Showing papers on "IPsec published in 2019"

A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol

Abstract: WireGuard is a free and open source Virtual Private Network (VPN) that aims to replace IPsec and OpenVPN. It is based on a new cryptographic protocol derived from the Noise Protocol Framework. This paper presents the first mechanised cryptographic proof of the protocol underlying WireGuard, using the CryptoVerif proof assistant. We analyse the entire WireGuard protocol as it is, including transport data messages, in an ACCE-style model. We contribute proofs for correctness, message secrecy, forward secrecy, mutual authentication, session uniqueness, and resistance against key compromise impersonation, identity mis-binding, and replay attacks. We also discuss the strength of the identity hiding provided by WireGuard. Our work also provides novel theoretical contributions that are reusable beyond WireGuard. First, we extend CryptoVerif to account for the absence of public key validation in popular Diffie-Hellman groups like Curve25519, which is used in many modern protocols including WireGuard. To our knowledge, this is the first mechanised cryptographic proof for any protocol employing such a precise model. Second, we prove several indifferentiability lemmas that are useful to simplify the proofs for sequences of key derivations.

TPM-FAIL: TPM meets Timing and Lattice Attacks

Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we perform a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. On Intel fTPM, our key recovery succeeds after about 1,300 observations and in less than two minutes. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsec VPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server's private authentication key by timing only 45,000 authentication handshakes via a network connection. The vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques, and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations. Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks.

TPM-FAIL: TPM meets Timing and Lattice Attacks

Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we perform a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. On Intel fTPM, our key recovery succeeds after about 1,300 observations and in less than two minutes. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsec VPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server's private authentication key by timing only 45,000 authentication handshakes via a network connection. The vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques, and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations. Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks.

A Lightweight and Efficient Secure Hybrid RSA (SHRSA) Messaging Scheme With Four-Layered Authentication Stack

Abstract: For virtual private network and LAN-to-LAN tunnel sessions, End-to-End security is the main constraint in private messaging scenarios. Internet Protocol Security can negotiate new keys for every communication, but when the key is compromised, it is a problem. Perfect Forward Secrecy is the resolution. In addition, the messaging scheme should be efficient and lightweight for keeping parity with daily needs. The popular Rivest-Shamir-Adleman (RSA) cipher is omnipresent in secure communications but has many scientific problems. So here, in this paper, a lightweight and efficient Secure Hybrid RSA (SHRSA) messaging scheme with four-layered authentication stack is implemented and analyzed. The scheme is resolving the problem of asymptotic very low speed of decryption of RSA, the computational modular exponentiation complexity and partial key exposure vulnerability issues of RSA, and many more. The four-layered authentication stack have eliminated the need of the use of any password, external digital certificates, and a third party for authentication with its own four techniques in a staked way. We have found that in evolutions and analysis of the scheme, it is not only resolving various scientific problems of RSA but also occupying 2%–4% less CPU than main RSA and occupying 1%–3% less memory than main RSA. Its decryption average time has gained 8.858 times compared to the main RSA and gained 2.248 times compared to CRT RSA. We have found that the RSA, CRT-RSA, and SHRSA’s encryption throughput are alike-all are around 6 KB/Sec but decryption throughput of SHRSA has gained 8.5345 times than main RSA and gained 2.1174 times than CRT-RSA. The results obtained have shown us the relevancies of the SHRSA messaging scheme to be integratable as a cipher in Blockchain architectures, cyber-physical systems, and the Internet of Everything.

Strongly leakage resilient authenticated key exchange, revisited

Abstract: Authenticated Key Exchange (AKE) protocols allow two (or multiple) parties to authenticate each other and agree on a common secret key, which is essential for establishing a secure communication channel over a public network. AKE protocols form a central component in many network security standards such as IPSec, TLS/SSL, and SSH. However, it has been demonstrated that many standardized AKE protocols are vulnerable to side-channel and key leakage attacks. In order to defend against such attacks, leakage resilient (LR-) AKE protocols have been proposed in the literature. Nevertheless, most of the existing LR-AKE protocols only focused on the resistance to long-term key leakage, while in reality leakage of ephemeral secret key (or randomness) can also occur due to various reasons such as the use of poor randomness sources or insecure pseudo-random number generators (PRNGs). In this paper, we revisit the strongly leakage resilient AKE protocol (CT-RSA’16) that aimed to resist challenge-dependent leakage on both long-term and ephemeral secret keys. We show that there is a security issue in the design of the protocol and propose an improved version that can fix the problem. In addition, we extend the protocol to a more general framework that can be efficiently instantiated under various assumptions, including hybrid instantiations that can resist key leakage attacks while preserving session key security against future quantum machines.

Group Key Management using IKEv2

Abstract: This document presents a set of IKEv2 exchanges that comprise a group key management protocol. The protocol is in conformance with the Multicast Security (MSEC) key management architecture, which contains two components: member registration and group rekeying. Both components require a Group Controller/Key Server to download IPsec group security associations to authorized members of a group. The group members then exchange IP multicast or other group traffic as IPsec packets. This document obsoletes RFC 6407.

Quality of Service for Traffic Monitoring System based on Static Routing using EoIP Tunnel over IPSec

Abstract: The development of internet networks requires a network administrator to implement various topology schemes on the location of the different network. It is intended to make each other enables to communicate in one area and monitor the use of traffic. This research aim is to create private network connection by ensuring its security and distributing public address through routing static algorithm. Network Development Life Cycle (NDLC) is utilized as the research method. Based on the implementation of EoIP tunnel network over IPSec, the researcher analysed the Quality of Service (QoS) for EoIP tunnel non-IPsec with EoIP tunnel over IPSec to find out the comparison. The Result revealed that EoIP tunnel over IPsec has throughput 93.04%, delay 1.43 ms, jitter 1.41 ms, and packet loss 0.43%. The data is fewer than the data of EoIP non-IPsec with throughput 94.85%, delay 1.39 ms, jitter 1.37 ms, and packet loss 0.52%. The differentiation caused by the encryption negotiation process during the network connected. Hopefully, this research has a contribution to make user is more accessible to communicate in the local area and monitor the traffic use centrally.

From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1.

Abstract: A chosen-prefix collision attack is a stronger variant of a collision attack, where an arbitrary pair of challenge prefixes are turned into a collision. Chosen-prefix collisions are usually significantly harder to produce than (identical-prefix) collisions, but the practical impact of such an attack is much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, collision attacks are hard to turn into break of concrete protocols, because the adversary has a limited control over the colliding messages. On the other hand, chosen-prefix collisions have been shown to break certificates (by creating a rogue CA) and many internet protocols (TLS, SSH, IPsec).

Model Learning and Model Checking of IPSec Implementations for Internet of Things

Abstract: With the development of Internet of Things (IoT) technology, the demand for secure communication by smart devices has dramatically increased, and the security of the IoT protocol has become the focus of cyberspace. Recently, some scholars have attempted to extend the IPSec protocol to IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) to ensure end-to-end security, which makes it essential to analyze the vulnerability of the IPSec protocol to enhance the security of the IoT. In this study, we use a method combining model learning and model checking to analyze the dynamic vulnerability of IPSec protocol implementations. This method automatically infers the black-box model and compares it with the relevant specifications to expose the defects of the system implementation and search its logic vulnerabilities. We first employ model learning on three IPSec implementations to infer state machine models; then, we use model checking to verify that these models satisfy basic security properties and conform to the RFCs. Our analysis reveals three new security issues: a wrong interaction causing server exception and two violations of the standard.

P4-IPsec: Implementation of IPsec Gateways in P4 with SDN Control for Host-to-Site Scenarios

Abstract: In this paper we propose P4-IPsec which follows the software-defined networking (SDN) paradigm. It comprises a P4-based implementation of an IPsec gateway, a client agent, and a controller-based, IKE-less signalling between them. P4-IPsec features the Encapsulation Security Payload (ESP) protocol, tunnel mode, and various cipher suites for host-to-site virtual private networks (VPNs). We consider the use case of a roadwarrior and multiple IPsec gateways steered by the same controller. P4-IPsec supports on-demand VPN which sets up tunnels to appropriate resources within these sites when requested by applications. To validate the P4-based approach for IPsec gateways, we provide three prototypes leveraging the software switch BMv2, the NetFPGA SUME card, and the Edgecore Wedge 100BF-32X switch as P4 targets. For the latter, we perform a performance evaluation giving experimental results on throughput and delay.

Analyzing Generic Routing Encapsulation (GRE) and IP Security (IPSec) Tunneling Protocols for Secured Communication over Public Networks

Abstract: The extensive use of the Internet has created excessive demand for security and privacy in the communication channels. The increase in connected devices and the need to remotely access network resources has also amplified the need for strong security measures. Virtual Private Networks, tunneling methods, and multi-layer encryptions have all been used in different network architectures and topologies to secure end-to-end transmission of information. The increase in cyber-attacks and data breaches in the past decades is a clear indication of the concerns surrounding information security. From network flooding, Denial of Services (DoS) to sensitive data exposure, the consequences of a poorly secured network can be detrimental to an organization and end-users. With the projected IoT technology, devices communication needs to be efficiently protected if it has to pass through public networks such as the Internet. This paper analyses two of the most widely used tunnelling protocols in secured data transmission, the Generic Routing Encapsulation (GRE) and the IP Security (IPSec), establishes a comparison between them and evaluate their capabilities for security and privacy measures on the internet network, using network simulators. We use the graphical network simulator 3 (GNS3) emulator for traffic analyses.

Secure precision time protocol in packet switched networks

Abstract: IEEE 1588-2008 protocol is used to provide time and frequency synchronization in network. As time and frequency distribution protocols are becoming increasingly common and widely deployed across the networks, concern about their exposure to security threats and vulnerabilities are increasing. One can use external security mechanisms like IPSEC or MACSEC to safe-guard network from various attacks and not specific to timing protocols. To address security related threats IEEE 1588-2019 draft standard D1.5 defines a “PTP integrated security(PTPIS)” mechanism which is complex and not completely integrated because key management mechanism is left open. A simple and “ Fully PTP Integrated Security(FPTPIS)” mechanism which includes key management is proposed by introducing a new general message and TLV. This paper describes how new general message and TLV enables “fully PTPIS” and thus solving the security requirements of the RFC7384.

A Proof-of-Concept Demonstration of Isolated and Encrypted Service Function Chains

Abstract: Contemporary Service Function Chaining (SFC), and the requirements arising from privacy concerns, call for the increasing integration of security features such as encryption and isolation across Network Function Virtualisation (NFV) domains. Therefore, suitable adaptations of automation and encryption concepts for the development of interconnected data centre infrastructures are essential. Nevertheless, packet isolation constraints related to the current NFV infrastructure and SFC protocols, render current NFV standards insecure. Accordingly, the goal of our work was an experimental demonstration of a new SFC packet forwarding standard that enables contemporary data centres to overcome these constraints. This article presents a comprehensive view of the developed architecture, focusing on the elements that constitute a new forwarding standard of encrypted SFC packets. Through a Proof-of-Concept demonstration, we present our closing experimental results of how the architecture fulfils the requirements defined in our use case.

A stack-vector routing protocol for automatic tunneling

Abstract: In a network, a tunnel is a part of a path where a protocol is encapsulated in another one. A tunnel starts with an encapsulation and ends with the corresponding decapsulation. Several tunnels can be nested at some stage, forming a protocol stack. Tunneling is very important nowadays and it is involved in several tasks: IPv4/IPv6 transition, VPNs, security (IPsec, onion routing), etc. However, tunnel establishment is mainly performed manually or by script, which present obvious scalability issues. Some works attempt to automate a part of the process (e.g., TSP, ISATAP, etc.). However, the determination of the tunnel(s) endpoints is not fully automated, especially in the case of an arbitrary number of nested tunnels. The lack of routing protocols performing automatic tunneling is due to the unavailability of path computation algorithms taking into account encapsulations and decapsulations. There is a polynomial centralized algorithm to perform the task. However, to the best of our knowledge, no fully distributed path computation algorithm is known. Here, we propose the first fully distributed algorithm for path computation with automatic tunneling, i.e., taking into account encapsulation, decapsulation and conversion of protocols. Our algorithm is a generalization of the distributed Bellman-Ford algorithm, where the distance vector is replaced by a protocol stack vector. This allows to know how to route a packet with some protocol stack. We prove that the messages size of our algorithm is polynomial, even if the shortest path can be of exponential length. We also prove that the algorithm converges after a polynomial number of steps in a synchronized setting. We adapt our algorithm into aproto-protocol for routing with automatic tunneling and we show its efficiency through simulations.

IPsec Key Exchange using a Controller

Abstract: This document presents a key exchange method allowing devices managed by a controller (e.g., an SDN management station) to create private pair-wise IPsec SAs without IKEv2 or any other direct peer-to-peer session establishment messages. The method can be used when a full mesh of IKEv2 sessions between IPsec devices is not appropriate.

P4-IPsec: Site-to-Site and Host-to-Site VPN with IPsec in P4-Based SDN

Abstract: In this work, we present P4-IPsec, a concept for IPsec in software-defined networks (SDN) using P4 programmable data planes. The prototype implementation features ESP in tunnel mode and supports different cipher suites. P4-capable switches are programmed to serve as IPsec tunnel endpoints. We also provide a client agent to configure tunnel endpoints on Linux hosts so that site-to-site and host-to-site application scenarios can be supported which are the base for virtual private networks (VPNs). While traditional VPNs require complex key exchange protocols like IKE to set up and renew tunnel endpoints, P4-IPsec benefits from an SDN controller to accomplish these tasks. One goal of this experimental work is to investigate how well P4-IPsec can be implemented on existing P4 switches. We present a prototype for the BMv2 P4 software switch, evaluate its performance, and publish its source code on GitHub. We explain why we could not provide a useful implementation with the NetFPGA SUME board. For the Edgecore Wedge 100BF-32X Tofino-based switch, we presented two prototype implementations to cope with a missing crypto unit. As another contribution of this paper, we provide technological background of P4 and IPsec and give a comprehensive review of security applications in P4, IPsec in SDN, and IPsec data plane implementations. According to our knowledge, P4-IPsec is the first implementation of IPsec for P4-based SDN.

Securing Ethernet-based Optical Fronthaul for 5G Network

Abstract: In 5G networks, an optical fronthaul transports massive user data from remote radio heads (RRH) to the core network (CO) with high throughput and low latency. eCPRI is a new standard interface for the Ethernet-based optical fronthaul network to enhance the efficiency and performance. If fronthaul networks are deployed in an unsafe domain, an end-to-end security system should be implemented over the data flow, which usually requires additional overhead and processing time. This redundancy may cause unexpected latency and performance degradation in the data transport for 5G networks. According to the specification of eCPRI, vendors may optionally implement either IPsec or MACsec to ensure the security of transmission. In this paper, we investigate security solutions suitable for the Ethernet-based optical fronthaul network. We analyze the standard security protocols such as IPsec and MACsec for the security of the high speed link. We propose WireGuard as an alternative security solution which may replace IPsec. According to our analysis, the extended overhead for security protocols has negligible impact on the latency. However, eCPRI processing time can be prolonged, which may cause additional latency and eventually affect the maximum transmission distance of fronthaul networks. As an example, we performed a simulation of eCPRI traffic and measured the latency of WireGuard. We also point out that a re-key interval should be carefully chosen not to compromise the security of the high capacity link such as 5G fronthaul networks. Our analysis is further extended to a long-term security solution which is resistant to quantum attacks.

Design and Implementation of IoT Gateway Security System

Abstract: With the rapid development of the Internet of Things (IoT) technology, massive terminal devices access the network. These devices often have limited computing power, insufficient resource space, and poor security protection capabilities, which are easily exploited by hackers and lead to serious security incidents. IoT gateway is a network access device, which can be designed with a relatively complete security mechanism to effectively improve the security protection level of the system. Based on the open source OpenWrt system, this paper adopts the modular design structure, realizes the identity authentication and encryption communication between the sensing layer and the network layer through China cryptographic algorithm, network security protocol and Physical Unclonable Function (PUF), designs the software and hardware and builds the test environment. The results show that the gateway has strong security and stability, which can resist DDOS attacks and spoofing attacks, and has flexible network access modes and deployments, meeting the requirements of data collection, device management and multimedia converged communication in the IoT environment.

Enhancing IPsec Performance in Mobile IPv6 Using Elliptic Curve Cryptography

Abstract: Internet has become indispensable to the modern society nowadays. Due to the dynamic nature of human activities, the evolving mobile technology has played a significant role and it is reflected in the exponential growth of the number of mobile users globally. However, the characteristic of the Internet as an open network made it vulnerable to various malicious activities. To secure communication at network layer, IETF recommended IPsec as a security feature. Mobile IPv6 as the successor of the current mobile technology, Mobile IPv4, also mandated the use of IPsec. However, since IPsec is a set of security algorithm, it has several well-known weaknesses such as bootstrapping issue when generating a security association as well as complex key exchange mechanism. It is a well-known fact that IPsec has a high overhead especially when implemented on Mobile IPv6 and used on limited energy devices such as mobile devices. This paper aims to enhance the IPsec performance by substituting the existing key exchange algorithm with a lightweight elliptic curve algorithm. The experiments managed to reduce the delay of IPsec in Mobile IPv6 by 67% less than the standard implementation.

P4-MACsec: Dynamic Topology Monitoring and Data Layer Protection with MACsec in P4-SDN

Abstract: We propose P4-MACsec to protect network links between P4 switches through automated deployment of MACsec, a widespread IEEE standard for securing Layer 2 infrastructures. It is supported by switches and routers from major manufacturers and has only little performance limitations compared to VPN technologies such as IPsec. P4-MACsec introduces a data plane implementation of MACsec including AES-GCM encryption and decryption directly on P4 switches. P4-MACsec features a two-tier control plane structure where local controllers running on the P4 switches interact with a central controller. We propose a novel secure link discovery mechanism that leverages protected LLDP frames and the two-tier control plane structure for secure and efficient management of a global link map. Automated deployment of MACsec creates secure channel, generates keying material, and configures the P4 switches for each detected link between two P4 switches. It detects link changes and performs rekeying to provide a secure, configuration-free operation of MACsec. In this paper, we review the technological background of P4-MACsec and explain its architecture. To demonstrate the feasibility of P4-MACsec, we implement it on the BMv2 P4 software switch and validate the prototype through experiments. We evaluate its performance through experiments that focus on TCP throughput and round-trip time. We publish the prototype and experiment setups on Github.

FPGA Implementation of Internet Key Exchange Based on Chaotic Cryptosystem

Abstract: In network communication domain, one of the most widely used protocol for encrypting data and securing communications is the IPSec protocol. The design of this protocol is based on two main phases which are: exchanging keys phase and transferring data phase. In this paper we focus on enhancing the exchanging keys phase which is included in the security association (SA), using a chaotic cryptosystem. Initially IPSec is based on the Internet Key Exchange (IKE) protocol for establishing the SA. Actually IKE protocol is in charge for negotiating the connection and for authenticating both nodes. However; using IKE gives rise to a major problem related to security attack such as the Man in the Middle Attack. In this paper, we propose a chaotic cryptosystem solution to generate SA file for the connected nodes of the network. By solving a 4-Dimension chaotic system, a SA file that includes 128-bit keys will be established. The proposed solution is implemented and tested using FPGA boards.

Securing Big Data from Eavesdropping Attacks in SCADA/ICS Network Data Streams through Impulsive Statistical Fingerprinting

Abstract: While data from Supervisory Control And Data Acquisition (SCADA) systems is sent upstream, it is both the length of pulses as well as their frequency present an excellent opportunity to incor-porate statistical fingerprinting. This is so, because datagrams in SCADA traffic follow a poison distribution. Although wrapping the SCADA traffic in a protective IPsec stream is an obvious choice, thin clients and unreliable communication channels make is less than ideal to use crypto-graphic solutions for security SCADA traffic. In this paper, we propose a smart alternative of data obfuscation in the form of Impulsive Statistical Fingerprinting (ISF). We provide important insights into our research in healthcare SCADA data security and the use of ISF. We substantiate the conversion of sensor data through the ISF into HL7 format and define policies of a seamless switch to a non HL7-based non-secure HIS to a secure HIS.

Securing Big Data from Eavesdropping Attacks in SCADA/ICS Network Data Streams through Impulsive Statistical Fingerprinting

Abstract: While data from Supervisory Control And Data Acquisition (SCADA) systems is sent upstream, it is both the length of pulses as well as their frequency present an excellent opportunity to incorporate statistical fingerprinting. This is so, because datagrams in SCADA traffic follow a poison distribution. Although wrapping the SCADA traffic in a protective IPsec stream is an obvious choice, thin clients and unreliable communication channels make is less than ideal to use cryptographic solutions for security SCADA traffic. In this paper, we propose a smart alternative of data obfuscation in the form of Impulsive Statistical Fingerprinting (ISF). We provide important insights into our research in healthcare SCADA data security and the use of ISF. We substantiate the conversion of sensor data through the ISF into HL7 format and define policies of a seamless switch to a non HL7-based non-secure HIS to a secure HIS.

The Deviation Attack: A Novel Denial-of-Service Attack Against IKEv2

Abstract: In previous analyses IKEv2 has been shown to suffer from an authentication vulnerability that was considered not exploitable. By designing and implementing a novel slow Denial-of-Service attack, which we name the Deviation Attack, we show that the vulnerability is actually exploitable. We explain the attack's requirements, propose possible counter-measures and propose two possible modifications of the protocol, which both overcome the vulnerability.

Scaling IPSEC processing on a virtual machine

Abstract: Certain embodiments described herein are generally directed to performing receive side scaling at a virtual network interface card for encapsulated encrypted data packets based on an security parameter index value of the encapsulated encrypted data packets.

Proposition of a Model for Securing the Neighbor Discovery Protocol (NDP) in IPv6 Environment

Abstract: This article proposes a model for securing the Neighbor Discovery Protocol, to enable a secure exchange of IPv6 mobiles for insertion into another network. As part of the Neighbor Discovery Protocol, we have listed all the features and demonstrated that they can all be attacked though our particular focus is on appraising the existing one. The article demonstrates that it is possible to secure the most critical points in the Neighbor Discovery Protocol features, including the IP address and prefix. The security model using the IPsec AH protocol combination, and the CGA Protocol.

IP Core Protection and Hardware-Assisted Security for Consumer Electronics

Abstract: IP Core Protection and Hardware-Assisted Security for Consumer Electronics presents established and novel solutions for security and protection problems related to IP cores (especially those based on DSP/multimedia applications) in consumer electronics. The topic is important to researchers in various areas of specialization, encompassing overlapping topics such as EDA-CAD, hardware design security, VLSI design, IP core protection, optimization using evolutionary computing, system-on-chip design and application specific processor/hardware accelerator design. The book begins by introducing the concepts of security, privacy and IP protection in information systems. Later chapters focus specifically on hardware-assisted IP security in consumer electronics, with coverage including essential topics such as hardware Trojan security, robust watermarking, fingerprinting, structural and functional obfuscation, encryption, IoT security, forensic engineering based protection, JPEG obfuscation design, hardware assisted media protection, PUF and side-channel attack resistance.