Cybersecurity Team Makes NYU Tandon a Crucible for Microchip Security

Students Collaborating

At NYU Tandon, the country’s first university research team for hardware security is probing the growing threat to the world’s microchips and devising ways to protect them.

Twenty years ago microchips were designed and fabricated in house and in secret, with outside vendors having little access to blueprints or actual product. Today digital blueprints for chips designed in California or New York cross the globe to foundries in Asia, a $400 billion worldwide supply chain that gives bad actors multiple opportunities to pirate intellectual property (IP) or install malicious “Trojan horse” circuits, which look benign but hide threats within.

These built-in vulnerabilities can spell disaster for everything from computers and smartphones to the systems that run personal automobiles, major utilities, public transportation systems, and nuclear facilities.

At NYU, the small and increasingly influential group of cybersecurity researchers is exploring hardware trustworthiness and educating experts worldwide about their findings. Under the aegis of the NYU Center for Cyber Security, faculty and student researchers at NYU Abu Dhabi as well as NYU Tandon are recognized as leaders in research on secure chip design and production, microchip camouflaging, encryption, crowd sourcing and sharing of attack and defense strategies, and improving the trustworthiness of the supply chain.


  • NYU Tandon Professor of Electrical and Computer Engineering Ramesh Karri and his students in 2002 generated the first research on attack-resilient chip architecture.

  • In 2004 the department published one of the first doctoral theses on hardware security.

  • The hardware team was the first to demonstrate that integrated circuits’ test and debug ports could be used by hackers.

  • Karri organized and delivered the first set of invited Institute of Electrical and Electronics Engineers (IEEE) tutorials in hardware security in the United States,  Europe, and Latin America.

  • Karri and his team presented the first research paper on split manufacturing, a means of thwarting counterfeiting by an untrusted foundry by dividing a chip’s blueprint into several components and distributing each to a different fabricator.

  • The NYU team has won numerous best-paper awards at the world’s top three security conferences: the Association for Computing Machinery (ACM) Conference on Computer and Communications Security, the Advanced Computing Systems Association’s (USENIX) Security conference, and the IEEE Symposium on Security and Privacy.

  • The NYU hardware researchers and their collaborators enjoy arguably the largest outside funding level for hardware security of any institution in the United States, including grants from the National Science Foundation (NSF), the Office of Naval Research, the Defense Advanced Research Projects Agency (DARPA), the Army Research Office, the Air Force Research Laboratory, the Semiconductor Research Corporation, and companies including Boeing, Microsoft, and Google.

Under Karri, Tandon Assistant Professor Siddharth Garg, and two assistant professors at NYU Abu Dhabi, Michail Maniatakos and Ozgur Sinanoglu, the group is trying to shift the microchip design culture from secrecy to collaboration. The faculty researchers are joined by 20 graduate students and five post-doctoral fellows.

CSAW: Not Just Fun and Games

One important element of the group’s work is the world’s longest-running hardware security competition, the Embedded Security Challenge (ESC), which is part of the world’s largest set of student-led information security contests: NYU’s Cyber Security Awareness Week (CSAW).

ESC pits NYU Tandon against other institutions in a “red team, blue team” format: Tandon’s team creates encryptions, camouflages, and other defenses that university teams from around the globe attempt to defeat. Research developed during prior ESCs has propelled the entire field of hardware trust. 

“There are many different instances in which mechanisms we thought were secure have been defeated, then retooled to address those vulnerabilities,” Garg explained. “The great opportunity of ESC is to take a variety of different security solutions, throw them out there, and get them validated by teams of engineers.”

Karri said open competitions like ESC mimic real-world attacks “and therefore help defenders create better encryptions and develop better tactics.” At last year’s ESC, for example, some 40 players from 10 universities received an e-voting system architecture and were challenged to overthrow an election by altering the vote distribution.

Competitors in this year’s ESC will tangle with memory corruption, one of the most common security bugs, by which a hacker subverts a microchip by changing critical data in its memory. Malefactors use this form of corruption to alter a program to perform such malicious deeds as stealing user data and falsifying records.

Karri said the job of the ten competing teams at each of the three host institutions will be to “enhance basic chip design to include more hardware security mechanisms in order to prevent such corruptions from harming the system.”


Software security has been in the academic spotlight since the advent of the World Wide Web, but researchers have focused on hardware security for only a decade. In 2008, Karri founded the ESC. Several years later, ESC became foundational for a National Science Foundation-supported network called Trust-Hub, which led the way in connecting knowledge and solutions on trustworthiness issues. The University of Connecticut, Rice University, and the University of California in Los Angeles are partners in developing and maintaining the digital clearinghouse and community-building site where researchers exchange papers, hardware platforms, source codes, and tools. Those include “trust benchmarks” – blueprints of microchips infected with hardware Trojans — that can be used as examples when building electronic design automation tools.

Trust-Hub’s strength lies in being collaborative and open.  “The old way of doing things — ‘security through obscurity’ — makes it harder, not easier, for industry to keep pace,” Karri explained. “When there is no collaboration, the best ideas aren’t shared and attackers have the advantage.”

Nektarious Tsoutos, a computer science doctoral candidate under Maniatakos at NYU Abu Dhabi added: “If I have a database of 100 ways to attack hardware and examples of each, I have a consistent way to measure the quality of my own detection and prevention methods. ‘Security through obscurity’ is like hiding the key to a house under the doormat and hoping the burglar doesn’t look there.”

Maniatakos sees an analog for open-source hardware in software programs like Linux. “Anyone can look at Linux code,” he said. “And where there are so many eyes looking at it, you find the vulnerabilities. If you have closed software that nobody can see, those vulnerabilities are there to stay. We don’t know all the attacks of the future, but with Trust-Hub many of us can find the weak points and make them impervious.”

This year the hardware security team will expand the reach of Trust-Hub to the Middle East, Africa, and India. Karri said that this will help create more benchmarks and “allow us to tease out any cultural implications to hardware hacking.”

hardware chip

Camouflaging Chips

The NYU hardware security group is also a leader in research on microchip camouflaging, a tactic that Karri pioneered in 2013 to prevent reverse engineering — or “de-layering”— a chip to pilfer the design and intellectual property (IP).

A typical integrated circuit can have thousands or millions of Boolean logic gates, the “true or false” switches that implement software commands. Concealing the function of a certain number of them was thought to make theft by the already expensive and complicated process of de-layering too time consuming. However, Garg and a group of researchers from the University of Waterloo recently found that de-layering can be done with relative ease and speed with off-the-shelf technology.
“Companies have considered cloaking logic gates to be a good defense against theft because undoing each gate to discern its function is a long, technically complicated process,” he explained. “But by applying inputs and recording outputs using readily available Boolean satisfiability (SAT) solvers [which can handle thousands or millions of variables], the delayering of a camouflaged chip can actually be done in minutes.”

After presenting their findings at the Network and Distributed System Security symposium in February, 2015, Garg and co-authors published a potential solution via a second study, funded in part by a $500,000 grant from the NSF. It detailed an alternative route for camouflaging based on small fluctuations in the concentration of impurities with which the silicon is doped.

Protecting the Future

The team’s current research has been recognized for its potential to make hardware more secure.

  • Karri, Maniatakos, Tsoutsos, and Nikhil Gupta, a materials sciences researcher and an associate professor of mechanical engineering at NYU Tandon, co-authored a study on security risks in additive — or 3D — printing. The study, led by Steven Eric Zeltmann, a mechanical engineering graduate student, and published in the JOM: The Journal of the Minerals, Metals & Materials Society, provided the first look at how an attacker could compromise a product without detection by altering printing orientation or inserting fine defects.

  • Garg is developing a means of camouflaging that is invisible to an optical microscope (a critical tool in de-layering). As detailed in a study co-authored by Maria I. Mera Collantes and Mohamed El Massad of NYU Tandon’s Department of Electrical and Computer Engineering, the technique exploits small fluctuations in the concentration of impurities with which the silicon is “doped.” It is very common to dope silicon by adding minute quantities of other materials, like phosphorous or arsenic. The optical tools used to delayer a chip for IP theft would be unable to discern the functionality of a chip protected using this method.

  • In February Garg received the prestigious NSF Faculty Early Career Development (CAREER) Award, which offers promising young academics mentoring and $500,000 over five years to advance their research.

  • This spring Garg and colleagues from Yale, the University of California at San Diego, the University of Virginia, and the City University of New York received a $3 million NSF grant for a unique, self-verifying chip design detailed in the paper “Verifiable ASICS.” The work was presented in May at the IEEE Symposium on Security and Privacy in Oakland, California.

  • Popular Science magazine in August 2016 named Garg to its 15th annual Brilliant 10 list of young scientists and innovators both for his new concept for camouflaging and for an approach to splitting the manufacture of a chip into two parts so no one party can extrapolate the entire design from a portion of it.  Instead of randomly assigning sections of a blueprint to different fabricators, the new technique employs mathematics to determine how best to divide a chip blueprint.

  • The NYU Abu Dhabi team’s new TwinLab in Trustworthy Hardware has designed a chip that guards against reverse engineering, tampering, counterfeiting, and overproduction (by which foundries make money by making and selling more chips than were ordered). The chip will be made by semiconductor fabricator GLOBALFOUNDRIES, and the NYU researchers, with a $2.6 million budget, plan to deliver various versions of their secure microprocessor chips over the next four years.

  • NYU’s Karri and Sinanoglu and collaborators at Duke University and the University of Texas at Dallas are pioneering techniques to secure digital microfluidic biochips. A paper published earlier this year in IEEE/ACM Transactions on Computational Biology and Bioinfomatics gave the first assessment of security vulnerabilities in these chips used by researchers and medical professionals for diagnostics, DNA sequencing, and environmental monitoring. Their experiments found that attacks were easy to implement and difficult to detect.