With the proliferation of ubiquitous computing and advancements in artificial intelligence, completely autonomous cyber-physical systems are becoming pervasive. From thermostats and voice assistants, to drones and vehicles, cyber-physical systems often blindly trust a collection of sensors and microprocessors to autonomously execute decisions. From design to deployment, my dissertation takes a red-team/blue-team approach to explore how autonomous cyber-physical systems can be attacked and defended through the foundational hardware they rely on. In doing so, my research aims to increase the trustworthiness and reliability of the autonomous systems entangled in our lives.
Please click on each project to find more details and links to open-source code.
Since the inception of the integrated circuit (IC), the size of the
transistors used to construct them continually shrink. While this
advancement significantly improves computing capability, the associated
massive complexity forces IC designers to outsource fabrication. Outsourcing
presents a security threat: comprehensive post-fabrication inspection is
infeasible given the size of modern ICs, thus it is nearly impossible to know
if the foundry has altered your design during fabrication (i.e., inserted a
hardware Trojan). Defending against a foundry-side adversary is challenging
because—with as little as two gates—hardware Trojans can completely undermine
software security. Prior work attempts to both detect and prevent such foundry-side
attacks, but all existing defenses are ineffective against the most advanced
Defensive Routing (DR) is a preventive layout-level defense against untrusted foundries, capable of thwarting the insertion of even the stealthiest hardware Trojans. DR is directed and routing-centric: it prevents foundry-side attackers from connecting rogue wires to security-critical wires by shielding them with guard wires. Unlike shield wires commonly deployed for cross-talk reduction, DR guard wires present an additional technical challenge: they must be tamper-evident in both the digital and analog domains. To address this challenge, we present two different categories of guard wires: natural and synthetic. Natural guard wires are comprised of pre-existing wires that we route adjacent to security-critical wires, while synthetic guard wires are added to the design specifically to protect security-critical wires. Natural guard wires require no additional hardware and are digitally tamper-evident. Synthetic guard wires require additional hardware, but are tamper-evident in both the digital and analog domains.
The transistors used to construct Integrated Circuits (ICs) continue
to shrink. While this shrinkage improves performance and density,
it also reduces trust: the price to build leading-edge fabrication
facilities has skyrocketed, forcing even nation states to outsource
the fabrication of high-performance ICs. Outsourcing fabrication
presents a security threat because the black-box nature of a fabricated
IC makes comprehensive inspection infeasible. Since prior
work shows the feasibility of fabrication-time attackers’ evasion of
existing post-fabrication defenses, IC designers must be able to protect
their physical designs before handing them off to an untrusted
foundry. To this end, recent work suggests methods to harden IC
layouts against attack. Unfortunately, no tool exists to assess the
effectiveness of the proposed defenses—meaning gaps may exist.
We present an extensible IC layout security analysis tool called IC Attack Surface (ICAS) that quantifies defensive coverage. For researchers, ICAS identifies gaps for future defenses to target, and enables the quantitative comparison of existing and future defenses. For practitioners, ICAS enables the exploration of the impact of design decisions on an IC’s resilience to fabrication-time attack. ICAS takes a set of metrics that encode the challenge of inserting a hardware Trojan into an IC layout, a set of attacks that the defender cares about, and a completed IC layout and reports the number of ways an attacker can add each attack to the design. While the ideal score is zero, practically, our experience is that lower scores correlate with increased attacker effort.
Billions of accelerometers reside inside smartphones, automobiles, medical devices, anti-theft devices, drones, IoT devices, and many other industrial and consumer applications. My work investigates how analog acoustic injection attacks can damage the digital integrity of the capacitive MEMS accelerometer. Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems that blindly trust the unvalidated integrity of sensor outputs. The contributions of my work include (1) modeling the physics of malicious acoustic interference on MEMS accelerometers, (2) discovering the circuit-level security flaws that cause the vulnerabilities by measuring acoustic injection attacks on MEMS accelerometers as well as systems that employ on these sensors, and (3) two software-only defenses that mitigate many of the risks to the integrity of MEMS accelerometer outputs.
In the modern domain of computing, Nation State Adversaries
(NSAs), are often characterized as having the most
resources, researchers, and legal authority. We investigate
a hypothetical attack vector an NSA could use to gain
widespread access to modern communications and web services.
We present the scenario in which an NSA has obtained superuser
privileges on a fraction of the host machines of a cloud
service provider. Specifically, we investigate how an NSA
can subvert a virtual machine’s Random Number Generator (RNG) to
produce deterministic outputs via the hypervisor.
In this paper we describe our attack prototype against the Linux 4.4.6 kernel. Our attack subverts reads from /dev/random and /dev/urandom and allows an attacker to produce a deterministic byte stream. We extend this attack to work against user space RNGs, specifically the OpenSSL RNG which is used by modern web servers such as Apache2 and NGINX. Finally, we describe a detection scheme for the Linux RNG and discuss how we can extend the scheme to work against this class of attacks.
In many enterprise environments, network traffic introspection is a necessity. To make
this possible, current implementations man-in-the-middle all network traffic using a
technique known as split TLS. This has many drawbacks, including breaking the fundamental
notion of end-to-end encryption. In this project we present UbiCrypt, an
alternative to split TLS, which maintains end-to-end encryption, while still allowing
trusted introspection on local network traffic. UbiCrypt provides a mechanism to securely
leak ephemeral session encryption keys to a trusted gateway. UbiCrypt is easily
deployable as it only requires software modifications and additions to the client and
trusted gateway, not endpoint servers, which may not be owned by the enterprise.
UbiCrypt was demonstrated using the QUIC protocol and its implementation in the publicly available Chromium source code. To add client support, we made slight modifications to the QUIC client code and added an external software module. To add gateway support, we built a prototype using iptables, a Linux firewall kernel application. We evaluated Ubicrypt using a virtual network topology, built using minimega, a virtual machine (VM) management tool. We demonstrate that Ubicrypt is practical by loading a small (1.6KB) webpage, showing that the overhead observed when using UbiCrypt was very similar to the overhead observed when using split TLS, 45.08 and 39.00 milliseconds respectively