Holden Gordon

Holden Gordon, Thomas Lyp, Calvin Kimbro et al.

In this paper, we propose flash-based hardware security primitives as a viable solution to meet the security challenges of the IoT and specifically telehealth markets. We have created a novel solution, called the High and Low (HaLo) method, that generates physical unclonable function (PUF) signatures based on process variations within flash memory in order to uniquely identify and authenticate remote sensors. The HaLo method consumes 60% less power than conventional authentication schemes, has an average latency of only 39ms for signature generation, and can be readily implemented through firmware on ONFI 2.2 compliant off-the-shelf NAND flash memory chips. The HaLo method generates 512 bit signatures with an average error rate of 5.9 * 10^-4, while also adapting for flash chip aging. Due to its low latency, low error rate, and high power efficiency, the HaLo method could help progress the field of remote patient monitoring by accurately and efficiently authenticating remote health sensors.

Holden Gordon, Conrad Park, Bhagyashri Tushir et al.

With the rise in Internet of Things (IoT) devices, home network management and security are becoming complex. There is an urgent requirement to make smart home network management efficient. This work proposes an SDN-based architecture to secure smart home networks through K-Nearest Neighbor (KNN) based device classifications and malicious traffic detection. The efficiency is further enhanced by offloading the computation-intensive KNN model to Field Programmable Gate Arrays (FPGA), which offers parallel processing power of GPU platforms at lower costs and higher efficiencies, and can be used to accelerate time-sensitive tasks. The proposed parallelization and implementation of KNN on FPGA are achieved by using the Vivado Design Suite from Xilinx and High-Level Synthesis (HLS). When optimized with 10-fold cross-validation, the proposed solution for KNN consistently exhibits the best performances on FPGA when compared with four alternative KNN instances (i.e., 78% faster than the parallel bubble sort-based implementation and 99\% faster than the other three sorting algorithms). Moreover, with 36,225 training samples, the proposed KNN solution classifies a test query with 95% accuracy in approximately 4 milliseconds on FPGA compared to 57 seconds on a CPU platform.

Holden Gordon, Christopher Batula, Bhagyashri Tushir et al.

IoT devices have become popular targets for various network attacks due to their lack of industry-wide security standards. In this work, we focus on smart home IoT device identification and defending them against Distributed Denial of Service (DDoS) attacks. The proposed framework protects smart homes by using VLAN-based network isolation. This architecture has two VLANs: one with non-verified devices and the other with verified devices, both of which are managed by the SDN controller. Lightweight stateless flow-based features, including ICMP, TCP, and UDP protocol percentage, packet count and size, and IP diversity ratio, are proposed for efficient feature collections. Further analysis is performed to minimize training data to run on resource-constrained edge devices in smart home networks. Three popular machine learning algorithms, including K-Nearest-Neighbors, Random Forest, and Support Vector Machines, are used to classify IoT devices and detect different types of DDoS attacks, including TCP-SYN, UDP, and ICMP. The system's effectiveness and efficiency are evaluated by emulating a network consisting of an Open vSwitch, Faucet SDN controller, and several IoT device traces from two different testbeds.