Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and real-time Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attack detection. In one example, among others, a method for detection and localization of denial-of-service (DoS) attacks includes detecting, by a router of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a compromised packet stream based at least in part upon a packet arrival curve (PAC) associated with the router; identifying, by the IP core, a candidate IP core in the NoC as a potential attacker based at least in part upon a destination packet latency curve (DLC) associated with the IP core; and transmitting, by the router, a notification message indicating that the candidate IP core is the potential attacker to a router of the candidate IP core.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and trust-aware routing. In one example, among others, a method for trust-aware routing includes calculating trust values to represent how much a node can be trusted to route packets through its router. Each node can store the trust values of routers that are one hop and two hops away from it, which represent direct trust and delegated trust, respectively. When a router receives a packet, the router can update trust values and forward the packet to the next hop.

Abstract: The present disclosure presents an exemplary tier-based reconfigurable security architecture that can adapt to different use-case scenarios by selecting security tiers and configure parameters in each security tier based on system requirements. An exemplary system comprises a security agent that is configured to monitor system characteristics of embedded components on a system-on-chip and communicate a status of the system characteristics to a reconfigurable service engine integrated on the system-on-chip, such that the reconfigurable service engine is configured to activate one of a plurality of tiers of security based at least upon the status of the system characteristics communicated.

Abstract: Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Abstract: The present disclosure presents an exemplary tier-based reconfigurable security architecture that can adapt to different use-case scenarios by selecting security tiers and configure parameters in each security tier based on system requirements. An exemplary system comprises a security agent that is configured to monitor system characteristics of embedded components on a system-on-chip and communicate a status of the system characteristics to a reconfigurable service engine integrated on the system-on-chip, such that the reconfigurable service engine is configured to activate one of a plurality of tiers of security based at least upon the status of the system characteristics communicated.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight encryption and anonymous routing in a network-on-chip (NoC) based system-on-chip (SoC). In one example, among others, method for lightweight encryption and anonymous routing includes identifying, by a source node in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a routing path from the source node to a destination node in the NoC-based SoC architecture, where the routing path comprises the source node, a plurality of intermediate nodes in the NoC-based SoC architecture, and the destination node; generating, by the source node, a plurality of tuples, a number of tuples in the plurality of tuples being based on a threshold; and distributing, by the source node, the plurality of tuples to the plurality of intermediate nodes and the destination node.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and trust-aware routing. In one example, among others, a method for trust-aware routing includes calculating trust values to represent how much a node can be trusted to route packets through its router. Each node can store the trust values of routers that are one hop and two hops away from it, which represent direct trust and delegated trust, respectively. When a router receives a packet, the router can update trust values and forward the packet to the next hop.

Abstract: Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and real-time Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attack detection. In one example, among others, a method for detection and localization of denial-of-service (DoS) attacks includes detecting, by a router of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a compromised packet stream based at least in part upon a packet arrival curve (PAC) associated with the router; identifying, by the IP core, a candidate IP core in the NoC as a potential attacker based at least in part upon a destination packet latency curve (DLC) associated with the IP core; and transmitting, by the router, a notification message indicating that the candidate IP core is the potential attacker to a router of the candidate IP core.