-
Advanced Security Threat Modelling for Blockchain-Based FinTech Applications
Authors:
Serhan W. Bahar
Abstract:
Cybersecurity threats and vulnerabilities continue to grow in number and complexity, presenting an increasing challenge for organizations worldwide. Organizations use threat modelling and bug bounty programs to address these threats, which often operate independently. In this paper, we propose a Metric-Based Feedback Methodology (MBFM) that integrates bug bounty programs with threat modelling to i…
▽ More
Cybersecurity threats and vulnerabilities continue to grow in number and complexity, presenting an increasing challenge for organizations worldwide. Organizations use threat modelling and bug bounty programs to address these threats, which often operate independently. In this paper, we propose a Metric-Based Feedback Methodology (MBFM) that integrates bug bounty programs with threat modelling to improve the overall security posture of an organization. By analyzing and categorizing vulnerability data, the methodology enables identifying root causes and refining threat models to prioritize security efforts more effectively. The paper outlines the proposed methodology and its assumptions and provides a foundation for future research to develop the methodology into a versatile framework. Further research should focus on automating the process, integrating additional security testing approaches, and leveraging machine learning algorithms for vulnerability prediction and team-specific recommendations.
△ Less
Submitted 5 April, 2023;
originally announced April 2023.
-
A Non-invasive Technique to Detect Authentic/Counterfeit SRAM Chips
Authors:
B. M. S. Bahar Talukder,
Farah Ferdaus,
Md Tauhidur Rahman
Abstract:
Many commercially available memory chips are fabricated worldwide in untrusted facilities. Therefore, a counterfeit memory chip can easily enter into the supply chain in different formats. Deploying these counterfeit memory chips into an electronic system can severely affect security and reliability domains because of their sub-standard quality, poor performance, and shorter lifespan. Therefore, a…
▽ More
Many commercially available memory chips are fabricated worldwide in untrusted facilities. Therefore, a counterfeit memory chip can easily enter into the supply chain in different formats. Deploying these counterfeit memory chips into an electronic system can severely affect security and reliability domains because of their sub-standard quality, poor performance, and shorter lifespan. Therefore, a proper solution is required to identify counterfeit memory chips before deploying them in mission-, safety-, and security-critical systems. However, a single solution to prevent counterfeiting is challenging due to the diversity of counterfeit types, sources, and refinement techniques. Besides, the chips can pass initial testing and still fail while being used in the system. Furthermore, existing solutions focus on detecting a single counterfeit type (e.g., detecting recycled memory chips). This work proposes a framework that detects major counterfeit static random-access memory (SRAM) types by attesting/identifying the origin of the manufacturer. The proposed technique generates a single signature for a manufacturer and does not require any exhaustive registration/authentication process. We validate our proposed technique using 345 SRAM chips produced by major manufacturers. The silicon results show that the test scores ($F_{1}$ score) of our proposed technique of identifying memory manufacturer and part-number are 93% and 71%, respectively.
△ Less
Submitted 5 May, 2023; v1 submitted 19 July, 2021;
originally announced July 2021.
-
IndoNLG: Benchmark and Resources for Evaluating Indonesian Natural Language Generation
Authors:
Samuel Cahyawijaya,
Genta Indra Winata,
Bryan Wilie,
Karissa Vincentio,
Xiaohong Li,
Adhiguna Kuncoro,
Sebastian Ruder,
Zhi Yuan Lim,
Syafri Bahar,
Masayu Leylia Khodra,
Ayu Purwarianti,
Pascale Fung
Abstract:
Natural language generation (NLG) benchmarks provide an important avenue to measure progress and develop better NLG systems. Unfortunately, the lack of publicly available NLG benchmarks for low-resource languages poses a challenging barrier for building NLG systems that work well for languages with limited amounts of data. Here we introduce IndoNLG, the first benchmark to measure natural language…
▽ More
Natural language generation (NLG) benchmarks provide an important avenue to measure progress and develop better NLG systems. Unfortunately, the lack of publicly available NLG benchmarks for low-resource languages poses a challenging barrier for building NLG systems that work well for languages with limited amounts of data. Here we introduce IndoNLG, the first benchmark to measure natural language generation (NLG) progress in three low-resource -- yet widely spoken -- languages of Indonesia: Indonesian, Javanese, and Sundanese. Altogether, these languages are spoken by more than 100 million native speakers, and hence constitute an important use case of NLG systems today. Concretely, IndoNLG covers six tasks: summarization, question answering, chit-chat, and three different pairs of machine translation (MT) tasks. We collate a clean pretraining corpus of Indonesian, Sundanese, and Javanese datasets, Indo4B-Plus, which is used to pretrain our models: IndoBART and IndoGPT. We show that IndoBART and IndoGPT achieve competitive performance on all tasks -- despite using only one-fifth the parameters of a larger multilingual model, mBART-LARGE (Liu et al., 2020). This finding emphasizes the importance of pretraining on closely related, local languages to achieve more efficient learning and faster inference for very low-resource languages like Javanese and Sundanese.
△ Less
Submitted 9 October, 2021; v1 submitted 16 April, 2021;
originally announced April 2021.
-
IndoNLU: Benchmark and Resources for Evaluating Indonesian Natural Language Understanding
Authors:
Bryan Wilie,
Karissa Vincentio,
Genta Indra Winata,
Samuel Cahyawijaya,
Xiaohong Li,
Zhi Yuan Lim,
Sidik Soleman,
Rahmad Mahendra,
Pascale Fung,
Syafri Bahar,
Ayu Purwarianti
Abstract:
Although Indonesian is known to be the fourth most frequently used language over the internet, the research progress on this language in the natural language processing (NLP) is slow-moving due to a lack of available resources. In response, we introduce the first-ever vast resource for the training, evaluating, and benchmarking on Indonesian natural language understanding (IndoNLU) tasks. IndoNLU…
▽ More
Although Indonesian is known to be the fourth most frequently used language over the internet, the research progress on this language in the natural language processing (NLP) is slow-moving due to a lack of available resources. In response, we introduce the first-ever vast resource for the training, evaluating, and benchmarking on Indonesian natural language understanding (IndoNLU) tasks. IndoNLU includes twelve tasks, ranging from single sentence classification to pair-sentences sequence labeling with different levels of complexity. The datasets for the tasks lie in different domains and styles to ensure task diversity. We also provide a set of Indonesian pre-trained models (IndoBERT) trained from a large and clean Indonesian dataset Indo4B collected from publicly available sources such as social media texts, blogs, news, and websites. We release baseline models for all twelve tasks, as well as the framework for benchmark evaluation, and thus it enables everyone to benchmark their system performances.
△ Less
Submitted 8 October, 2020; v1 submitted 11 September, 2020;
originally announced September 2020.
-
Towards the Avoidance of Counterfeit Memory: Identifying the DRAM Origin
Authors:
B. M. S. Bahar Talukder,
Vineetha Menon,
Biswajit Ray,
Tempestt Neal,
Md Tauhidur Rahman
Abstract:
Due to the globalization in the semiconductor supply chain, counterfeit dynamic random-access memory (DRAM) chips/modules have been spreading worldwide at an alarming rate. Deploying counterfeit DRAM modules into an electronic system can have severe consequences on security and reliability domains because of their sub-standard quality, poor performance, and shorter life span. Besides, studies sugg…
▽ More
Due to the globalization in the semiconductor supply chain, counterfeit dynamic random-access memory (DRAM) chips/modules have been spreading worldwide at an alarming rate. Deploying counterfeit DRAM modules into an electronic system can have severe consequences on security and reliability domains because of their sub-standard quality, poor performance, and shorter life span. Besides, studies suggest that a counterfeit DRAM can be more vulnerable to sophisticated attacks. However, detecting counterfeit DRAMs is very challenging because of their nature and ability to pass the initial testing. In this paper, we propose a technique to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM) to detect and prevent counterfeit DRAM modules. A silicon evaluation shows that the proposed method reliably identifies off-the-shelf DRAM modules from three major manufacturers.
△ Less
Submitted 8 November, 2019;
originally announced November 2019.
-
PreLatPUF: Exploiting DRAM Latency Variations for Generating Robust Device Signatures
Authors:
B. M. S. Bahar Talukder,
Biswajit Ray,
Domenic Forte,
Md Tauhidur Rahman
Abstract:
Physically Unclonable Functions (PUFs) are potential security blocks to generate unique and more secure keys in low-cost cryptographic applications. Dynamic random-access memory (DRAM) has been proposed as one of the promising candidates for generating robust keys. Unfortunately, the existing techniques of generating device signatures from DRAM is very slow, destructive (destroy the current data),…
▽ More
Physically Unclonable Functions (PUFs) are potential security blocks to generate unique and more secure keys in low-cost cryptographic applications. Dynamic random-access memory (DRAM) has been proposed as one of the promising candidates for generating robust keys. Unfortunately, the existing techniques of generating device signatures from DRAM is very slow, destructive (destroy the current data), and disruptive to system operation. In this paper, we propose \textit{precharge} latency-based PUF (PreLatPUF) that exploits DRAM \textit{precharge} latency variations to generate signatures. The proposed PreLatPUF is fast, robust, least disruptive, and non-destructive. The silicon results from commercially available $DDR3$ chips from different manufacturers show that the proposed key generation technique is at least $ \sim 1,192X$ faster than the existing approaches, while reliably reproducing the key in extreme operating conditions.
△ Less
Submitted 31 July, 2019; v1 submitted 7 August, 2018;
originally announced August 2018.
-
Exploiting DRAM Latency Variations for Generating True Random Numbers
Authors:
B. M. S. Bahar Talukder,
Joseph Kerns,
Biswajit Ray,
Thomas Morris,
Md Tauhidur Rahman
Abstract:
True random number generator (TRNG) plays a vital role in a variety of security applications and protocols. The security and privacy of an asset rely on the encryption, which solely depends on the quality of random numbers. Memory chips are widely used for generating random numbers because of their prevalence in modern electronic systems. Unfortunately, existing Dynamic Random-access Memory (DRAM)…
▽ More
True random number generator (TRNG) plays a vital role in a variety of security applications and protocols. The security and privacy of an asset rely on the encryption, which solely depends on the quality of random numbers. Memory chips are widely used for generating random numbers because of their prevalence in modern electronic systems. Unfortunately, existing Dynamic Random-access Memory (DRAM)-based TRNGs produce random numbers with either limited entropy or poor throughput. In this paper, we propose a DRAM-latency based TRNG that generates high-quality random numbers. The silicon results from Samsung and Micron DDR3 DRAM modules show that our proposed DRAM-latency based TRNG is robust (against different operating conditions and environmental variations) and acceptably fast.
△ Less
Submitted 7 November, 2018; v1 submitted 6 August, 2018;
originally announced August 2018.