems, COMPUTER security, COMPUTER network architectures, INFORMATION technology, PROTOTYPES
Abstract

Virtual data centers allow the hosting of virtualized infrastructures (networks, storage, machines) that belong to several customers on the same physical infrastructure. Virtualization theoretically provides the capability for sharing the infrastructure among different customers. In reality, however, this is rarely (if ever) done because of security concerns. A major challenge in allaying such concerns is the enforcement of appropriate customer isolation as specified by high-level security policies. At the core of this challenge is the correct configuration of all shared resources on multiple machines to achieve this overall security objective. To address this challenge, this paper presents a security architecture for virtual data centers based on virtualization and Trusted Computing technologies. Our architecture aims at automating the instantiation of a virtual infrastructure while automatically deploying the corresponding security mechanisms. This deployment is driven by a global isolation policy, and thus guarantees overall customer isolation across all resources. We have implemented a prototype of the architecture based on the Xen hypervisor. [ABSTRACT FROM AUTHOR]

Published
2010
Full Text
View/download PDF

47. Games without Frontiers: Whither Information Security and Privacy?

Author

Sadeghi, Ahmad-Reza

Abstract

The past decade has clearly shown that even the best security solutions won't eliminate threats once and for all, and that there will always be "unknown unknowns." However, new large-scale technologies and threat types require novel, sophisticated solutions to meet our current and future security and privacy demands. [ABSTRACT FROM PUBLISHER]

Published
2016
Full Text
View/download PDF

48. Changing the Game of Software Security.

Author

Vidas, Timothy, Larsen, Per, Okhravi, Hamed, and Sadeghi, Ahmad-Reza

Abstract

For a large part of the world population, software increasingly touches all aspects of life. Clearly there are societal and business benefits to be gained, but the pervasiveness of software also presents unprecedented risk. The lack of capable people to either analyze existing or safely create new software paired with the sheer volume and accelerating pace of software development lends to automated approaches to address this risk. The Cyber Grand Challenge presented an opportunity to advance the state of the art and science in autonomous reasoning in software security. The culmination of this contest presented seven fully autonomous systems vying against each other hacking and defending previously unseen computer software, ultimately making sense of zero-day attacks, entirely without any human assistance. This collection of works presents many aspects of autonomous software security from differing perspectives. The authors detail solution approaches as well as evidence of the challenges that remain. As with many aspects of computing, while much has been accomplished software security, much work remains. [ABSTRACT FROM PUBLISHER]

Published
2018
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results