msc brainstorm: node hijacking protection for embedded devices using TinyML

[synctext]

brainstorm Not afraid of assembly! Defend: July 2025. Phd ambition?!

First, describe the scope and past occurrences of node hijacks.
From Solarwinds to the recent 1.3 million Android TVs in a botnet. Do you aim to protect from unzip fail of firmware update?

Security frameworks. sandbox where you can run anything. IoT device, build Raspberry pi with TinyML as exemplary use-case?

ToDo

• read Zero-Trust architecture
• Enhancing TinyML Security: Study of Adversarial Attack

Other ideas:

• byzantine faults; Engraft: Enclave-guarded Raft on Byzantine Faulty Nodes
• DNA passport
• Low-level PUF
• Open HSM
• IoT devices, etc.

https://www.enisa.europa.eu/publications/eidas-compliant-eid-solutions/@@download/fullReport

Zero-Trust Architecture for Legal Entities

update: Cars now have firmware and secure boot. In-line with your 'hacking' passion. Toyota cars get stolen using CANbus attack. There is a Tesla bug hunting bounty. Smartphone app opens your car, passport-grade authentication. Link to insurance and question who was driving the car when damage occurred?? 🤔 (more US thing versus EU where things are decently organised). The science: protecting high-value 'portable' computers and firmware {zero-trust}.

update2: V2X tech for "car wifi" in 5.9 GHz band. Police remotely stopping a car is no longer the realm of Sci-Fi movies. See the trail of a "remote car stopping" from the Czech Technical University in Prague and the BUT in Brno and PR stuff from the USA.

• Towards zero trust security in connected vehicles: A comprehensive survey
• A Zero Trust Architecture for Connected and Autonomous Vehicles
• A curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.
• HOW TO BEGIN V2X DEVELOPMENT ON LINUX

ToDo: a draft 1-page research proposal (e.g. the science focus side)

[Kheoss]

Proposal: A Privacy-Preserving Digital Identity System Using DNA Passports and Physical Unclonable Functions (PUFs)
Background and Motivation
As digital identity systems become integral to secure IoT and automotive environments, the need for robust, privacy-preserving authentication has never been greater. Traditional biometric and hardware-based authentication methods present vulnerabilities, either through centralized storage or susceptibility to cloning and tampering. This proposal explores a hybrid identity model combining DNA-based identifiers and Physical Unclonable Functions (PUFs), leveraging the unique properties of both biological and hardware-based identifiers for a decentralized, multi-factor authentication system that is resistant to forgery and highly secure.

Objectives
Develop a Secure DNA-PUF System Architecture: Design an identity framework that binds DNA-based identifiers with PUFs, creating a unique, privacy-preserving multi-factor identity verification system.
Implement Privacy-Preserving DNA Hashing: Ensure DNA information is encoded and stored securely, protecting user privacy while enabling strong, unique identity verification.
Prototype and Evaluate the System: Build a prototype and evaluate the system’s effectiveness in providing secure, decentralized authentication, focusing on IoT and automotive applications.

Possible Methodology
DNA-Based Identifier Generation: Select privacy-friendly DNA markers, create a hashed digital representation, and store this locally on the device, ensuring user privacy.
Device-Based PUF Authentication: Equip devices with PUFs (or simulate PUFs? ) to generate unique, hardware-rooted responses. Each device’s PUF response serves as an unforgeable, repeatable key.
Combined DNA-PUF Authentication: Bind the DNA hash with the PUF response to form a multi-factor identifier. Authentication involves the device presenting both the DNA-based user identity and PUF-derived device identity, ensuring that only authorized users and devices gain access.
Testing and Validation: Develop a prototype for evaluation within a simulated IoT or automotive environment, analyzing performance metrics, security resilience, and privacy preservation (how?).

Expected Outcomes ???

Secure, Decentralized Identity System: A privacy-centric identity model that binds user DNA with device-specific PUF authentication, creating a robust, decentralized system for IoT security.
Enhanced Privacy and Security: Privacy-preserving techniques for DNA data storage and processing, with a multi-factor approach that combines user and device authentication without relying on centralized databases.
A working prototype with results demonstrating its feasibility and effectiveness in environments where strong, privacy-respecting authentication is essential.

To explore: Multi-layered/fine-grain hierarchies may be a nice addition as many authentication systems work more like "I am this device" instead of "I owe this device".

Potential Impact
This DNA-PUF hybrid system for secure digital identity merges advanced biometrics with unique hardware-based identifiers. Its decentralized design makes it suitable for applications in IoT, connected vehicles, and other fields where secure, user-controlled identity management is critical. This research will contribute to the fields of digital identity and privacy, addressing current limitations and setting a foundation for further innovations in secure authentication.

• Unclonable functions based on DNA tools.

• Cancellable / theft locking/ lost device

• Chemical unclonable functions based on operable random DNA pools

[synctext]

Very scary 😨 😮 😨 Solid science for "identity of the future" in a world that is slowly collapsing into chaos.

Passport 2050

Advise: re-write. example:
The world is slowly descending into less democracy, more wars, and increased suffering. Establishing the correctness of information, validity of electronic signatures, owners of object, and identity of humans is becoming a cardinal requirement for global safety. This thesis is exploring identity solutions for the worst-case scenario. Our adversary model is that multiple state-actors will re-organise their economy for sustained attacking of the integrity of liberal democracies. Our requirement is that by 2050 our system could still serve as the foundation for identity and integrity of all our socio-economic systems. By being isolated from most plausible technological breakthrough. This means our solution consists of combining traditional hardware-based PUFs and the frontier of science and unique identification: DNA.

• PUF: eIDAS extreme
• PUF+DNA+openness and accountability: eIDAS Ultra
• FastDNA for eIDAS Ultra authentication

[Kheoss]

13/11/2024: A bit of literature review

Lots of DNA is no-coding DNA ( does not encode protein sequences ), however the 1% that does is interesting.

Concept: Protein-Based DNA Signature Generator

• simulate the process of protein formation from specific DNA segments to create a unique, verifiable signature
• use DNA as input to model protein structure or sequence => complex and biologically authentic way to generate signatures tied to an individual’s DNA ( bio-PUF ? )
• ZKP by simulating the protein/structure formation [transcription] for a challange

Problems:

• how to revoke such identity?
• many papers that might be usefull are new and did not find them (yet) to read in full [ examples:
  Synthesizing DNA molecules with identity-based digital signatures to prevent malicious tampering and enabling source attribution]