Hacking His Way to the Grand Finals

Jeyavijayan Rajendran, a second-year electrical and computer engineering doctoral candidate at Polytechnic Institute of New York University (NYU-Poly), advanced to the final round of the prestigious Association for Computing Machinery (ACM) Student Research Competition. 

Rajendran's work on encryption-based security of integrated circuits puts him and NYU-Poly at the forefront of microchip security at a time when the semiconductor industry, the military and government face a veritable flood of “mystery meat” microchips and other hardware that are typically manufactured abroad. At issue are chips pre-loaded by the manufacturer with malware that can be operated remotely to steal data, perform espionage and compromise systems. 

The U.S. Air Force and other arms of the military are now deeply immersed in untangling this microchip knot partly because the Pentagon doesn’t control who makes components for complex machines that can contain thousands of chips, be they radar or next-generation stealth fighters. Civilian manufacturers face similar supply-chain problems. The semiconductor industry loses an estimated $4 billion per year due to piracy and malware.

Rajendran’s project, "Securing Integrated Circuits through Logic Encryption," focuses on ways to expose weaknesses in hardware encryption defenses and then improve upon them. This work was also presented recently at the ACM/IEEE Design Automation Conference, the leading electronic design automation conference. He explains that his approach is unique in that it allows engineers be “white hat” hackers to essentially pick the locks on devices.

"While there were many efforts in concealing hardware designs through logic obfuscation, we proposed the first attack on these techniques and also came up with defense techniques to thwart our proposed attack," he says. "We used the principles from a different hardware field which focuses on screening hardware for defects." 

Rajendran, who studies at NYU-Poly's Department of Electrical and Computer Engineering (ECE) under Professor Ramesh Karri, says his project borrows from technology used for testing manufacturer defects in microchips, and applies it to testing the strength of security encryption. 

"I basically took those techniques and applied them to create an attack platform for testing security. It's a way to 'attack' a system first by teasing out the 'recipe' from the code that was added to conceal it,” he says. “In the attacker's role, I can see the weak links: I can see which part is difficult to subvert, and which is easy.” 

Also involved in Rajendran's research were Karri; Youngok Pino, an electronics engineer and program manager at the Air Force Research Laboratory (AFRL) Information Directorate in Rome, N.Y.; and Ozgur Sinanoglu, assistant professor of computer engineering at NYU Abu Dhabi. The research was supported by a grant from the AFRL. Rajendran, Karri and Sinanoglu conduct their research in collaboration with the Center for Interdisciplinary Studies in Security and Privacy (CRISSP), which brings together experts in psychology, law, public policy and business from across NYU. CRISSP builds new approaches to security and privacy that recognize that technology alone cannot provide the information security and privacy needed in today’s interconnected world.

Rajendran was one of 20 undergraduate and graduate students from around the world selected during the first round of the competition sponsored by Microsoft Research. He progressed through two more rounds to become one of three winners selected in San Francisco. He now advances to the Grand Finals in June 2013.

Rajendran, who focuses on hardware security and nanoscale architectures, last year also won third place in IT Security in the Kaspersky American Cup at NYU-Poly; the Myron M. Rosenthal Award for Best MS Academic Achievement in the ECE Department, NYU-Poly; and Best Student Paper Award in the IEEE International Conference on VLSI (Very Large Scale Integration) Design, among other honors. He is interning this summer at the Security Center of Excellence, Intel Corporation, Hillsboro, Ore., working on securing tomorrow's processors.