Below is a comprehensive list of my publications and patents.
You can also check out my Google Scholar page.
Since the inception of the integrated circuit (IC), the size of the
transistors used to construct them continually shrink. While this
advancement significantly improves computing capability, the associated
massive complexity forces IC designers to outsource fabrication.
Outsourcing presents a security threat: comprehensive
post-fabrication inspection is infeasible given the size of modern
ICs, thus it is nearly impossible to know if the foundry has altered
your design during fabrication (i.e., inserted a hardware Trojan).
Defending against a foundry-side adversary is challenging
because—with as little as two gates—hardware Trojans can completely
undermine software security. Prior work attempts to both
detect and prevent such foundry-side attacks, but all existing defenses
are ineffective against the most advanced hardware Trojans.
We present Defensive Routing (DR), a preventive layout-level defense against untrusted foundries, capable of thwarting the insertion of even the stealthiest hardware Trojans. DR is directed and routing-centric: it prevents foundry-side attackers from connecting rogue wires to security-critical wires by shielding them with guard wires. Unlike shield wires commonly deployed for cross-talk reduction, DR guard wires present an additional technical challenge: they must be tamper-evident in both the digital and analog domains. To address this challenge, we present two different categories of guard wires: natural and synthetic. Natural guard wires are comprised of pre-existing wires that we route adjacent to security-critical wires, while synthetic guard wires are added to the design specifically to protect security-critical wires. Natural guard wires require no additional hardware and are digitally tamper-evident. Synthetic guard wires require additional hardware, but are tamper-evident in both the digital and analog domains.
We implement automated tools for deploying both types of guard wires in IC layouts of commercial complexity. We evaluate the protections provided by both natural and synthetic guard wires across thee different IC designs: a processor and AES and DSP accelerators. We then compare the efficacy of DR to existing placement-centric layout-level defenses. DR is shown to successfully defend against even the stealthiest hardware Trojans, across several designs, with less than 1% power, performance, and area overheads.
The transistors used to construct Integrated Circuits (ICs) continue
to shrink. While this shrinkage improves performance and density,
it also reduces trust: the price to build leading-edge fabrication
facilities has skyrocketed, forcing even nation states to outsource
the fabrication of high-performance ICs. Outsourcing fabrication
presents a security threat because the black-box nature of a fabricated
IC makes comprehensive inspection infeasible. Since prior
work shows the feasibility of fabrication-time attackers’ evasion of
existing post-fabrication defenses, IC designers must be able to protect
their physical designs before handing them off to an untrusted
foundry. To this end, recent work suggests methods to harden IC
layouts against attack. Unfortunately, no tool exists to assess the
effectiveness of the proposed defenses—meaning gaps may exist.
This paper presents an extensible IC layout security analysis tool called IC Attack Surface (ICAS) that quantifies defensive coverage. For researchers, ICAS identifies gaps for future defenses to target, and enables the quantitative comparison of existing and future defenses. For practitioners, ICAS enables the exploration of the impact of design decisions on an IC’s resilience to fabrication-time attack. ICAS takes a set of metrics that encode the challenge of inserting a hardware Trojan into an IC layout, a set of attacks that the defender cares about, and a completed IC layout and reports the number of ways an attacker can add each attack to the design. While the ideal score is zero, practically, our experience is that lower scores correlate with increased attacker effort.
To demonstrate ICAS’ ability to reveal defensive gaps, we analyze over 60 layouts of three real-world hardware designs (a processor and AES and DSP accelerators), protected with existing defenses. We evaluate the effectiveness of each circuit/defense combination against three attacks from the literature. Results show that some defenses are ineffective and others, while effective at reducing the attack surface, leave 10’s to 1000’s of unique attack implementations for an attacker to exploit.
Cyber-physical systems depend on sensors to make
automated decisions. Resonant acoustic injection attacks are
already known to cause malfunctions by disabling MEMS-based
gyroscopes. However, an open question remains on how to move
beyond denial of service attacks to achieve full adversarial
control of sensor outputs. Our work investigates how analog
acoustic injection attacks can damage the digital integrity of a
popular type of sensor: the capacitive MEMS accelerometer.
Spoofing such sensors with intentional acoustic interference
enables an out-of-spec pathway for attackers to deliver chosen
digital values to microprocessors and embedded systems that
blindly trust the unvalidated integrity of sensor outputs. Our
contributions include (1) modeling the physics of malicious
acoustic interference on MEMS accelerometers, (2) discovering
the circuit-level security flaws that cause the vulnerabilities by
measuring acoustic injection attacks on MEMS accelerometers
as well as systems that employ on these sensors, and (3) two
software-only defenses that mitigate many of the risks to the
integrity of MEMS accelerometer outputs.
We characterize two classes of acoustic injection attacks with increasing levels of adversarial control: output biasing and output control. We test these attacks against 20 models of capacitive MEMS accelerometers from 5 different manufacturers. Our experiments find that 75% are vulnerable to output biasing, and 65% are vulnerable to output control. To illustrate end-to-end implications, we show how to inject fake steps into a Fitbit with a $5 speaker. In our self-stimulating attack, we play a malicious music file from a smartphone’s speaker to control the on-board MEMS accelerometer trusted by a local app to pilot a toy RC car. In addition to offering hardware design suggestions to eliminate the root causes of insecure amplification and filtering, we introduce two lowcost software defenses that mitigate output biasing attacks: randomized sampling and 180° out-of-phase sampling. These software-only approaches mitigate attacks by exploiting the periodic and predictable nature of the malicious acoustic interference signal. Our results call into question the wisdom of allowing microprocessors and embedded systems to blindly trust that hardware abstractions alone will ensure the integrity of sensor outputs.