TEcoSA members are notified by email each time a publication is submitted and have the chance to offer feedback to the authors before the paper is accepted. Once a paper is published, it will be posted here as open information. This page will be updated quarterly. The TECoSA authors are shown in blue. Authors should email tecosa-admin@kth if they spot that an update is required. (* indicates info to follow soon)
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
1. The following copyright notice applies to all of the items below that appear in IEEE publications: “Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE.”
2. The following copyright notice applies to all of the items below that appear in ACM publications: “© ACM, effective the year of publication shown in the bibliographic information. This file is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the journal or proceedings indicated in the bibliographic data for each item.”
3. The following copyright notice applies to all of the items below that appear in IFAC publications: “Document is being reproduced under permission of the Copyright Holder. Use or reproduction of the Document is for informational or personal use only.”
Foresee the Unseen: Evaluating Sequential Reasoning about Hidden Objects in Traffic
Authors: José Manuel Gaspar Sánchez, Truls Nyberg, Christian Pek, Jana Tumova
Type and Venue: (Conference) 33rd IEEE Intelligent Vehicles Symposium (IV22)
Abstract: Safe driving requires autonomous vehicles to anticipate potential hidden traffic participants and other unseen objects, such as a cyclist hidden behind a large vehicle, or an object on the road hidden behind a building. Existing methods are usually unable to consider all possible shapes and orientations of such obstacles. They also typically do not reason about observations of hidden obstacles over time, leading to conservative anticipations. We overcome these limitations by (1) modeling possible hidden obstacles as a set of states of a point mass model and (2) sequential reasoning based on reachability analysis and previous observations. Based on (1), our method is safer, since we anticipate obstacles of arbitrary unknown shapes and orientations. In addition, (2) increases the available drivable space when planning trajectories for autonomous vehicles. In our experiments, we demonstrate that our method, at no expense of safety, gives rise to significant reductions in time to traverse various intersection scenarios from the CommonRoad Benchmark Suite.
Correct Me If I’m Wrong: Using Non-Experts to Repair Reinforcement Learning Policies
Authors: Sanne van Waveren, Christian Pek, Jana Tumova, Iolanda Leite
Type and Venue: (Conference) 8th ACM Cyber-Physical System Security Workshop (CPSS2022)
Abstract: Reinforcement learning has shown great potential for learning sequential decision-making tasks. Yet, it is difficult to anticipate all possible real-world scenarios during training, causing robots to inevitably fail in the long run. Many of these failures are due to variations in the robot’s environment. Usually experts are called to correct the robot’s behavior; however, some of these failures do not necessarily require an expert to solve them. In this work, we query non-experts online for help and explore 1) if/how non-experts can provide feedback to the robot after a failure and 2) how the robot can use this feedback to avoid such failures in the future by generating shields that restrict or correct its high-level actions. We demonstrate our approach on common daily scenarios of a simulated kitchen robot. The results indicate that non-experts can indeed understand and repair robot failures. Our generated shields accelerate learning and improve data-efficiency during retraining.
Finding Critical Scenarios for Automated Driving Systems: A Systematic Literature Review
Authors: Xinhai Zhang, Jianbo Tao, Kaige Tan, Martin Törngren, José Manuel Gaspar Sánchez, Muhammad Rusyadi Ramli, Xin Tao, Magnus Gyllenhammar, Franz Wotawa, Naveen Mohan, Mihai Nica, Hermann Felbinger
Type and Venue: (Journal) IEEE Transactions on Software Engineering
Abstract: Scenario-based approaches have been receiving a huge amount of attention in research and engineering of automated driving systems. Due to the complexity and uncertainty of the driving environment, and the complexity of the driving task itself, the number of possible driving scenarios that an ADS or ADAS may encounter is virtually infinite. Therefore it is essential to be able to reason about the identification of scenarios and in particular critical ones that may impose unacceptable risk if not considered. Critical scenarios are particularly important to support design, verification and validation efforts, and as a basis for a safety case. In this paper, we present the results of a systematic literature review in the context of autonomous driving. The main contributions are: (i) introducing a comprehensive taxonomy for critical scenario identification methods; (ii) giving an overview of the state-of-the-art research based on the taxonomy encompassing 86 papers between 2017 and 2020; and (iii) identifying open issues and directions for further research. The provided taxonomy comprises three main perspectives encompassing the problem definition (the why), the solution (the methods to derive scenarios), and the assessment of the established scenarios. In addition, we discuss open research issues considering the perspectives of coverage, practicability, and scenario space explosion.
Industrial Edge-based Cyber-Physical Systems – application needs and concerns for realization
Authors: Martin Törngren, Haydn Thompson, Rafia Inam, James Gross, György Dán
Type and Venue: (Conference) TEC2021 Worskhop at 6th ACM/IEEE Symposium on Edge Computing (SEC 2021)
Abstract: Industry is moving towards advanced cyber-physical systems, with trends towards smartness, automation, connectivity and collaboration. We examine the drivers and requirements for the use of edge computing in critical industrial applications. Our purpose is to provide a better understanding of industrial needs and to initiate a discussion on what role edge computing could take, complementing current industrial and embedded systems, and the cloud. Four domains are chosen for analysis with representative use-cases; manufacturing, transportation, the energy sector and networked applications in the defense domain. We further discuss challenges, open issues and suggested directions that are needed to pave the way the use of edge computing in industrial CPS.
Risk-Aware Motion Planning in Partially Known Environments
Authors: Fernando S. Barbosa, Bruno Lacerdo, Paul Duckworth, Jana Tumova, Nick Hawes
Type and Venue: (Conference) IEEE 60th Conference on Decision and Control (CDC2021)
Abstract: Recent trends envisage robots being deployed inareas deemed dangerous to humans, such as buildings with gasand radiation leaks. In such situations, the model of the underlying hazardous process might be unknown to the agent a priori, giving rise to the problem of planning for safe behaviour inpartially known environments. We employ Gaussian Process regression to create a probabilistic model of the hazardous process from local noisy samples. The result of this regression is then used by a risk metric, such as the Conditional Value-at-Risk, to reason about the safety at a certain state. The outcome is a risk function that can be employed in optimal motion planning problems. We demonstrate the use of the proposed function in two approaches. First is a sampling-based motion planning algorithm with an event-based trigger for online replanning. Second is an adaptation to the incremental Gaussian Process motion planner (iGPMP2), allowing it to quickly react and adapt to the environment. Both algorithms are evaluated in representative simulation scenarios, where they demonstrate the ability of avoiding high-risk areas.
Advanced Far Field EM Side-Channel Attack on AE
Authors: Ruize Wang, Huanyu Wang, Elena Dubrova, Martin Brisfors
Type and Venue: (Conference) 7th ACM Cyber-Physical System Security Workshop (CPSS)
Abstract: Several attacks on AES using far field electromagnetic (EM) emission as a side channel have been recently presented. Unlike power analysis or near filed EM analysis, far field EM attacks do not require a close physical proximity to the device under attack. However, in all previous attacks traces for the profiling stage are also captured at a distance (fixed or variable) from the profiling devices. This degenerates the quality of profiling traces due to noise and interference. In this paper, we train deep learning models on “clean” traces, captured through a coaxial cable. Our experiments show that the resulting models can extract the AES key from less than 500 traces on average captured at 15 m from the victim device without repeating each encryption more than once. This is a 20-fold improvement over the previous attacks which require about 10K traces for the same conditions.
Can Deep Learning Break a True Random Number Generator?
Authors: Yang Yu, Michail Moraitis, Elena Dubrova
Type and Venue: (Journal) IEEE Transactions on Circuits and Systems II: Express Briefs (TCAS-II)
Abstract: True Random Number Generators (TRNGs) create a hardware-based, non-deterministic noise that is used for generating keys, initialization vectors, and nonces in a variety of applications requiring cryptographic protection. A compromised TRNG may lead to a system-wide loss of security. In this brief, we show that an attack combining power analysis with bitstream modification is capable of classifying the output bits of a TRNG implemented in FPGAs from a single power measurement. We demonstrate the attack on the example of an open source AIS-20/31 compliant ring oscillator-based TRNG implemented in Xilinx Artix-7 28nm FPGAs. The combined attack opens a new attack vector which makes possible what is not achievable with pure bitstream modification or side-channel analysis.
Energy-Optimal Sampling and Processing of Edge-Based Feedback Systems
Authors: Vishnu Moothedath, Jaya Champati, James Gross
Type and Venue: (Conference) IEEE International Conference on Communications Workshops; (Journal) IEEE Transactions on Mobile Computing
Abstract: We study a problem of optimizing the sampling interval in an edge-based feedback system, where sensor samples are offloaded to a back-end server which process them and generates a feedback that is fed-back to a user. Sampling the system at maximum frequency results in the detection of events of interest with minimum delay but incurs higher energy costs due to the communication and processing of some redundant samples. On the other hand, lower sampling frequency results in a higher delay in detecting an event of interest thus increasing the idle energy usage and degrading the quality of experience. We propose a method to quantify this trade-off and compute the optimal sampling interval, and use simulation to demonstrate the energy savings.
Joint Resource Dimensioning and Placement for Dependable Virtualized Services in Mobile Edge Clouds
Authors: Peiyue Zhao, György Dán
Type and Venue: (Journal) IEEE Trans. on Mobile Computing
Abstract: Mobile edge computing (MEC) is an emerging architecture for accommodating latency sensitive virtualized services (VSs). Many of these VSs are expected to be safety critical, and will have some form of reliability requirements. In order to support provisioning reliability to such VSs in MEC in an efficient and confidentiality preserving manner, in this paper we consider the joint resource dimensioning and placement problem for VSs with diverse reliability requirements, with the objective of minimizing the energy consumption. We formulate the problem as an integer programming problem, and prove that it is NP-hard. We propose a two-step approximation algorithm with bounded approximation ratio based on Lagrangian relaxation. We benchmark our algorithm against two greedy algorithms in realistic scenarios. The results show that the proposed solution is computationally efficient, scalable and can provide up to 30% reduction in energy consumption compared to greedy algorithms.
Resilient Resource Allocation for Service Placement in Mobile Edge Clouds
Author: Peiyue Zhao
Type and Venue: PhD thesis
Read more or download as PDF here: http://kth.diva-portal.org/smash/get/diva2:1538664/FULLTEXT01.pdf
Abstract: Mobile edge computing makes available distributed computation and storage resources in close proximity to end users and allows to provide low-latency and high-capacity services within mobile networks. Therefore, mobile edge computing is emerging as a promising architecture for hosting critical services with stringent latency and performance requirements, which otherwise are challenging to be addressed in conventional cloud computing architectures. Notable use cases of mobile edge computing include real-time data analytic services, industrial process control, and computation offloading for Internet of things devices. However, those services rely on efficient resource management, including resource dimensioning and service placement, and require to be resilient to cyber-attacks, to faulty components and to operation mistakes. The work in this thesis proposes models of resilient resource management that support rapid response to incidents in mobile edge computing and develops efficient algorithms for the resulting resource management problems.
Nordic Industrial IoT Roadmap: Research and Innovation for the Green Transition
Editors: Paul Pop, Martin Törngren
Type and Venue: Nordic Industrial IoT Roadmap
Read more or download as PDF here: http://www.nordic-iot.org/roadmap/
Abstract: Five Nordic universities have developed a roadmap on Industrial IoT (IIoT). IIoT is a key enabling technology for the green transition, bringing together several technological paradigms, from smart electronic components, 5G technologies, to AI and Edge Computing. The roadmap supplements the existing European roadmaps released recently, however, since the Nordic countries are far ahead on digitalization compared to the rest of Europe it calls for specific Nordic measures. According to the EU’s digital DESI index the Nordic countries are ranked at numbers one, two, three and four within the EU. Therefore, the Nordic countries are years ahead of their EU counterparts in the digital roll out of implementing digital services and infrastructure. The Nordic roadmap suggests several measures to be pursued in the next decade.
Cyber-Physical Systems have Far-reaching Implications
Type and Venue: HIPEAC Roadmap
Read more or download as PDF here: https://www.hipeac.net/vision/2021/
Abstract: Our world is evolving very rapidly, both from the technological point of view – with impressive advances in articial intelligence and new hardware challenging longstanding PC hardware traditions, for example – and as a result of unexpected events. e year 2020 was quite exceptional, an annus horribilis, according to some. It is hard to disagree with this statement, but every dark cloud has a silver lining. 2020 was also the year that accelerated digital transformation beyond what could have been imagined in 2019. Vaccine development happened faster than would ever have been conceivable a year ago, digital payment became the norm for many people and e-commerce and online sales threatened brick and mortar shops. Employees were encouraged to work from home – with its advantages and disadvantages, videoconferencing became the de facto way to interact with both family and colleagues, schools were forced to experiment with distance learning. e list goes on. Aer living for over a year in an online world, most people will not return completely to the “old normal”. ey will go for a combination of the “old normal” and things they discovered and experimented with in the circumstances forced upon us by COVID-19; they might keep their home oce on some days, and be in the workplace on other days. Higher education will certainly also continue to offer online teaching. The rapidly evolving digital world has also had an impact on the HiPEAC Vision: updating it every two years no longer seems quite in keeping with the speed of the evolution of computing systems. erefore, we decided to move from producing a large roadmap document every other year, to an agile, rapidly evolving electronic magazine-like set of articles.
An FPGA Implementation of 4 x 4 Arbiter PUF
Authors: Can Aknesil, Elena Dubrova
Type and Venue: (Conference) 51st IEEE International Symposium on Multiple-Valued Logic (ISMVL’2021)
Links to DOI (if available) and/or PDF:
Also a full Master thesis (2020.08), downloadable as a PDF: http://kth.diva-portal.org/smash/record.jsf?pid=diva2%3A1460662&dswid=-5569
Abstract: The need of protecting data and bitstreams increasesin computation environments such as FPGA as a Service (FaaS). Physically Unclonable Functions (PUFs) have been proposedas a solution to this problem. In this paper, we present animplementation of Arbiter PUF with 4×4 switch blocksin Xilinx Series 7 FPGA, perform its statistical analysis, andcompare it to other Arbiter PUF variants. We show that thepresented implementation utilizes five times less area than 2×2 Arbiter PUF-based implementations. It is suitable for manyreal-world applications, including identification, authentication,key provisioning, and random number generation.
Caching Policies over Unreliable Channels
Authors: Paulo Sena, Igor Carvalho, Antonio Abelem, György Dán, Daniel Menasche, Don Towsley
Type and Venue: (Conference) WiOpt 2020 Workshop on Content Caching and Data Delivery over Wireless Networks (CCDWN)
Read more or download as PDF here: https://people.kth.se/~gyuri/Pub/SenaCADMT_CCDWN2020_UnreliableCaching.pdf
Abstract: Recently, there has been substantial progress in the formal understanding of how caching resources should be allocated when multiple caches each deploy the common LRU policy. Nonetheless, the role played by caching policies beyond LRU in a networked setting where content may be replicated across multiple caches and where channels are unreliable is still poorly understood. In this paper, we investigate this issue by first analyzing the cache miss rate in a system with two caches of unit size each, for the LRU, and the LFU caching policies, and their combination. Our analytical results show that joint use of the two policies outperforms LRU, while LFU outperforms all these policies whenever resource pooling is not optimal. We provide empirical results with larger caches to show that simple alternative policies, such as LFU, provide superior performance compared to LRU even if the space allocation is not fine tuned. We envision that fine tuning the cache space used by such policies may lead to promising additional gains.
Federated Learning in Side-Channel Analysis
Authors: Elena Dubrova, Huanyu Wang
Type and Venue: (Conference) International Conference on Information Security and Cryptology 2020
Link to DOI: https://doi.org/10.1007/978-3-030-68890-5_14
Abstract: Recently introduced federated learning is an attractive framework for the distributed training of deep learning models with thousands of participants. However, it can potentially be used with malicious intent. For example, adversaries can use their smartphones to jointly train a classifier for extracting secret keys from the smartphones’ SIM cards without sharing their side-channel measurements with each other. With federated learning, each participant might be able to create a strong model in the absence of sufficient training data. Furthermore, they preserve their anonymity. In this paper, we investigate this new attack vector in the context of side-channel attacks. We compare the federated learning, which aggregates model updates submitted by N participants, with two other aggregating approaches: (1) training on combined side-channel data from N devices, and (2) using an ensemble of N individually trained models. Our first experiments on 8-bit Atmel ATxmega128D4 microcontroller implementation of AES show that federated learning is capable of outperforming the other approaches.
Tandem Deep Learning Side-Channel Attack on FPGA Implementation of AES
Authors: Huanyu Wang, Elena Dubrova
Type and Venue: (Conference) IEEE International Symposium on Smart Electronic Systems (iSES 2020)
Link to DOI: 10.1109/iSES50453.2020.00041
Abstract: The majority of recently demonstrated deep-learning side-channel attacks use a single neural network classifier to recover the key. The potential benefits of combining multiple classifiers with ensemble learning method have not been fully explored in the side-channel attack’s context. In this paper, we show that, by combining several CNN classifiers which use different attack points, it is possible to considerably reduce (more than 40% on average) the number of traces required to recover the key from an FPGA implementation of AES by power analysis. We also show that not all combinations of classifiers improve the attack efficiency.
A Permissioned Blockchain based Feature Management System for Assembly Devices
Authors: Lifei Tang, Martin Törngren, Lihui Wang
Type and Venue: (Journal) IEEE Access
Links to DOI (if available) and/or PDF: DOI: 10.1109/ACCESS.2020.3028606
Abstract: With the increasing spread and adoption of electronics and software as integral parts of all kinds of physical devices, such devices are becoming controlled by their embedded software. Correspondingly, the manufacturing business has started the transition from selling hardware to selling features (e.g. “insane mode” and “ludicrous mode” in Tesla Model S). Consequently, a trustworthy system to automate such a process becomes essential. This article introduces a permissioned blockchain-based feature management system for assembly devices. Firstly, it leverages software licensing technology to control assembly devices’ features. Secondly, by recording the license ownership transaction data in a permissioned blockchain, the approach (1) takes advantage of blockchain’s trust mechanism and its distributed nature to improve the trustworthiness of the feature management system, and (2) adopts the permissioned blockchain technology to ensure that the license transactions are only visible and applicable to authenticated actors. We further describe an implementation, a proof-of-concept evaluation focusing on functionality and performance, as well as a security analysis.
Bitstream Modification with Interconnect In Mind
Authors: Michail Moraitis, Elena Dubrova
Type and Venue: (Conference) Hardware and Architectural Support for Security and Privacy Workshop (HASP’2020)
Links to DOI (if available) and/or PDF: https://caslab.csl.yale.edu/workshops/hasp2020/
Abstract: Bitstream reverse engineering is traditionally associated with Intellectual Property (IP) theft. Another, less known, threat deriving from that is bitstream modification attacks. It has been shown that the secret key can be extracted from FPGA implementations of cryp-tographic algorithms by injecting faults directly into the bitstream. Such bitstream modification attacks rely on changing the content of Look Up Tables (LUTs). Therefore, related counter measures aim to make the task of identifying a LUT more difficult (e.g. by masking LUT content). However, recent advances in FPGA reverse engineering revealed information on how interconnects are encoded in the bitstream of Xilinx 7 series FPGAs. In this paper, we show that this knowledge can be used to break or weaken existing counter measures, as well as improve existing attacks. Furthermore, a straight-forward attack that re-routes the key to an output pin becomes possible. We demonstrate our claims on an FPGA implementationof SNOW 3G stream cipher, a core algorithm for confidentiality and integrity used in several 3GPP wireless communication standards, including the new Next Generation 5G.