Hardware Security

At this point, it is universally accepted that software must be protected from viruses and other cyberattacks. Hardware is another story. Even seasoned developers tend to assume that hardware components, such as CPUs, storage devices, and chips, present few dangerous vulnerabilities. 

That assumption might have gone unchallenged not too long ago, when microchips were designed and fabricated in-house under closely guarded conditions. Today, however, when  digital blueprints for chips designed in the U.S. are being sent to outside foundries in Asia and elsewhere, malefactors have ample opportunity along the supply chain to install malicious “Trojan horse” circuits. Such actions not only threaten our smartphones and computers,  but, more frighteningly, the cyber-physical systems that run our major utilities, public transportation systems, and nuclear facilities.

NYU Tandon has long been a hub for hardware-security research, and numerous faculty members are working on ways to make the physical elements of our computing systems impervious to attack.

In 2002, Professor of Electrical and Computer Engineering Ramesh Karri and his students generated the first research on attack-resilient chip architecture, demonstrating before anyone else that hackers can use integrated circuits’ test and debug ports.

Karri, widely considered a seminal figure in the hardware-security field, later delivered the first set of invited Institute of Electrical and Electronics Engineers (IEEE) tutorials in hardware security in the U.S., Europe, and Latin America, and presented the first research paper on split manufacturing, a means of thwarting counterfeiting by an untrusted foundry by dividing a chip’s blueprint into several components and distributing each to a different fabricator.

In 2023, Karri, a cofounder of the NYU Center for Cybersecurity (CCS), was among a select group of researchers honored by Intel for work advancing modern computing and exhibiting fundamental insights, industry relevance, and technical complexity. Intel cited a recent project in which Karri and his team focused on boosting system-on-a-chip survivability. If a vulnerability is discovered in software, it’s easy to provide a patch, but that is not the case with hardware; any vulnerability must be discovered before the chip is actually fabricated. To mitigate that situation, Karri created innovative “Patching Blocks” architecture, which leverages field-programmable gate arrays to monitor security bugs and perform corrective actions that support in-field device survivability.

Among other contributions to the field, Karri pioneered the technique of microchip camouflaging, a tactic to prevent reverse engineering, piracy, and tampering: Siddharth Garg, who oversees Tandon’s EnSuRe (Energy-Aware, Secure and Reliable Computing) research group and is also a member of CCS, later refined the technique. Garg discovered that, despite the belief that a chip’s camouflaged logic gates could withstand any attempt at hacking, they could actually be reverse-engineered in mere minutes. He subsequently introduced a novel camouflaging scheme in which the functionality of a chip is dependent on small fluctuations in the concentration of impurities with which the silicon is doped, In doing so, it makes the optical tools used for reverse-engineering (or “de-layering”) ineffective.

In 2016, when Garg was named by Popular Science as one of the “brilliant 10” group of early career researchers of the year, the award cited the advancements he had made in split manufacturing.  

“It might sound like the premise of a bad supervillain flick, but it’s all too feasible: Hackers can tweak a microchip so when a certain trigger occurs, it throws open the gates for attackers to commandeer — or destroy — the device in which that chip is embedded,” the magazine’s editors wrote. “All it takes is one saboteur at the factory, and you’ve got the kind of scenario no one (particularly the Department of Defense) wants to consider.”

Garg’s work, built upon previous split-manufacturing techniques, uses high-level algorithms, rather than splitting and reassembling components randomly to ensure a higher level of security without increasing costs. In addition, because potential hackers were denied an intact chip to copy, the technique prevented corporate espionage and theft of intellectual property. 

Garg and his collaborators have also been celebrated for a technique known as verifiable computing (VC), a method that can validate whether a chip works as originally designed, or has been compromised by backdoors during the manufacturing process. His solution involves embedding a module in the chip that proves that its calculations are correct. Then, a second module — an ASIC (application-specific integrated circuit), whose sole job is to validate the proofs generated by the first — can be fabricated separately by a trusted foundry. Besides providing a high degree of security, the VC arrangement can reduce the time, energy, and chip area needed to generate proofs.

Farshad Khorrami, a professor in NYU Tandon’s Electrical and Computer Engineering department and a CCS member, has worked with Karri and research scientist Prashanth Krishnamurthy to create algorithms for detecting Trojans — deliberate flaws inserted into chips during fabrication — based on the short-term aging phenomena in transistors. The researchers have created a novel testbed that involves Trojan-free and Trojan-infected variants of multiple circuits for use throughout the hardware security community.

Global Network Professor of Electrical and Computer Engineering Ozgur Sinanoglu, a member of CCS who also serves as the director of the Design-for-Excellence Lab at NYU Abu Dhabi, is working towards creating an “unhackable” chip. The product utilizes a secret key that makes it virtually impossible to access and that functions only for authorized users.

Sinanoglu expects the logic-locking innovation to be useful on any digital chip, across industries, with particular application in such mission-critical areas, such  as national defense.

Whether it’s personal messages, health data, financial transactions, or confidential business communications, encryption plays a pivotal role in maintaining privacy and ensuring the integrity of our digital interactions. Typically, data encryption protects data in transit: it’s locked in an encrypted “container” for transit over potentially unsecured networks, then unlocked at the other end, by the other party for analysis. But outsourcing to a third-party is inherently insecure.

Assistant Professor in the Department of Electrical and Computer Engineering Brandon Reagen, a member of the NYU Center for Cybersecurity, focuses his research on designing specialized hardware accelerators for applications including privacy preserving computation. His research is proving that the future of computing can be privacy-forward while making huge advances in information processing and hardware design.

Reagen’s work focuses on building the hardware and software necessary to do all of your computer work — from basic apps to complicated algorithms — fully encrypted, from beginning to end.

Khorrami was recently named principal investigator on a United States Department of Energy-funded project dubbed Digital Twin for Security and Code Verification (DISCOVER). Khorrami and his colleagues will leverage a virtual simulation (or digital twin) of real-world operational technology systems used in the energy industry, such as industrial control systems and programmable logic controllers in order to analyze and evaluate updates before they are deployed to actual devices. "Current cyber defenses can't necessarily catch stealthy malware in critical systems before deployment, potentially leaving a window open for bad actors to access our energy infrastructure," said Khorrami. "Our digital twin approach aims to shut that window.”

DISCOVER is just one of a long string of Tandon initiatives to develop technologies that strengthen critical energy infrastructure. Khorrami, Krishnamurthy, and Karri have collaborated, for example, on a project called Tracking Real-time Anomalies in Power Systems (TRAPS), with the aim of detecting cyber intrusions more quickly and automatically blocking access to control functions. 

Camera doorbells that let you see who’s there before answering, smart TVs that allow you to browse the web, refrigerators that alert you when you’re out of milk — connected devices have been a boon to consumers in recent years, but as Assistant Professor Danny Yuxing Huang warns, they also invade your privacy in ways you might not have considered before purchasing them.

“We’ve all had the experience of searching on-line for a pair of sneakers, for example, only to be inundated with dozens of sneaker ads the following week,” he has said. “That might seem innocuous, but what if you were looking up the side effects of a prescribed drug? Would you want an unknown third party gaining information about your medical conditions?”

To alert users to those possibilities and allow them to make informed choices, Huang has helped develop an open-source IoT tracker that anyone can download to inspect their home network and identify privacy, security, and performance problems associated with their IoT devices.

In addition to the individual achievements of faculty members, several of the top names in this still-specialized field got a boost right at NYU Tandon.

One particularly fertile proving ground has been the Embedded Security Challenge (ESC), a competition that has been held each year since 2008 as part of the CSAW: Cybersecurity Games and Conference. After Tandon students create a set of encryptions, camouflages, and other defenses to defeat, ESC pits participants from institutions around the globe in a “red team, blue team” format. 

Research developed during ESCs has propelled the entire field of hardware trust, and many past competitors have gone on to important careers of their own.

ESC has been a vital part of a National Science Foundation-supported network called Trust-Hub, which has led the way in connecting knowledge and solutions on trustworthiness issues. The network includes multiple universities that partner to develop and maintain the digital clearinghouse and community-building site, where researchers exchange papers, hardware platforms, source codes, and tools. Those tools include “trust benchmarks” — blueprints of microchips infected with hardware Trojans — that can be used as examples when building electronic design automation tools.

Trust-Hub’s strength lies in being collaborative and open; if a researcher can consult a database listing hundreds of ways to attack hardware with examples of each, it offers a consistent way to measure the quality of their own detection and prevention methods.  To keep that knowledge proprietary, Trust-Hub contributors say, is like hiding the key to a house under the doormat and hoping a burglar doesn’t look there.

With Additive Manufacturing (AM) — commonly known as 3D printing —  being used to produce components for vital industrial products, like airplanes and medical devices, detecting defects in those printed parts early on could be a matter of life and death. Nikhil Gupta, professor of mechanical and aerospace engineering, CCS member, and director of the Composite Materials and Mechanics Laboratory at NYU Tandon, is working on new ways to monitor and protect the process.

Professor Muhammad Shafique, who heads the school’s eBRAIN laboratory and collaborates with CCS faculty, is engaged in a variety of projects involving the security and reliability of deep neural network (DNN) hardware architectures, the use of generative AI to create secure hardware, leveraging machine learning to detect malware, exploring secure quantum computing, and security and privacy issues posed by machine learning in autonomous systems.

Even first-year Tandon students can learn to design secure, efficient chips as members of the NYU Processor Design Team, which is part of the school’s multi-semester, multi-disciplinary Vertically Integrated Projects (VIP) initiative. The team aims to create innovative chips from initial ideation through logic design, verification, synthesis, layout, and, finally, manufacturing and validation in real silicon.

Their research is making plain that there’s no cybersecurity without hardware security.