Keyvan Ramezanpour

Jithin Jagannath, Keyvan Ramezanpour, Anu Jagannath

Digital twin (DT) technologies have emerged as a solution for real-time data-driven modeling of cyber physical systems (CPS) using the vast amount of data available by Internet of Things (IoT) networks. In this position paper, we elucidate unique characteristics and capabilities of a DT framework that enables realization of such promises as online learning of a physical environment, real-time monitoring of assets, Monte Carlo heuristic search for predictive prevention, on-policy, and off-policy reinforcement learning in real-time. We establish a conceptual layered architecture for a DT framework with decentralized implementation on cloud computing and enabled by artificial intelligence (AI) services for modeling, event detection, and decision-making processes. The DT framework separates the control functions, deployed as a system of logically centralized process, from the physical devices under control, much like software-defined networking (SDN) in fifth generation (5G) wireless networks. We discuss the moment of the DT framework in facilitating implementation of network-based control processes and its implications for critical infrastructure. To clarify the significance of DT in lowering the risk of development and deployment of innovative technologies on existing system, we discuss the application of implementing zero trust architecture (ZTA) as a necessary security framework in future data-driven communication networks.

Jithin Jagannath, Kian Hamedani, Collin Farquhar et al.

Dynamic resource allocation plays a critical role in the next generation of intelligent wireless communication systems. Machine learning has been leveraged as a powerful tool to make strides in this domain. In most cases, the progress has been limited to simulations due to the challenging nature of hardware deployment of these solutions. In this paper, for the first time, we design and deploy deep reinforcement learning (DRL)-based power control agents on the GPU embedded software defined radios (SDRs). To this end, we propose an end-to-end framework (MR-iNet Gym) where the simulation suite and the embedded SDR development work cohesively to overcome real-world implementation hurdles. To prove feasibility, we consider the problem of distributed power control for code-division multiple access (DS-CDMA)-based LPI/D transceivers. We first build a DS-CDMA ns3 module that interacts with the OpenAI Gym environment. Next, we train the power control DRL agents in this ns3-gym simulation environment in a scenario that replicates our hardware testbed. Next, for edge (embedded on-device) deployment, the trained models are optimized for real-time operation without loss of performance. Hardware-based evaluation verifies the efficiency of DRL agents over traditional distributed constrained power control (DCPC) algorithm. More significantly, as the primary goal, this is the first work that has established the feasibility of deploying DRL to provide optimized distributed resource allocation for next-generation of GPU-embedded radios.

Keyvan Ramezanpour, Jithin Jagannath

In this position paper, we discuss the critical need for integrating zero trust (ZT) principles into next-generation communication networks (5G/6G). We highlight the challenges and introduce the concept of an intelligent zero trust architecture (i-ZTA) as a security framework in 5G/6G networks with untrusted components. While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. To the best of our knowledge, this is the first position paper that presents the architectural concept design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. To ensure ease of integration, the envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. Therefore, this work provides novel research directions to design machine learning based components that contribute towards i-ZTA for the future 5G/6G networks.

Keyvan Ramezanpour, Paul Ampadu, William Diehl

Existing side-channel analysis techniques require a leakage model, in the form of a prior knowledge or a set of training data, to establish a relationship between the secret data and the measurements. We introduce side-channel analysis with reinforcement learning (SCARL) capable of extracting data-dependent features of the measurements in an unsupervised learning approach without requiring a prior knowledge on the leakage model. SCARL consists of an auto-encoder to encode the information of power measurements into an internal representation, and a reinforcement learning algorithm to extract information about the secret data. We employ a reinforcement learning algorithm with actor-critic networks, to identify the proper leakage model that results in maximum inter-cluster separation of the auto-encoder representation. SCARL assumes that the lower order components of a generic non-linear leakage model have larger contribution to the leakage of sensitive data. On a lightweight implementation of the Ascon authenticated cipher on the Artix-7 FPGA, SCARL is able to recover the secret key using 24K power traces during the key insertion, or Initialization Stage, of the cipher. We also demonstrate that classical techniques such as DPA and CPA fail to identify the correct key using traditional linear leakage models and more than 40K power traces.

Keyvan Ramezanpour, Paul Ampadu, William Diehl

Existing power analysis techniques rely on strong adversary models with prior knowledge of the leakage or training data. We introduce side-channel analysis with unsupervised learning (SCAUL) that can recover the secret key without requiring prior knowledge or profiling (training). We employ an LSTM auto-encoder to extract features from power traces with high mutual information with the data-dependent samples of the measurements. We demonstrate that by replacing the raw measurements with the auto-encoder features in a classical DPA attack, the efficiency, in terms of required number of measurements for key recovery, improves by 10X. Further, we employ these features to identify a leakage model with sensitivity analysis and multi-layer perceptron (MLP) networks. SCAUL uses the auto-encoder features and the leakage model, obtained in an unsupervised approach, to find the correct key. On a lightweight implementation of AES on Artix-7 FPGA, we show that SCAUL is able to recover the correct key with 3700 power measurements with random plaintexts, while a DPA attack requires at least 17400 measurements. Using misaligned traces, with an uncertainty equal to 20\% of the hardware clock cycle, SCAUL is able to recover the secret key with 12300 measurements while the DPA attack fails to detect the key.

Keyvan Ramezanpour, Paul Ampadu, William Diehl

While modern masking schemes provide provable security against passive side-channel analysis (SCA), such as power analysis, single faults can be employed to recover the secret key of ciphers even in masked implementations. In this paper, we propose random space masking (RS-Mask) as a countermeasure against both power analysis and statistical fault analysis (SFA) techniques. In the RS-Mask scheme, the distribution of all sensitive variables, faulty and/or correct values is uniform, and it therefore protects the implementations against any SFA technique that exploits the distribution of intermediate variables, including fault sensitivity analysis (FSA), statistical ineffective fault analysis (SIFA) and fault intensity map analysis (FIMA). We implement RS-Mask on AES, and show that a SIFA attack is not able to identify the correct key. We additionally show that an FPGA implementation of AES, protected with RS-Mask, is resistant to power analysis SCA using Welch's t-test. The area of the RS-Masked AES is about 3.5 times that of an unprotected AES implementation of similar architecture, and about 2 times that of a known FPGA SCA-resistant AES implementation. Finally, we introduce infective RS-Mask that provides security against differential techniques, such as differential fault analysis (DFA) and differential fault intensity analysis (DFIA), with a slight increase in overhead.