Small Office/Home Office (SOHO) devices are widely popular, yet often attacked due to security vulnerabilities in their firmware, affecting thousands of devices. These security vulnerabilities often stem from outdated Linux kernel versions included in SOHO device firmware. Naturally, prior work audited the extent and impact of this issue by simple Linux version extraction and version number based vulnerability mapping. However, it is unclear how many of these anticipated vulnerabilities actually exist in the heavily customized SOHO kernels and if there are any barriers towards updating Linux kernels in SOHO firmwares. To address this gap, we uncover actual kernel-related vulnerabilities found in 306 SOHO devices using a high-precision template-based CVE detection mechanism on GPL source releases of more than 900 firmwares from these devices. Next, as a first, we traced the supply chain of these vulnerable SOHO devices at scale and identify kernel lock-in as a significant security issue -- SOHO vendors are effectively locked to specific (often older) kernel versions due to the system-on-chip (SoC) SDKs they use. This kernel lock-in produces a vulnerability debt that is inherited alo
The Internet of Things (IoT) has garnered significant interest in both research and industry due to its profound impact on human life. The rapid expansion of IoT technology has ushered in smart healthcare, smart devices, smart cities, and smart grids. However, the security of IoT devices, particularly in healthcare, has become a major concern, with recent attacks revealing serious vulnerabilities. In IoT networks, where connected devices are susceptible to resource-constraint attacks, such as energy consumption attacks, security is paramount. This paper explores the impact of Distributed Denial of Service (DDoS) and Fake Access Points (F-APs) attacks on WiFi-enabled smart healthcare devices. Specifically, it investigates how these attacks can disrupt service on victim devices and Access Points (APs), focusing on device connectivity and energy consumption during attacks. Key findings include identifying the attack rates of DDoS attacks that disrupt services and quantifying the energy consumption impact of Energy Consumption Distributed Denial of Service (EC-DDoS) and F-APs attacks on smart healthcare devices. The study highlights communication protocols, attack rates, payload sizes,
We present a robust and composable device-independent (DI) quantum protocol between two parties for oblivious transfer (OT) using Magic Square devices in the bounded storage model in which the (honest and cheating) devices and parties have no long-term quantum memory. After a fixed constant (real-world) time interval, referred to as DELAY, the quantum states decohere completely. The adversary (cheating party), with full control over the devices, is allowed joint (non-IID) quantum operations on the devices, and there are no time and space complexity bounds placed on its powers. The running time of the honest parties is polylog(λ) (where λ is the security parameter). Our protocol has negligible (in λ) correctness and security errors and can be implemented in the NISQ (Noisy Intermediate Scale Quantum) era. By robustness, we mean that our protocol is correct even when devices are slightly off (by a small constant) from their ideal specification. This is an important property since small manufacturing errors in the real-world devices are inevitable. Our protocol is sequentially composable and, hence, can be used as a building block to construct larger protocols (including DI bit-commit
Consumer Internet of Things (IoT) devices often leverage the local network to communicate with the corresponding companion app or other devices. This has benefits in terms of efficiency since it offloads the cloud. ENISA and NIST security guidelines underscore the importance of enabling default local communication for safety and reliability. Indeed, an IoT device should continue to function in case the cloud connection is not available. While the security of cloud-device connections is typically strengthened through the usage of standard protocols, local connectivity security is frequently overlooked. Neglecting the security of local communication opens doors to various threats, including replay attacks. In this paper, we investigate this class of attacks by designing a systematic methodology for automatically testing IoT devices vulnerability to replay attacks. Specifically, we propose a tool, named REPLIOT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices. We perform thousands of automated experiments using popular commercial devices spanning various vendors and categories. Notably, our study reveals that among these devices
Neuromorphic computing aims to develop energy-efficient devices that mimic biological synapses. One promising approach involves memristive devices that can dynamically adjust their electrical resistance in response to stimuli, similar to synaptic weight changes in the brain. However, a key challenge is understanding and controlling the coexistence of different types of synaptic plasticity, such as short-term and long-term plasticity. In this work, we show that plasticity behaviors in Co/Nb:STO Schottky memristors originate from oxygen vacancy electromigration, which modulates the Schottky barrier and enables both short-term and long-term plasticity. Our experiments reveal that resistance changes follow a power-law during reading (short-term plasticity) and increase stepwise with successive pulses (long-term memory retention). These behaviors are successfully reproduced by our model, which demonstrates the correlation between oxygen vacancy distribution and Schottky barrier modulation. Our findings highlight these memristors as promising candidates for neuromorphic applications.
With the rapid development of Internet of Things (IoT) technology, intelligent systems are increasingly integrating into everyday life and people's homes. However, the proliferation of these technologies raises concerns about the security of smart home devices. These devices often face resource constraints and may connect to unreliable networks, posing risks to the data they handle. Securing IoT technology is crucial due to the sensitive data involved. Preventing energy attacks and ensuring the security of IoT infrastructure are key challenges in modern smart homes. Monitoring energy consumption can be an effective approach to detecting abnormal behavior and IoT cyberattacks. Lightweight algorithms are necessary to accommodate the resource limitations of IoT devices. This paper presents a lightweight technique for detecting energy consumption attacks on smart home devices by analyzing received packets. The proposed algorithm considers TCP, UDP, and MQTT protocols, as well as device statuses (Idle, active, under attack). It accounts for resource constraints and promptly alerts administrators upon detecting an attack. The proposed approach effectively identifies energy consumption at
The number of wireless devices is drastically increasing, resulting in many devices contending for radio resources. In this work, we present an algorithm to detect active devices for unsourced random access, i.e., the devices are uncoordinated. The devices use a unique, but non-orthogonal preamble, known to the network, prior to sending the payload data. They do not employ any carrier sensing technique and blindly transmit the preamble and data. To detect the active users, we exploit partial channel state information (CSI), which could have been obtained through a previous channel estimate. For static devices, e.g., Internet of Things nodes, it is shown that CSI is less time-variant than assumed in many theoretical works. The presented iterative algorithm uses a maximum likelihood approach to estimate both the activity and a potential phase offset of each known device. The convergence of the proposed algorithm is evaluated. The performance in terms of probability of miss detection and false alarm is assessed for different qualities of partial CSI and different signal-to-noise ratio.
Replacing conventional devices with smart ones has many advantages, e.g., a seamless integration of physical objects into the users digital environment or improved modes of use. However, if a conventional device is replaced by a smart device, its IT components can cause risks, that shorten the life of the device. Such risks stem from different life cycles of embedded soft- and hardware, libraries and protocols used, and the IT ecosystem required. This is problematic, because many conventional household appliances, say, a fridge or TV, have a much longer life span than typical IT equipment. In this paper, we use a systematic approach to identify long-term risks for the operational life span of a smart fridge. In particular, we identify 8 different use cases of three typical smart fridges, e.g., cooling or managing "best before" dates. We model the IT ecosystem needed to run these use cases, and we inspect each asset in this ecosystem for potential long-term risks. We found that even cooling, the most basic use case, is at risk in the long run. This is because the setting cooling parameters may depend on parts of the IT ecosystem that are not under the users control. On the other han
Detecting and characterising vehicles is one of the purposes of embedded systems used in intelligent environments. An analysis of a vehicle characteristics can reveal inappropriate or dangerous behaviour. This detection makes it possible to sanction or notify emergency services to take early and practical actions. Vehicle detection and characterisation systems employ complex sensors such as video cameras, especially in urban environments. These sensors provide high precision and performance, although the price and computational requirements are proportional to their accuracy. These sensors offer high accuracy, but the price and computational requirements are directly proportional to their performance. This article introduces a system based on modular devices that is economical and has a low computational cost. These devices use ultrasonic sensors to detect the speed and length of vehicles. The measurement accuracy is improved through the collaboration of the device modules. The experiments were performed using multiple modules oriented to different angles. This module is coupled with another specifically designed to detect distance using previous modules speed and length data. The
The integration of medical devices in everyday life prompts the idea that these devices will increasingly have evidential value in civil and criminal proceedings. However, the investigation of these devices presents new challenges for the digital forensics community. Previous research has shown that mobile devices provide investigators with a wealth of information. Hence, mobile devices that are used within medical environments potentially provide an avenue for investigating and analyzing digital evidence from such devices. The research contribution of this paper is twofold. First, it provides an empirical analysis of the viability of using information from smartphone applications developed to complement a medical device, as digital evidence. Second, it includes documentation on the artifacts that are potentially useful in a digital forensics investigation of smartphone applications that interact with medical devices.
The concept of Internet of Things (IoT) has become more popular in the modern era of technology than ever before. From small household devices to large industrial machines, the vision of IoT has made it possible to connect the devices with the physical world around them. This increasing popularity has also made the IoT devices and applications in the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of the IoT devices. One interesting emerging threat vector is the attacks that abuse the use of sensors on IoT devices. IoT devices are vulnerable to sensor-based threats due to the lack of proper security measurements available to control use of sensors by apps. By exploiting the sensors (e.g., accelerometer, gyroscope, microphone, light sensor, etc.) on an IoT device, attackers can extract information from the device, transfer malware to a device, or trigger a malicious activity to compromise the device. In this survey, we explore various threats targeting IoT devices and discuss how their sensors can be abused for malicious purposes. Specifically, we present a detailed survey about existing se
Variability in memristive devices based on h-BN dielectrics is studied in depth. Different numerical techniques to extract the reset voltage are described and the corresponding cycle-to-cycle variability is characterized by means of the coefficient of variance. The charge-flux domain was employed to develop one of the extraction techniques, the calculation of the integrals of current and voltage to obtain the charge and flux allows to minimize the effects of electric noise and the inherent stochasticity of resistive switching on the measurement data. A model to reproduce charge versus flux curves has been successfully employed. The device variability is also described by means of the time series analysis to assess the memory effect along a resistive switching series. Finally, we analyzed I-V curves under ramped voltage stress utilizing a simulator based on circuit breakers, the formation and rupture of the percolation paths that constitute the conductive nanofilaments is studied to describe the set and reset processes behind the resistive switching operation.
The National Science Foundation has identified a new thrust area in Quantum, Molecular and High Performance Modeling and Simulation for Devices and Systems (QMHP) in its core program. The main purpose of this thrust area is to capture scientific opportunities that result from new fundamental cross-cutting research involving three core research communities: (1) experts in modeling and simulation of electronic devices and systems; (2) high performance computing relevant to devices and systems; and (3) the quantum many-body principles relevant to devices and systems. ECCS is especially interested in learning how work in these areas could enable whole new classes of systems or devices, beyond what is already under development in existing mainstream research. The workshop helped identify technical areas that will enable fundamental breakthroughs in the future. Modeling and simulation in the electronics and optoelectronics areas, in general, have already resulted in important fundamental scientific understanding and advances in design and development of devices and systems. With the increasing emphasis on the next generation of devices and systems at the nano, micro, and macro scales and
This paper provides a brief introduction to the phenomenological aspects of the polarization in ferrroelectric materials, and then an analysis of a few selected topics related to the modelling of ferroelectrics. The description of ferroelectric-based devices is quite challenging, particularly because the ferroelectric is frequently stacked with other dielectrics or with a semiconductor, as opposed to being placed between metal electrodes. Predictive modelling of ferroelectric devices is admittedly difficult, and thus the scrutiny and calibration of the models by comparison to sound experimental data is of paramount importance.
Multiple logic devices are presently under study within the Nanoelectronic Research Initiative (NRI) to carry the development of integrated circuits beyond the CMOS roadmap. Structure and operational principles of these devices are described. Theories used for benchmarking these devices are overviewed, and a general methodology is described for consistent estimates of the circuit area, switching time and energy. The results of the comparison of the NRI logic devices using these benchmarks are presented.
This paper describes a robust, modular, and physics- based circuit framework to model conventional and emerging Magnetic Tunnel Junction (MTJ) devices. Magnetization dynamics are described by the stochastic Landau-Lifshitz-Gilbert (sLLG) equation whose results are rigorously benchmarked with a Fokker-Planck Equation (FPE) description of magnet dynamics. We then show how sLLG is coupled to transport equations of MTJ-based devices in a unified circuit platform. Step by step, we illustrate how the physics-based MTJ model can be extended to include different spintronics phenomena, including spin-transfer-torque (STT), voltage-control of magnetic anisotropy (VCMA) and spin-orbit torque (SOT) phenomena by experimentally benchmarked examples. To demonstrate how our approach can be used in the exploration of novel MTJ-based devices, we also present a recently proposed MEMS resonator- driven spin-torque nano oscillator (STNO) that can reduce the phase noise of STNOs. We briefly elaborate on the use of our framework beyond conventional devices.
This work investigates the possibilities enabled by federated learning concerning IoT malware detection and studies security issues inherent to this new learning paradigm. In this context, a framework that uses federated learning to detect malware affecting IoT devices is presented. N-BaIoT, a dataset modeling network traffic of several real IoT devices while affected by malware, has been used to evaluate the proposed framework. Both supervised and unsupervised federated models (multi-layer perceptron and autoencoder) able to detect malware affecting seen and unseen IoT devices of N-BaIoT have been trained and evaluated. Furthermore, their performance has been compared to two traditional approaches. The first one lets each participant locally train a model using only its own data, while the second consists of making the participants share their data with a central entity in charge of training a global model. This comparison has shown that the use of more diverse and large data, as done in the federated and centralized methods, has a considerable positive impact on the model performance. Besides, the federated models, while preserving the participant's privacy, show similar results
Topological insulator field-effect transistors (TIFETs) built on 2-D quantum spin Hall insulators are being considered as advanced logic transistors due to their potentially superior performance originating from the dissipationless edge transport. This paper presents a device modeling based on the tight-binding model and the nonequilibrium Green's function formalism to simulate the current-voltage characteristics of the TIFETs. We then use the device simulator to demonstrate the effect of channel length on device performance. The device modeling will not only enable a direct estimation of TIFET performance but also shed light on the nontraditional switching operation via the topological phase transition.
This paper presents a novel, compact four-degree-of-freedom motion-tracking device (IMTD) designed for training and evaluation in laparoscopic surgery. The device's kinematics, mechanical design, instrumentation, and prototypes are developed and presented to meet the specific requirements of laparoscopic training context, including movement around a fixed center of motion and seamless integration into standard box trainers. The system IMTD's tracking accuracy and reliability are compared to a motion capture system (MoCap), assessing its ability to capture both angular and translational motions of surgical instruments. The study then focuses on key performance parameters including precision, fluidity, speed, and overall motion efficiency. The results highlight the system's effectiveness in tracking surgical gestures, providing valuable insights into its potential as a tool for training and performance evaluation in minimally invasive surgery. Additionally, IMTD's low cost and integrated design allow for easy integration and implementation in training rooms, offering a practical and accessible solution for general use. By offering objective, real-time feedback, the system can signifi
In this paper, I present SEMIDV - a compact semiconductor device simulator incorporating quantum effects. SEMIDV solves the Poisson-Drift-Diffusion equations for semiconductor devices and provides a user-friendly Python interface for scripting and data analysis. Localization landscape theory is introduced to provide quantum corrections to the Drift-Diffusion equation. This theory directly solves the ground state of the Schrodinger equation without further approximation, offering an efficient solution for quantum effect modeling. Additionally, a compact mobility model considering ballistic transport is developed to capture the ballistic length dependence of mobility and the velocity overshoot effect in short-channel devices. Finally, a study on a nanosheet FET using SEMIDV is conducted. I analyze the electrical characteristics of a state-of-the-art GAA/RibbonFET with a 6 nm gate length and discuss the effects of velocity overshoot and quantum confinement on currents and capacitances. A design for an ultra-short-channel transistor with a gate length down to 4.5 nm with a Vdd = 0.45 V is proposed to push the boundaries of integrated circuit technology further.