2022 RHEST Projects

In Summer 2023, Research Experiences for Undergraduates in Hardware and Embedded Systems, Security, and Trust (RHEST) will offer six projects:

• Project 1: Robust Deep-learning-based Side-Channel Attacks
• Project 2: Firmware Reverse Engineering for Trojan Detection on FPGAs
• Project 3: Automatically Detecting Vulnerabilities in Source Code against Fault Injection Attacks
• Project 4: System-on-Chip Emulation for Run-Time Security Validation
• Project 5: Efficient Countermeasures against Side-Channel Attacks on Embedded Deep Learning
• Project 6: Detection of Accelerated Aging Attacks on Integrated Circuits Using On-Chip Neuromorphic Computing

The description of each project is listed below. Each project will require 1–2 students. Each applicant will need to indicate their top three research projects he/she is interested in the application.

Project Advisors: Drs. Boyang Wang and John M Emmert

Background. A side-channel attack can infer the secret key on a device (e.g., a microcontroller) by analyzing power consumption or electromagnetic emission when the device runs encryption algorithms, such as Advanced Standard Encryption. While countermeasures (e.g., random delays, hiding, and masking) have been proposed to defend against traditional side-channel attacks, including Differential Power Analysis and Correlation Power Analysis, recent deep-learning-based side-channel attacks can defeat these existing countermeasures. Despite the promising results reported in recent studies, deep-learning-based side-channel attacks are not robust as they are sensitive to discrepancy between training data and test data due to different attack setups in the real world. For instance, a deep neural network trained by power traces generated by one defense (e.g., random delays) does not derive high accuracy in recovering a secret key when test power traces are produced by a different defense (e.g., masking).

Project Goal. The goal of this project is to build a deep neural network that is robust (i.e., achieving high accuracy) when training data and test data are significantly different. The students will (1) examine multiple deep neural network models, e.g., Convolutional Neural Networks and Recursive Neural Networks, in side-channel attacks and experimentally compare which neural network is more robust over different datasets; (2) leverage data augmentation methods to produce additional synthetic training data to mitigate the discrepancy between training data and test data.

Project Advisors: Drs. John M Emmert and Boyang Wang

Background. The designs of commercial Field Programmable Gate Arrays (FPGAs) often include third-party intellectual properties (IPs). These third-party IPs can be in the form of hard coded and obfuscated modules that are inserted into primary product code or firmware. It is possible for untrusted agents/entities to compromise the integrity of third-party IPs without end users’ knowledge by adding Trojan circuits. The hidden Trojan circuits can be utilized to leak sensitive information, degrade the capability of the application running on an FPGA, or turn off the application running on an FPGA.

Project Goal The goal of this project is to further develop a generalizable, target-independent, and standardized framework to reverse engineer FPGA bitstreams to detect Trojan circuits in third-party IPs. The student will leverage bitstream download and read-back capabilities available on FPGAs (IEEE Joint Test Action Group 1149.x compliant) to develop a technology-independent framework to load and extract programming data to and from FPGA bitstream files. Specifically, the student will enhance a logic-to-bitstream mapping flow to create an interconnected sea of Look Up Tables, which is correlated with the FPGA programming bit file. To map FPGA logic to bitstreams, the students will utilize binary patterns to systematically match portions of FPGA programmable logic fabric to the programming bit file. The students will also optimize the binary patterns to minimize the number of bitstream downloads required to reverse engineer key portions of FPGA logic.

Project Advisors: Drs. Nan Niu, Will Hawkins, and Boyang Wang

Background. A fault injection attack (also referred to as glitch attack) is a physical attack on data and behavior of an embedded device by changing the voltage, temperature or electromagnetic radiation. For example, it takes one fault to change a Boolean value from 0 to 1 (or 1 to 0) to bypass secure boot, extract a secret key, or extract firmware from an embedded device. To mitigate fault injection attacks, one effective way at the software layer is to write secure code that is more robust against the attacks. For instance, Boolean values in an if statement (e.g., if (flag == 0)) can be easily modified by fault injection attacks while using non-trivial numerical values (e.g., if (flag == 0x3CA5)) can make the attacks more difficult.

Project Goal. The goal of this project is to develop an automatic method to detect lines in C code that are vulnerable under fault injection attacks. The students will (1) study secure code patterns; (2) leverage static program analysis (e.g., control flow graph) and tools (e.g., ANTLR and Joern) to automatically identify vulnerabilities.

Project Advisor: Dr. Ranga Vemuri

Background. Modern System-on-Chip (SoC) designs involve combining various intellectual property (IP) components with complex communication infrastructure and protocols. Due to economics of design, verification, fabrication, testing, and integration, SoC supply chain is distributed over multiple companies and even countries. Throughout the lifecycle of the design, various security vulnerabilities can be introduced into the design. These vulnerabilities result from design flaws in the IP cores or protocols, malicious add-ons in the third party IP cores, defects introduced during the manufacturing process, and malicious insertions at untrusted foundries. The security validation of SoCs is essential due to their adoptions in critical applications and devices. Information flow properties are essential to identify security vulnerabilities in SoC designs. However, verifying information flow properties, such as integrity and confidentiality, is challenging, as these properties cannot be handled directly using traditional assertion-based verification techniques.

Project Goal. The goal of this project is to develop an FPGA platform for SoC emulation with the specific objective of implementing and demonstrating run-time security monitors based on information flow tracking. The students will investigate two novel approaches, including a universal method and a property-driven method, to verify and monitor information flow properties. Both methods can be leveraged for formal verification, dynamic verification during simulation, post-fabrication validation, and run-time monitoring. In addition, the universal method can expedite implementing the information flow model. The property-driven method can reduce the overhead of the security model, which speeds up the verification process and creates an efficient run-time hardware monitor.

Project Advisors: Dr. Boyang Wang and Anca Ralescu

Background. Embedded deep learning runs the predictions of a neural network locally on embedded devices (e.g., microcontrollers). Compared to traditional server-based approaches, it eliminates network delay and reduces bandwidth consumption. Embedded deep learning has gained popularity in many emerging applications, such as voice recognition and autonomous vehicles. However, recent studies show that an attacker can recover the parameters of a neural network deployed on embedded systems by leveraging side-channel attacks. The parameters are considered as private intellectual properties because a company often spends enormous amounts of resources and efforts to label data and fine-tune the parameters. While traditional countermeasures against side-channel attacks, such as hiding and masking, can be directly applied to protect these intellectual properties, they introduce significant overheads. Specifically, as a neural network contains millions of parameters, hiding/masking all the parameters dramatically increase time delay and power consumption on embedded devices.

Project Goal. The goal of this project is to develop an efficient countermeasure against side-channel attacks on embedded deep learning. The main idea is to selectively protect more important parameters rather than protecting all of them. Specifically, the students will first investigate methods (e.g., neuron ranking) to identify which neurons and their corresponding parameters are more significant than others. Next, the students will apply hiding/masking to the parameters of top-ranked neurons only.

Project Advisor: Dr. Rashmi Jha

Background. Aging and reliability issues in microelectronics Integrated Circuits (ICs) based on advanced Complementary Metal Oxide Semiconductor (CMOS) technologies are becoming a topic of major concerns. The aging of ICs is dependent on the operating conditions which makes it very difficult to have a standard technique to predict. Additionally, the variabilities of ICs, temperature, and voltage make it difficult to predict the aging and remaining useful life of circuits accurately. Since aging introduces a major vulnerability, attackers can also exploit this vulnerability to cause accelerated aging. The existing techniques based on critical path delay monitoring, ring-oscillators, and Built-In Self-Test based monitoring introduce significant overheads. In addition, they are not able to distinguish differences between normal aging and accelerated aging introduced by Trojan insertions.

Project Goal. The goal of this project is to enable on-chip machine-learning-based analysis over data from aging sensors to distinguish normal aging (benign) from accelerated aging (malicious) introduced by Trojan insertions. Typically, the implementation of on-chip machine learning is a challenging task due to limited resources on chips. The students will address this challenge by implementing machine learning using Resistive Random Access Memory (RRAM) based neuromorphic hardware. Next, the students will integrate the hardware on pre-fabricated ICs leveraging heterogeneous integration techniques and utilize it to analyze remaining useful life of ICs based on data from aging sensors.