Christiana Chamon

Devon A. Kelly, Christiana Chamon

Wide-bandgap (WBG) technologies offer unprecedented improvements in power system efficiency, size, and performance, but also introduce unique sensor corruption and cybersecurity risks in industrial control systems (ICS), particularly due to high-frequency noise and sophisticated cyber-physical threats. This proof-of-concept (PoC) study demonstrates the adaptation of a noise-driven physically unclonable function (PUF) and machine learning (ML)-assisted anomaly detection framework to the demanding environment of WBG-based ICS sensor pathways. By extracting entropy from unavoidable WBG switching noise (up to 100 kHz) as a PUF source, and simultaneously using this noise as a real-time threat indicator, the proposed system unites hardware-level authentication and anomaly detection. Our approach integrates hybrid machine learning (ML) models with adaptive Bayesian filtering, providing robust and low-latency detection capabilities resilient to both natural electromagnetic interference (EMI) and active adversarial manipulation. Through detailed simulations of WBG modules under benign and attack scenarios--including EMI injection, signal tampering, and node impersonation--we achieve 95% detection accuracy and sub-millisecond processing latency. These results demonstrate the feasibility of physics-driven, dual-use noise exploitation as a scalable ICS defense primitive. Our findings lay the groundwork for next-generation security strategies that leverage inherent device characteristics, bridging hardware and artificial intelligence (AI) for enhanced protection of critical ICS infrastructure.

Christiana Chamon

This dissertation demonstrates three new types of attacks against the KLJN scheme. The first attack type is based on compromised RNGs. The first RNG attacks are deterministic. First, Eve knows both noises. She can crack the bit via Ohm's Law and one-bit powers within a fraction of the bit exchange period. Second, Eve knows only Bob's noise, so she can learn Bob's resistance value via Ohm's Law and Alice's resistance at the end of the bit exchange period. She can also use a process of elimination. The second RNG attacks are statistical. First, Eve has partial knowledge of Alice's and Bob's noises. She can crack the bit by taking the highest cross-correlation between her noises and the measured noise in the wire, and by taking the highest cross-correlation between her noises and Alice's/Bob's noises. Second, Eve has partial knowledge of only Alice's noise. She can still crack the bit, but after the bit exchange period. The second attack type is based on thermodynamics. Previously, the KLJN scheme required thermal equilibrium. However, Vadai, et al, in (Nature) Science Reports shows a modified scheme, where there is a non-zero thermal noise, yet the system resists all the known attacks. We utilize coincidence events between the line current and voltage and show that there is non-zero information leak. As soon as thermal equilibrium is restored, the system is perfectly secure again. The final attack type is based on the nonlinearity of the noise generators. We explore the effect of distortion at the second and third orders. It is demonstrated that 1% distortion results in a significant information leak. We also show that decreasing the effective temperature results in the KLJN scheme approaching perfect security.

Christiana Chamon, Shahriar Ferdous, Laszlo B. Kish

This paper introduces and demonstrates four new statistical attacks against the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange scheme. The attacks utilize compromised random number generators at Alice's/Bob's site(s). The case of partial correlations between Alice's/Bob's and Eve's probing noises is explored, that is, Eve's knowledge of Alice's and Bob's noises is limited but not zero. We explore the bilateral situation where Eve has partial knowledge of Alice's and Bob's random number generators. It is shown that in this situation Eve can crack the secure key bit by taking the highest cross-correlation between her probing noises and the measured voltage noise in the wire. She can also crack the secure key bit by taking the highest cross-correlation between her noise voltages and her evaluation of Alice's/Bob's noise voltages. We then explore the unilateral situation in which Eve has partial knowledge of only Alice's random number generator thus only those noises (of Alice and Eve) are correlated. In this situation Eve can still crack the secure key bit, but for sufficiently low error probability, she needs to use the whole bit exchange period for the attack. The security of the KLJN key exchange scheme, similarly to other protocols, necessitates that the random number generator outputs are truly random for Eve.

Christiana Chamon, Laszlo B. Kish

This paper introduces a new attack against the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange scheme. The attack is based on the nonlinearity of the noise generators. We explore the effect of total distortion (TD) at the second order (D2), third order (D3), and a combination of the second and third orders (D2,3) on the security of the KLJN scheme. It is demonstrated that a as little as 1% results in a notable power flow along the information channel, which leads to a significant information leak. We also show that decreasing the effective temperature (that is, the wire voltage) and, in this way reducing nonlinearity, results in the KLJN scheme approaching perfect security.

Christiana Chamon, Laszlo Kish

A secure key distribution (exchange) scheme is unconditionally secure if it is unbreakable against arbitrary technological improvements of computing power and/or any development of new algorithms. There are only two families of experimentally realized and tested unconditionally secure key distribution technologies: Quantum Key Distribution (QKD), the base of quantum cryptography, which utilizes quantum physical photonic features; and the Kirchhoff-Law-Johnson-Noise (KLJN) system that is based on classical statistical physics (fluctuation-dissipation theorem). The focus topic of this paper is the thermodynamical situation of the KLJN system. In all the original works, the proposed KLJN schemes required thermal equilibrium between the devices of the communicating parties to achieve perfect security. However, Vadai, et al, in (Nature) Science Reports 5 (2015) 13653 shows a modified scheme, where there is a non-zero thermal noise energy flow between the parties, yet the system seems to resist all the known attack types. We introduce a new attack type against their system. The new attack utilizes coincidence events between the line current and voltages. We show that there is non-zero information leak toward the Eavesdropper, even under idealized conditions. As soon as the thermal equilibrium is restored, the system becomes perfectly secure again. In conclusion, perfect unconditional security requires thermal equilibrium.

Christiana Chamon, Shahriar Ferdous, Laszlo Kish

This paper demonstrates the vulnerability of the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchanger to compromised random number generator(s) even if these random numbers are used solely to generate the noises emulating the Johnson noise of Alice's and Bob's resistors. The attacks shown are deterministic in the sense that Eve's knowledge of Alice's and/or Bob's random numbers is basically deterministic. Moreover, no statistical evaluation is needed, except for rarely occurring events of negligible, random waiting time and verification time. We explore two situations. In the first case, Eve knows both Alice's and Bob's random noises. We show that, in this situation, Eve can quickly crack the secure key bit by using Ohm's Law. In the other situation, Eve knows only Bob's random noise. Then Eve first can learn Bob's resistance value by using Ohm's Law. Therefore, she will have the same knowledge as Bob, thus at the end of the bit exchange period, she will know Alice's bit.

Shahriar Ferdous, Christiana Chamon, Laszlo B. Kish

In (Nature) Science Report 5 (2015) 13653, Vadai, Mingesz and Gingl (VMG) introduce a new Kirchhoff-law-Johnson-noise (KLJN) secure key exchanger that operates with 4 arbitrary resistors (instead of 2 arbitrary resistance values forming 2 identical resistor pairs in the original system). They state that in this new, VMG-KLJN, non-equilibrium system with nonzero power flow, the security during the exchange of the two (HL and LH) bit values is as strong as in the original KLJN scheme. Moreover, they claim that, at practical conditions, their VMG-KLJN protocol "supports more robust protection against attacks". First, we investigate the power flow and thermal equilibrium issues of the VMG-KLJN system with 4 arbitrary resistors. Then we introduce a new KLJN protocol that allows the arbitrary choice of 3 resistors from the 4, while it still operates with zero power flow during the exchange of single bits by utilizing a specific value of the 4th resistor and a binary temperature set for the exchanged (HL and LH) bit values. Then we show that, in general, the KLJN schemes with more than 2 arbitrary resistors (including our new protocol mentioned above) are prone to 4 new passive attacks utilizing the parasitic capacitance and inductance in the cable, while the original KLJN scheme is naturally immune against these new attacks. The core of the security vulnerability exploited by these attacks is the different line resistances in the HL and LH cases. Therefore, on the contrary of the statement and claim cited above, the practical VMG-KLJN system is less secure than the original KLJN scheme. We introduce another 2, modified, non-equilibrium KLJN systems to eliminate the vulnerability against some - but not all - of these attacks. However the price for that is the loss of arbitrariness of the selection of the 4th resistor and the information leak still remains greater than zero.

Mutaz Melhem, Christiana Chamon, Shahriar Ferdous et al.

A new attack against the Kirchhoff-Law-Johnson-Noise(KLJN) secure key exchange scheme is introduced. The attack exploits a parasitic (periodic) AC voltage-source at either Alice or Bob ends. Such situations exist due to AC ground loops and electromagnetic interference (EMI). In the low-frequency case, the procedure is the generalized form of the former DC ground loop based attack. In the high-frequency case, the power spectrum of the wire voltage is utilized. The attack is demonstrated in both the low and the high-frequency situations. Defense protocols against the attack are also discussed.

Christiana Chamon, Shahriar Ferdous, Laszlo B. Kish

This paper introduces and demonstrates two new attacks against the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange scheme. The attacks are based on random number generators with compromised security. First we explore the situation in which Eve knows the seed of both Alice's and Bob's random number generators. We show that in this situation Eve can crack the secure key bit within a fraction of the bit exchange period even if her current and voltage measurements have only a single bit of resolution. In the second attack, we explore the situation in which Eve knows the seed of only Alice's random number generator. We show that in this situation Eve can still crack the secure key bit but she needs to use the whole bit exchange period for the attack. The security of the KLJN key exchange scheme, similarly to other protocols, necessitates that the random number generator outputs are truly random for Eve.