Ramesh Karri

NYU researchers have identified a new material-level security risk in an emerging medical technology known as labs-on-chips, miniature devices that perform multiple laboratory tests on tiny fluid samples like blood droplets.

A team led by NYU Abu Dhabi and the NYU Center for Cybersecurity (CCS) found that in one type of these devices, called flow-based microfluidic biochips (FMBs), the crucial microscopic valves responsible for controlling the fluid flow could be subtly altered at the material level by doping reactive chemicals or stealthily altering the chemical composition during manufacturing. These microvalves are critical for the integrated microfluidic circuitry, as they precisely manipulate fluids for a bio-protocol via deforming under pneumatic pressure.

The researchers found that stealthy tampering can be achieved by introducing harmful chemicals or by altering the associated chemical composition, which significantly changes the energetics of the microvalve deformation. The tampered valves look normal under a microscope but can be triggered to rupture when exposed to deliberate low-frequency pneumatic actuations.

In a study published in Scientific Reports, the researchers name these bad valves "BioTrojans.” 

"Material-level cyber-physical attacks on biochips remain understudied, posing significant future security risks,” said Navajit Singh Baban, a CCS postdoctoral associate and the study's lead author. “In this study, we've shown that by simply changing the ratio of ingredients used to make certain valves, we can create a ticking time bomb within the device. These BioTrojans look identical to normal valves but behave very differently under stress."

The researchers demonstrated that valves made with altered ratios of a common polymer called polydimethylsiloxane (PDMS) could rupture within seconds when subjected to pneumatic actuations. In contrast, properly manufactured valves withstood the same conditions for days without failure.

The implications of such vulnerabilities are significant. Microfluidic biochips are increasingly used in critical applications such as disease diagnosis, DNA analysis, drug discovery, and biomedical research. A compromised valve could lead to contamination, inaccurate test results, or complete device failure, potentially endangering patients or derailing important research.

"This isn't just about a malfunctioning medical device," said Ramesh Karri, the senior author of the study. Karri is a professor and chair of NYU Tandon School of Engineering’s Electrical and Computer Engineering Department and a member of CCS, which he co-founded in 2009. "It's about the potential for malicious actors to intentionally sabotage these critical tools in ways that are very difficult to detect.”  

The research team’s proposed solutions include design modifications to make valves more resilient and a novel authentication method using fluorescent dyes to detect tampered components. 

"We're entering an age where the line between the digital and biological worlds is blurring," Baban said. "As these miniaturized labs become more prevalent in healthcare settings, ensuring their security will be crucial to maintaining trust in these potentially life-saving technologies. We hope this work will spur further investigation into the cybersecurity aspects of biomedical devices and lead to more robust safeguards in their design and manufacture.”

In addition to Baban and Karri, the paper's authors are Jiarui Zhou, Kamil Elkhoury, Yong-Ak Song and Sanjairaj Vijayavenkataraman, all from the Division of Engineering at NYU Abu Dhabi; Nikhil Gupta, professor in NYU Tandon’s Department of Mechanical and Aerospace Engineering and member of CCS; Sukanta Bhattacharjee from the Department of Computer Science and Engineering at Indian Institute of Technology Guwahati; and Krishnendu Chakrabarty from the School of Electrical, Computer and Energy Engineering at Arizona State University.

Baban, N.S., Zhou, J., Elkhoury, K. et al. BioTrojans: viscoelastic microvalve-based attacks in flow-based microfluidic biochips and their countermeasures. Sci Rep 14, 19806 (2024). https://doi.org/10.1038/s41598-024-70703-0

The researchers participating in this grant include Farshad Khorrami and Ramesh Karri, Professors of Electrical and Computer Engineering and member and director — respectively — of the NYU Center for Cybersecurity; and Research Scientist Prashanth Krishnamurthy.

A project to develop methods of securing the U.S. power grid from hackers, led by NYU Tandon researchers at the NYU Center for Cybersecurity, is one of six university teams receiving a portion of $12 million from the U.S. Department of Energy (DOE), supporting research, development, and demonstration (RD&D) of novel cybersecurity technologies to help the U.S. power grid survive and recover quickly from cyberattacks.

The Tandon team received $1.94 million for the project from the DOE fund, with matching support from NYU bringing the total to around $2.8 million, to develop Tracking Real-time Anomalies in Power Systems (TRAPS) to detect and localize anomalies in power grid cyber-physical systems. Collaborators include SRI International, the New York Power Authority, and Consolidated Edison. TRAPS will correlate time series measurements from electrical signals, embedded computing devices, and network communications to detect anomalies using semantic mismatches between measurements, allowing it to perform cross-domain real-time integrity verification.

Administered by the DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), the strategic project aims to advance anomaly detection, artificial intelligence and machine learning, and physics-based analytics to strengthen the security of next-generation energy systems. These systems include components placed in substations to detect cyber intrusions more quickly and automatically block access to control functions.   

The program aligns with the DOE’s larger goal of bolstering the security and resiliency of the power grid toward advancing President Biden’s goal of a 100% clean electrical grid by 2035 and net-zero carbon emissions by 2050.

This research project is led by Department of Electrical and Computer Engineering Professors Farshad Khorrami and Ramesh Karri, who is co-founder and co-chair of the NYU Center for Cybersecurity, and Prashanth Krishnamurthy, a research scientist at NYU Tandon; and Jörg Henkel and Hussam Amrouch of the Computer Science Department of the Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany.

The project builds upon on-going research, funded by a $1.3 million grant from the Office of Naval Research, to create algorithms for detecting Trojans — deliberate flaws inserted into chips during fabrication — based on the short term aging phenomena in transistors. 

It will focus on this physical phenomenon of short-term aging as a route to detecting hardware Trojans. The efficacy of short-term aging-based hardware Trojan detection has been demonstrated through simulations on integrated circuits (ICs) with several types of hardware Trojans through stochastic perturbations injected into the simulation studies. This DURIP project seeks to demonstrate hardware Trojan detection in actual physical ICs.

Khorrami explained that the new $359,000 grant will support the design and fabrication of 28nm chips with and without built-in trojans 

"The supply chain in manufacturing chips is complex and most foundries are overseas. Once a chip is fabricated and returned to the customer, the question is if additional hardware has been included on the chip die for most likely malicious purposes," he said. 

For this purpose, this DURIP project is proposing a novel experimental testbed consisting of:

• A specifically designed IC that contains Trojan-free and Trojan-infected variants of multiple circuits (e.g., cryptographic accelerators and micrcontrollers). This IC will be used for evaluation of the efficacy and accuracy of the hardware short-term aging based Trojan detection methods. To validate the Trojan detection methodology the team will use 3mm×3mm ICs with both Trojan-free and Trojan-infected variants of multiple circuits.

• AnFPGA-based interface module to apply clock signal and inputs to the fabricated IC and collect outputs.

• A fast switching programmable power supply for precise application of supply voltage changes to the IC’s being tested. The unit will apply patterns of supply voltages to the test chips to induce controllable and repeatable levels of short-term aging.

• Finally, a data analysis software module on a host computer for machine learning based device evaluation and anomaly detection (i.e., detection of hardware Trojans).

This testbed, a vital resource in the physical validation of the proposed NYU-KIT hardware Trojan detection methodology will also be a valuable resource for evaluating and validating other hardware Trojan detection techniques developed by NYU and the hardware security researchers outside of NYU. The testbed will therefore be a unique experimental facility for the hardware security community by providing access to (i) physical ICs with Trojan- free and Trojan-infected variants of circuits ranging from moderate-sized cryptographic circuits to complex microprocessors plus (ii) a generic FPGA-based interface to interrogate and test these ICs for Trojans according to their detection method.

This survey was led by Nikhil Gupta, professor mechanical and aerospace engineering and a member of the NYU Center for Cybersecurity; and Ramesh Karri, professor of electrical and computer engineering and co-founder and co-Chair of the NYU Center for Cybersecurity.

The Industry 4.0 concept promotes a digital manufacturing (DM) paradigm that can enhance quality and productivity, which reduces inventory and the lead time for delivering custom, batch-of-one products based on achieving convergence of additive, subtractive, and hybrid manufacturing machines, automation and robotic systems, sensors, com- puting, and communication networks, artificial intelligence, and big data. A DM system consists of embedded electronics, sensors, actuators, control software, and interconnectivity to enable the machines and the components within them to exchange data with other machines, components therein, the plant operators, the inventory managers, and customers. 

Digitalization of manufacturing aided by advances in sensors, artificial intelligence, robotics, and networking technology is revolutionizing the traditional manufacturing industry by rethinking manufacturing as a service.

Concurrently, there is a shift in demand from high-volume manufacturing to batches-of-one, custom manufacturing of products. While the large manufacturing enterprises can reallocate resources and transform themselves to seize these opportunities, the medium-scale enterprises (MSEs) and small-scale enterprises with limited resources need to become federated and proactively deal with digitalization. Many MSEs essentially consist of general-purpose machines that give them the flexibility to execute a variety of process plans and workflows to create one-off products with complex shapes, textures, properties, and functionalities. One way the MSEs can stay relevant in the next-generation digital manufacturing (DM) environment is to become fully interconnected with other MSEs by using the digital thread and becoming part of a larger, cyber-manufacturing business network. This allows the MSEs to make their resources visible to the market and continue to serve as suppliers to OEMs and other parts of the manufacturing supply networks.

This article, whose authors include researchers from NYU Tandon and Texas A&M, explores the cybersecurity risks in the emerging DM context, assesses the impact on manufacturing, and identifies approaches to secure DM. It resents a hybrid-manufacturing cell, a building block of DM, and uses it to discuss vulnerabilities; discusses a taxonomy of threats for DM; explores attack case studies; surveys existing taxonomies in DM systems; and demonstrates how novel manufacturing-unique defenses can mitigate the attacks.

The team's research is supported, in part, by the National Science Foundation.