NYU Tandon Becomes a Center of Influence in the World of Hardware Security

Participants in the Annual Embedded Security Challenge Propel the Field Forward

Almost all of us know the importance of keeping our computer software secure: we realize it would be foolhardy to forego virus protection or respond to an overt phishing scam. Fewer of us, however, pay attention to hardware security, simply trusting that our computer chips and other such components do not pose a hazard.

That assumption might have gone unchallenged not too long ago, when microchips were designed and fabricated in-house, under closely guarded conditions. Today, however, with digital blueprints for chips designed in the U.S. being sent to outside foundries in Asia and elsewhere, malefactors have ample opportunity along the supply chain to install malicious “Trojan horse” circuits — thereby threatening our smartphones and computers, and more frighteningly, the systems that run our major utilities, public transportation systems, and nuclear facilities. 

Professor Ramesh Karri speaking at Cyber Security Awareness Week 2017

Professor Ramesh Karri speaking at Cyber Security Awareness Week 2017

Since 2002, when NYU Tandon Professor of Electrical and Computer Engineering Ramesh Karri and his students generated the first research on attack-resilient chip architecture, the school has been at the forefront of this vital field, demonstrating before anyone else that integrated circuits’ test and debug ports could be used by hackers; delivering the first set of invited Institute of Electrical and Electronics Engineers (IEEE) tutorials in hardware security in the U.S.,  Europe, and Latin America; and presenting the first research paper on split manufacturing, a means of thwarting counterfeiting by an untrusted foundry by dividing a chip’s blueprint into several components and distributing each to a different fabricator; among other such accomplishments.

Karri and his colleagues can also count among their accomplishments the fact that several of the top names in the still-specialized field got a boost right here at NYU Tandon.

The 14th annual CSAW games at NYU Tandon continued the tradition of attracting the top young security researchers for three days of contests, learning, and networking with professionals. Rishabh Das (standing) of Team UAH of the University of Alabama, Huntsville, competed in the toughest competition, to find new ways to secure hardware. His team won first place in the Embedded Security Challenge.

Rishabh Das of Team UAH of the University of Alabama, Huntsville, competed in CSAW 2017 to find new ways to secure hardware. His team won first place in the Embedded Security Challenge.

One particularly fertile breeding ground has been the Embedded Security Challenge (ESC), which is held each year as part of Cybersecurity Awareness Week (CSAW). ESC pits NYU Tandon against other institutions in a “red team, blue team” format: Tandon’s team creates encryptions, camouflages, and other defenses that university teams from around the globe attempt to defeat. 

Research developed during ESCs has propelled the entire field of hardware trust, and many past competitors have gone on to important careers of their own, including:

  • Jeyavijayan Rajendran, a National Science Foundation CAREER Award laureate and a tenure-track assistant professor at Texas A&M University, where he leads hardware security efforts;
  • Yier Jin, an associate professor at the University of Florida and the winner of an Outstanding New Faculty Award from the Association of Computing Machinery;
  • Matthew Hicks, an assistant professor in the Computer Science Department at Virginia Tech; and
  • Michail Maniatakos, an assistant professor at NYU Abu-Dhabi and head of the school’s Modern Microprocessor Architectures Lab; to name just a few.

“The areas explored in the ESC are timely and crucial,” Karri explained, giving a recent example of e-voting system architecture. “We’re proud that many of those who have taken part as graduate students are now introducing a whole new generation of students to hardware security and doing groundbreaking research of their own. It’s plain that CSAW and the ESC, which started out as small, local initiatives, are having a significant ripple effect around the world.”

CSAW’s ripples are now radiating even further.

“I participated for several years as a graduate student,” Yier Jin, who researches Internet of Things (IoT) security, explained, “and now, as a faculty member, I send student teams each year to Brooklyn to compete, so the cycle continues.”

Rajendran, who garnered a top prize as a student in 2009 and went on to help run the Challenge from 2010 to 2014, recently co-organized a new competition modeled on the ESC: Hack@DAC –— an event at which participating teams mimic the behavior of a malicious or secure-unaware CAD engineer in order to show that reasonable modifications to CAD algorithms can have unintended security consequences. Helping establish Hack@DAC is NYU Tandon Assistant Professor Siddharth Garg, himself a CAREER Award laureate and winner of Popular Science “Brilliant 10” honors.

“The first Hack@DAC was held at the 2017 Design Automation Conference,” Rajendran said, “and we’re looking forward to the 2018 event being even bigger and better. I hope some of the students who participate will have just as positive an experience as I had at my first CSAW and will go on to further the field in their own ways.” 

In addition to Tandon, CSAW is mounted at NYU Abu Dhabi, France’s Grenoble INP-Esisar, and the Indian Institute of Technology in Kanpur, ensuring that the competition's reach is truly global. David Hely, who teaches at INP-Esisar, says, "The Challenge is a perfect way to get students involved in hardware security with a practical case study. Some students from my institute who took part decided then to do a Ph.D. in this field and are now working in top companies." He continued, "Industry clearly understands that in the coming years they will need increasing numbers of students with deep knowledge in embedded security, so ESC provides a  good opportunity to attract and detect those with high potential." 

Maniatakos explains that those working in hardware security (wherever they are based) constitute a family of sorts – one that can count Karri as something of a patriarch. “He is really a visionary,” Maniatakos says. “He understood the importance of this work before almost anyone, and he spread the word to others. My advisor at Yale was influenced by him, I was influenced in turn, and I’m now influencing a new generation of students. In that way our ‘family’ continues to grow, but we will always be able to trace our roots back to the School of Engineering.”      

Learn more about: Ramesh Karri, Siddharth Garg