Publications

Inspiring trust in outsourced integrated circuit fabrication

May 15, 2017

Siddharth Garg

The fabrication of integrated circuits (ICs) is typically outsourced to an external semiconductor foundry to reduce cost. However, this can come at the expense of trust. How can a designer ensure the integrity of the ICs fabricated by an external foundry? The talk will discuss a new approach for inspiring trust in outsourced IC fabrication by complementing the untrusted (outsourced) with an IC fabricated at a low-end but trusted foundry. This approach is referred to as split fabrication. We present two different ways in which split fabrication can be used to enhance security: logic obfuscation and verifiable ASICs.

A game-theoretic analysis of label flipping attacks on distributed support vector machines

May 15, 2017

Rui Zhang and Quanyan Zhu

Distributed machine learning algorithms play a significant role in processing massive data sets over large networks. However, the increasing reliance on machine learning on information and communication technologies makes it inherently vulnerable to cyber threats. This work aims to develop secure distributed algorithms to protect the learning from adversaries. We establish a game-theoretic framework to capture the conflicting goals of a learner who uses distributed support vector machines (DSVM) and an attacker who is capable of flipping training labels.

Minimax robust optimal control of multiscale linear-quadratic systems

May 15, 2017

Hamza Anwar and Quanyan Zhu

With a growing system complexity in the IoT framework, many networked cyber-physical systems work in a hierarchical fashion. Layers of information outputs and command inputs are available. An active area of research is in optimizing the design of policies and control command that influence information flow for such multi-layered systems. Our focus in current research is to first formulate the control command flow for hierarchical systems in the form of multiscale state-space models on a tree, and then the design of an optimal control law under constraints that relate the states of information across the system layers. We propose a game-theoretic formulation of a robust optimal controller for the broad class of multiscale systems having underlying hierarchical structure.

What to Lock?: Functional and Parametric Locking

May 12, 2017

Muhammad Yasin, Abhrajit Sengupta, Benjamin Carrion Schafer, Yiorgos Makris, Ozgur Sinanoglu and Jeyavijayan (JV) Rajendran

Logic locking is an intellectual property (IP) protection technique that prevents IP piracy, reverse engineering and overbuilding attacks by the untrusted foundry or end-users. Existing logic locking techniques are all based on locking the functionality; the design/chip is nonfunctional unless the secret key has been loaded. Existing techniques are vulnerable to various attacks, such as sensitization, key-pruning, and signal skew analysis enabled removal attacks. In this paper, we propose a tenacious and traceless logic locking technique, TTlock, that locks functionality and provably withstands all known attacks, such as SAT-based, sensitization, removal, etc. TTLock protects a secret input pattern; the output of a logic cone is flipped for that pattern, where this flip is restored only when the correct key is applied. Experimental results confirm our theoretical expectations that the computational complexity of attacks launched on TTLock grows exponentially with increasing key-size, while the area, power, and delay overhead increases only linearly.

The Need for Declarative Properties in Digital IC Security

May 12, 2017

Mohamed El Massad, Frank Imeson, Siddharth Garg and Mahesh Tripunitara.

We emphasize the need to articulate precise, declarative properties in the context of securing Digital ICs. We do this by discussing two pieces of our work on securing Digital ICs. In one, we discuss a seemingly compelling approach to protecting Intellectual Property — IC camouflaging. We demonstrate that an adversary can carry out a decamouflaging attack, in practice, much more efficiently than previously thought. Underlying our attack is strong foundations: an identification of the computational-complexity of the problems an attacker faces, and how they can be addressed using off-the-shelf constraint solvers. We identify the lack of a precise characterization of “security” in this context as an issue. In the other piece of work, we present an example of the articulation of such a security property for 3D IC technology, in the context of securing a supply-chain. The property is articulated declaratively, with explicit assumptions that underlie the threat model.

On the Difficulty of Inserting Trojans in Reversible Computing Architectures

May 2, 2017

Xiaotong Cui, Samah Saeed, Alwin Zulehner, Robert Wille, Rolf Drechsler, Kaijie Wu and Ramesh Karri

Fabrication-less design houses outsource their designs to 3rd party foundries to lower fabrication cost. However, this creates opportunities for a rogue in the foundry to introduce hardware Trojans, which stay inactive most of the time and cause unintended consequences to the system when triggered. Hardware Trojans in traditional CMOS-based circuits have been studied and Design-for-Trust (DFT) techniques have been proposed to detect them.
Different from traditional circuits in many ways, reversible circuits implement one-to-one, bijective input/output mappings. We will investigate the security implications of reversible circuits with a particular focus on susceptibility to hardware Trojans. We will consider inherently reversible circuits and non-reversible functions embedded in reversible circuits.

Proactive Population-Risk Based Defense Against Denial of Cyber-Physical Service Attacks

May 1, 2017

Jeffrey Pawlick and Quanyan Zhu

—While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, DDoS attacks work by overflowing the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be used to launch a “physical” denial-ofservice attack (PDoS) in which IoT devices overflow the “physical bandwidth” of a CPS. In this paper, we quantify the populationbased risk to a group of IoT devices targeted by malware for a PDoS attack. To model the recruitment of bots, we extend a traditional game-theoretic concept and create a “Poisson signaling game.” Then we analyze two different mechanisms (legal and economic) to deter botnet recruitment.

Towards Reverse Engineering Reversible Logic

April 27, 2017

Samah Mohamed Saeed, Xiaotong Cui, Robert Wille, Alwin Zulehner, Kaijie Wu, Rolf Drechsler, and Ramesh Karri

Reversible logic has two main properties. First, the number of inputs is equal to the number of outputs. Second, it implements a one-to-one mapping; i.e., one can reconstruct the inputs from the outputs. These properties enable its applications in building quantum computing architectures.

Frontispiece: Protection of Endogenous Thiols against Methylmercury with Benzimidazole-Based Thione by Unusual Ligand-Exchange Reactions

April 25, 2017

Mainak Banerjee, Ramesh Karri, Ashish Chalana,Ranajit Das, Rakesh Kumar Rai, Kuber Singh Rawat, Dr. Biswarup Pathak and Dr. Gouriprasanna Roy

The cytotoxicity of MeHg+ species is shown through strong binding with endogenous thiols such as cysteine (CysH) and glutathione (GSH) to form MeHgCys and MeHgSG complexes. A novel benzimidazole-based thione molecule with N-CH2CH2OH substituent has been discovered, which exhibits remarkable effect in converting MeHgCys and MeHgSG to water-soluble HgS snanoparticles and releases the corresponding free thiol (CysH or GSH) via unusual ligand exchange reactions.

A Game-Theoretic Approach to Secure Control of Communication-Based Train Control Systems Under Jamming Attacks

April 21, 2017

Zhiheng Xu and Quanyan Zhu

To meet the growing railway-transportation demand, a new train control system, communication-based train control (CBTC) system, aims to maximize the ability of train lines by reducing the headway of each train. However, the wireless communications expose the CBTC system to new security threats. Due to the cyber-physical nature of the CBTC system, a jamming attack can damage the physical part of the train system by disrupting the communications. To address this issue, we develop a secure framework to mitigate the impact of the jamming attack based on a security criterion. At the cyber layer, we apply a multi-channel model to enhance the reliability of the communications and develop a zero-sum stochastic game to capture the interactions between the transmitter and jammer. We present analytical results and apply dynamic programming to find the equilibrium of the stochastic game. Finally, the experimental results are provided to evaluate the performance of the proposed secure mechanism.

Electric power dependent dynamic tariffs for water distribution systems

April 21, 2017

Varghese Kurian, Juntao Chen and Quanyan Zhu

Peak time water demands cause significant burden to the utility providers in terms of pumping loads. Its coincidence with the peak hours of electricity consumption makes the situation worse. In this paper, we bring forth the requirement as well as the viability of implementing time-varying tariffs in the ‘smart water systems’.We present the problem of finding the optimal tariffs as a Stackelberg game between the utility provider and the consumers of water. Further, we propose an algorithm that iterates between the suppliers problem and the consumers problem for finding the optimal tariffs along with a demonstration of its applicability on a small system.

Optimizing Mission Critical Data Dissemination in Massive IoT Networks

April 19, 2017

Muhammad Junaid Farooq , Hesham ElSawy , Quanyan Zhu  and Mohamed-Slim Alouini.

Mission critical data dissemination in massive Internet of things (IoT) networks imposes constraints on the message transfer delay between devices. Due to low power and communication range of IoT devices, data is foreseen to be relayed over multiple device-to-device (D2D) links before reaching the destination.The coexistence of a massive number of IoT devices poses a challenge in maximizing the successful transmission capacity of the overall network alongside reducing the multihop transmission delay in order to support mission critical applications.

Physical Intrusion Games – Optimizing Surveillance by Simulation and Game Theory

April 12, 2017

Stefan Rass , Ali Alshawish , Mohamed Amine Abid , Stefan Schauer , Quanyan Zhu and Hermann de Meer.

The protection of cyber-physical networks is a topic of increasing importance. The evolution of IT (cyber) systems that control and supervise the underlying physical system has grown over decades, whereas security has not become a concern until quite recently. Advanced persistent threats (APTs) have proven to be a difficult but significant challenge for practitioners. This work adopts a game-theoretic modeling of APTs and applies it to the (sub)problem of physical intrusion in an infrastructure. The gap between defining a good theoretical model and practically instantiating it is considered in particular. The model description serves to illustrate what is needed to put it into practice. The main contribution of this article is the demonstration of how simulation, physical understanding of an infrastructure, and theoretical methods can be combined towards a practical solution to the physical intrusion avoidance problem.

MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems

April 6, 2017

Aditi Roy, Nasir Memon and Arun Ross

This paper investigates the security of partial fingerprint-based authentication systems, especially when multiple fingerprints of a user are enrolled. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. Further, in some cases, the user is allowed to enroll multiple fingers, and the impressions pertaining to multiple partial fingers are associated with the same identity (i.e., one user). A user is said to be successfully authenticated if the partial fingerprint obtained during authentication matches any one of the stored templates. This paper investigates the possibility of generating a “MasterPrint”, a synthetic or real partial fingerprint that serendipitously matches one or more of the stored templates for a significant number of users.

X-Platform Phishing: Abusing Trust for Targeted Attacks

April 6, 2017

Hossein Siadati, Toan Nguyen and Nasir D. Memon

Anti-phishing techniques intended to reduce the delivery rate of phishing emails, and anti-phishing trainings meant to decrease the phishing click-through rates. This paper presents the X-Platform Phishing Attack, a deceptive phishing attack with an alarmingly high delivery and click-through rates, and highlights a subset of the challenges that existing anti-phishing methods have fallen short to address. In this attack, an attacker embeds a malicious link within a legitimate message generated by a service provider. This attack can bypass the existing anti-phishing filters because the attacker uses the email ID of a reputable service provider to generate a seemingly legitimate email. This attack is irresistible for users to click on for a similar reason. For this, the attackers use email-based messaging and notification mechanisms such as friend requests, membership invitations, status updates, and customizable gift cards to embed and deliver phishing links to their targets. We have tested the delivery and click-through rates of this at- tack based on customized phishing emails tunneled through GitHubs pull-request mechanism. We observed that 100% of X-Platform Phishing emails passed the anti-phishing systems and were delivered to the inbox of the target subjects. All of the participants clicked on phishing messages, and in some cases, forwarded the message to other project collaborators and they also clicked on the phishing links in turn.

Tools for Automated Analysis of Cybercriminal Markets

April 6, 2017

Sadia Afroz, Rebecca Sorla Portnoff, Greg Durrett, Jonathan Kummerfeld, Damon McCoy, Kirill Levchenko, and Vern Paxson

Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, and criminal services. These forums contain important resources for understanding cybercrime. However, the number of forums, their size, and the domain expertise required to understand the markets makes manual exploration of these forums unscalable. In this work, we propose an automated, top-down approach for analyzing underground forums.

Secure 3D Printing: Reconstructing and Validating Solid Geometries using Toolpath Reverse Engineering

April 2, 2017

Nektarios Georgios Tsoutsos, Homer Gamil and Michail Maniatakos

As 3D printing becomes more ubiquitous, traditional centralized process chains are transformed to a distributed manufacturing model, where each step of the process can be outsourced to different parties. Despite the countless benefits of this revolutionary technology, outsourcing parts of the process to potentially untrusted parties raises security concerns, as malicious design modifications can impact the structural integrity of the manufactured 3D geometries. To address this problem, we introduce a novel compiler that allows reverse engineering G-code toolpaths (i.e., machine commands describing how a geometry is printed) to reconstruct a close approximation of the original 3D object. Our framework then uses Finite Element Analysis to simulate the reconstructed object under different stress conditions and validate its structural integrity, without requiring a golden model reference.

Logic Locking for Secure Outsourced Chip Fabrication: A New Attack and Provably Secure Defense Mechanism

March 29, 2017

Mohamed El Massad, Jun Zhang, Siddharth Garg, and Mahesh V. Tripunitara

Chip designers outsource chip fabrication to external foundries, but at the risk of IP theft. Logic locking, a promising solution to mitigate this threat, adds extra logic gates (key gates) and inputs (key bits) to the chip so that it functions correctly only when the correct key, known only to the designer but not the foundry, is applied. In this paper, we identify a new vulnerability in all existing logic locking schemes.