msc brainstorm: node hijacking protection for embedded devices using TinyML

[synctext]

brainstorm Not afraid of assembly! Defend: July 2025. Phd ambition?!

First, describe the scope and past occurrences of node hijacks.
From Solarwinds to the recent 1.3 million Android TVs in a botnet. Do you aim to protect from unzip fail of firmware update?

Security frameworks. sandbox where you can run anything. IoT device, build Raspberry pi with TinyML as exemplary use-case?

ToDo

• read Zero-Trust architecture
• Enhancing TinyML Security: Study of Adversarial Attack

Other ideas:

• byzantine faults; Engraft: Enclave-guarded Raft on Byzantine Faulty Nodes
• DNA passport
• Low-level PUF
• Open HSM
• IoT devices, etc.

https://www.enisa.europa.eu/publications/eidas-compliant-eid-solutions/@@download/fullReport

Zero-Trust Architecture for Legal Entities

update: Cars now have firmware and secure boot. In-line with your 'hacking' passion. Toyota cars get stolen using CANbus attack. There is a Tesla bug hunting bounty. Smartphone app opens your car, passport-grade authentication. Link to insurance and question who was driving the car when damage occurred?? 🤔 (more US thing versus EU where things are decently organised). The science: protecting high-value 'portable' computers and firmware {zero-trust}.

update2: V2X tech for "car wifi" in 5.9 GHz band. Police remotely stopping a car is no longer the realm of Sci-Fi movies. See the trail of a "remote car stopping" from the Czech Technical University in Prague and the BUT in Brno and PR stuff from the USA.

• Towards zero trust security in connected vehicles: A comprehensive survey
• A Zero Trust Architecture for Connected and Autonomous Vehicles
• A curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.
• HOW TO BEGIN V2X DEVELOPMENT ON LINUX

ToDo: a draft 1-page research proposal (e.g. the science focus side)

[Kheoss]

Proposal: A Privacy-Preserving Digital Identity System Using DNA Passports and Physical Unclonable Functions (PUFs)
Background and Motivation
As digital identity systems become integral to secure IoT and automotive environments, the need for robust, privacy-preserving authentication has never been greater. Traditional biometric and hardware-based authentication methods present vulnerabilities, either through centralized storage or susceptibility to cloning and tampering. This proposal explores a hybrid identity model combining DNA-based identifiers and Physical Unclonable Functions (PUFs), leveraging the unique properties of both biological and hardware-based identifiers for a decentralized, multi-factor authentication system that is resistant to forgery and highly secure.

Objectives
Develop a Secure DNA-PUF System Architecture: Design an identity framework that binds DNA-based identifiers with PUFs, creating a unique, privacy-preserving multi-factor identity verification system.
Implement Privacy-Preserving DNA Hashing: Ensure DNA information is encoded and stored securely, protecting user privacy while enabling strong, unique identity verification.
Prototype and Evaluate the System: Build a prototype and evaluate the system’s effectiveness in providing secure, decentralized authentication, focusing on IoT and automotive applications.

Possible Methodology
DNA-Based Identifier Generation: Select privacy-friendly DNA markers, create a hashed digital representation, and store this locally on the device, ensuring user privacy.
Device-Based PUF Authentication: Equip devices with PUFs (or simulate PUFs? ) to generate unique, hardware-rooted responses. Each device’s PUF response serves as an unforgeable, repeatable key.
Combined DNA-PUF Authentication: Bind the DNA hash with the PUF response to form a multi-factor identifier. Authentication involves the device presenting both the DNA-based user identity and PUF-derived device identity, ensuring that only authorized users and devices gain access.
Testing and Validation: Develop a prototype for evaluation within a simulated IoT or automotive environment, analyzing performance metrics, security resilience, and privacy preservation (how?).

Expected Outcomes ???

Secure, Decentralized Identity System: A privacy-centric identity model that binds user DNA with device-specific PUF authentication, creating a robust, decentralized system for IoT security.
Enhanced Privacy and Security: Privacy-preserving techniques for DNA data storage and processing, with a multi-factor approach that combines user and device authentication without relying on centralized databases.
A working prototype with results demonstrating its feasibility and effectiveness in environments where strong, privacy-respecting authentication is essential.

To explore: Multi-layered/fine-grain hierarchies may be a nice addition as many authentication systems work more like "I am this device" instead of "I owe this device".

Potential Impact
This DNA-PUF hybrid system for secure digital identity merges advanced biometrics with unique hardware-based identifiers. Its decentralized design makes it suitable for applications in IoT, connected vehicles, and other fields where secure, user-controlled identity management is critical. This research will contribute to the fields of digital identity and privacy, addressing current limitations and setting a foundation for further innovations in secure authentication.

• Unclonable functions based on DNA tools.

• Cancellable / theft locking/ lost device

• Chemical unclonable functions based on operable random DNA pools

[synctext]

Very scary 😨 😮 😨 Solid science for "identity of the future" in a world that is slowly collapsing into chaos.

Passport 2050

Advise: re-write. example:
The world is slowly descending into less democracy, more wars, and increased suffering. Establishing the correctness of information, validity of electronic signatures, owners of object, and identity of humans is becoming a cardinal requirement for global safety. This thesis is exploring identity solutions for the worst-case scenario. Our adversary model is that multiple state-actors will re-organise their economy for sustained attacking of the integrity of liberal democracies. Our requirement is that by 2050 our system could still serve as the foundation for identity and integrity of all our socio-economic systems. By being isolated from most plausible technological breakthrough. This means our solution consists of combining traditional hardware-based PUFs and the frontier of science and unique identification: DNA.

• PUF: eIDAS extreme
• PUF+DNA+openness and accountability: eIDAS Ultra
• FastDNA for eIDAS Ultra authentication

[Kheoss]

13/11/2024: A bit of literature review

Lots of DNA is no-coding DNA ( does not encode protein sequences ), however the 1% that does is interesting.

Concept: Protein-Based DNA Signature Generator

• simulate the process of protein formation from specific DNA segments to create a unique, verifiable signature
• use DNA as input to model protein structure or sequence => complex and biologically authentic way to generate signatures tied to an individual’s DNA ( bio-PUF ? )
• ZKP by simulating the protein/structure formation [transcription] for a challange

Problems:

• how to revoke such identity?
• many papers that might be usefull are new and did not find them (yet) to read in full [ examples:
  Synthesizing DNA molecules with identity-based digital signatures to prevent malicious tampering and enabling source attribution]

DNA encoding schemes herald a new age in cybersecurity for safeguarding digital assets

Cyber Attacks on Power System Automation and Protection and Impact Analysis

A hybrid logistic DNA-based encryption system for securing the Internet of Things patient monitoring systems

A novel DNA-based key scrambling technique for image encryption

[synctext]

Thesis Brainstorm III

"Purple teaming of the upcoming EU EBSI passport-grade digital identity"
EBSI and Europeum are establishing a state-of-the-art identity system to provide an alternative to Big Tech identity systems and traditional paper-based passports. Instead of the usual secrecy the EU has decided on an transparent, open source, and accountable system. The core of the system is formed by Hyperledger Besu. We created a state-of-the-art SIEM tooling for this server. We present a systematic study consisting of running numerous pentests against an actual pre-production EBSI server, configuring SIEM tooling to report these attacks, and devise new attacks. {speculation!} The result is successful resource exhaustion attack against the default Hyperledger configuration used. Due to the complexity and fragility of the smart contract system we successfully made the server unreachable.

SIEM tools provide forensics, not just a intrusion detection system. This project uses a "capture the flag" experience. This angle uses the hard work of building tooling, new defences, reference architecture, security audit, and possibly new attacks. Security audit should not be in the old format of this vunerability, this config detail. This project will provide a state-of-the-art security audit with risk assessment. For instance, in the scenario that EBSI provides foundation for the digital Euro it impacts risk tolerance. Each deployment level will be analysed, including facilitating tokanization. (blue teaming stuff). Your thesis does not critically depend on successfully breaking EBSI security, but you meticulously create the ecosystem for breaking it. Then you can also propose a security fix. Little investigation shows three unresolved active vulnerabilities to hyperledger Besu ecosystem 😱 Client has incorrect conversion. server side has critical error in 32 bit signed and unsigned types in the calculation of available gas.
Danger is that throwing a bunch of open source tools together is not science for a Delft Master thesis. But with unpatched critical server errors for multiple months, there is low-hanging fruit.

ToDo:

• find 20-ish papers of state-of-the-art literature around described draft thesis direction.
• Explore if this is "industry-driven" and thus lacks the transparency, paper publishing, open innovation processes that academics prefer
• Install local hyperledger Besu and reproduce critical vulnerabilities, investigate how EBSI might be impacted.
  • are there Besu smart contracts in EBSI?