Research Mentor: }}">John A. Chandy
Electronic control systems form the underpinning of most cyber-physical systems, including aircraft, automobiles, and medical infrastructure. The widespread usage of embedded systems makes their security vulnerabilities extremely consequential in terms of their potential impact on safety and functionality. Solutions exist that support confidentiality, integrity, authenticity and non-repudiation in traditional software and network systems. However, these approaches will typically be compromised once physical access to the control system is gained. Unlike normal IT infrastructure, which is protected in secure data centers, embedded systems are often exposed to potential malicious actors with little if any physical security. Hardware tampering is a significant threat and can result in the altering of system functionality, as well exfiltration of critical data/technology/IP.
The key goals are the identification of tamper attacks on a representative embedded system, demonstrated countermeasures, and hardware authentication. Possible attacks include side-channel attacks (power and EM analysis), fault-injection attacks (clock and power glitching), and memory probing. Approaches to address discovered attacks and vulnerabilities may take advantage of existing security features and can be implemented in software. Others may require hardware modifications and a design strategy to incorporate these anti-tamper features. An approach that can minimize tampering is the use of mechanisms to authenticate the hardware - i.e. ensure that the hardware components have been certified and are not from other secondary sources. Physical unclonable functions (PUFs) have been proposed as a technique to allow for unique authentication as well as key generation. All PUFs have reliability and stability concerns that need to be fully evaluated in a real system under normal operating conditions.
Students will investigate multiple approaches for tamper attacks on a representative embedded system. In the process, they will learn about hardware vulnerabilities, secure hardware design strategies, and the security evaluation of embedded systems. Students will develop research skills that will help prepare them for graduate studies and a career in research. In addition, new anti-tamper techniques and approaches have the potential for publication in conferences and journals.