Sketching Secure Hardware

Hardware security-related attacks are growing in number and their severity. Spectre, Meltdown, Foreshadow, Fallout, ZombieLoad, and Starbleed are just a few of the many recent attacks that exploit hardware vulnerabilities. While vulnerabilities are seemingly easy to find, designing secure hardware is challenging (to say the least) and there are limited tools to aid this process.

Armita Ardeshiricham’s PhD thesis made pioneering and fundamental contributions in detecting, localizing, and repairing hardware vulnerabilities. Her thesis developed verification tools that quickly finds vulnerabilities that previous work could not. And it laid the foundation for automated debugging of those flaws.

Her early work focused on developing powerful information flow tracking (IFT) tools that that work at the register transfer level. She extended this work in a fundamentally important manner by formulating IFT logic that detects timing based flows. And she pioneered the idea of sketching for hardware security. The culmination of her PhD research is the VeriSketch framework.

VeriSketch is the first design framework that uses sketching to automatically synthesize secure and functionally-complete hardware design. VeriSketch frees hardware designers from specifying exact cycle-by-cycle behaviors and excruciating bit-level details that often lead to security vulnerabilities. Instead, the designer provides a sketch of the circuit alongside a set of functional and security properties. VeriSketch uses program synthesis techniques to automatically generate a fully-specified design which satisfies these properties. VeriSketch leverages hardware IFT to enable definition and verification of security specifications, which allows for the analysis of a wide variety of security properties related to confidentiality, integrity, and availability.

Armita’s PhD research will undoubtedly have a lasting impact on our group’s hardware security efforts and has laid out a research agenda for the next few years (and likely beyond). Based on her work, we have started projects on error localization (with Prof. Yanjing Li at Univ. of Chicago) and automated property generation (with Prof. Cynthia Sturton at Univ. of North Carolina) that was recently funded by the Semiconductor Research Corporation. Her work was fundamental in developing system on chip access control monitors in collaboration with Leidos and Sant’Anna School of Advanced Studies in Pisa. She will certainly be missed!

Dr. Ardeshiricham currently works at Apple doing things that she can tell no one about (as is typically with Apple). But I’m certain that future Apple devices will be much more secure with her overseeing the verification process.

A very long overdue post and congrats again!

-Ryan

Ryan’s acknowledgment — acting as Mel Gibson to Armita’s Jim Caviezel during her PhD career.

Science and Technology Behind Mangrove Conservation

Did you know that mangroves sequester more carbon than rainforests? In addition to being one of the best carbon scrubbers in the world, they also protect coastlines from erosion and hurricanes and provide an amazing nursery for aquatic life. Yet, these important ecosystems are in-decline worldwide, hurt by industrialization, rising sea levels, and other climatic events.

As part of the activities around World Mangrove Day, Ryan moderated an online panel “The Science Behind Remote Sensing” related to using technology to monitor and rehabilitate mangroves. The panel featured researchers from NASA, Microsoft, UCSD, and the Nature Conservancy are using drones, satellites, multispectral imaging, machine learning, and a bunch of other technologies to understand and rehabilitate mangroves around the world. Our collaborator Astrid Hsu presented some of the technologies that we are working on as part of Engineers for Exploration program. And there was a lot of interesting discussion on how to use technology to monitor, understand, and rehabilitate these important ecosystems.

Low-cost 3D Scanning Systems for Cultural Heritage Documentation

Digitally documenting archaeological sites provides high-resolution 3D models that are more accurate than traditional analog (manual) recordings. Capturing the 3D data comes at great financial cost (if using a lidar-based system) or be time-consuming during data collection and post-processing (when using photogrammetry). This has limited the use of these techniques in the field.

Depth sensors like the Microsoft Kinect and Intel RealSense provide relative low-cost way of capturing depth data. Open-source 3D mapping software provides fast and accurate algorithms to turn this depth data into 3D models. Our research combines depth sensors and 3D mapping algorithms to develop a low-cost 3D scanning system. We analyzed multiple sensors and software packages to develop a prototype system to create large scale 3D model of tunneling-based archaeological site. We used this system to document Maya archaeological site El Zotz in the Peten region of Guatemala. Our findings were recently published in the paper “Low-cost 3D scanning systems for cultural heritage documentation” in the Journal of Cultural Heritage Management and Sustainable Development.

This research is the result of a many year (and on-going) effort between Engineers for Exploration and archaeologists at El Zotz. Congrats to all those involved in this impressive project.

Real-time Automatic Modulation Classification

Advanced wireless communication techniques, like those found in 5G and beyond, require low latency while operating on high throughput streams of radio frequency (RF) data. Automatic Modulation Classification is one important method to understand how other radios are using the wireless channel. This information can be used in applications such as cognitive radios to better utilize the wireless channel and transmit information at faster rates.

Our recent work shows how to perform modulation classification in real-time by exploiting the RF capabilities offered by Xilinx RFSoC platforms. This work, lead by the University of Sydney Computer Engineering Lab, developed a non-uniform and layer-wise quantization technique to shrink the large memory footprint of neural networks to fit on the FPGA fabric. This technique preserves the classification accuracy in a real-time implementation.
This work was published at the Reconfigurable Architectures Workshop (RAW) and an open source implementation on Xilinx RFSoC ZCU111 development board is available at in the github repo.

Jeremy Blackstone Named Bouchet Scholar

The Edward Alexander Bouchet Graduate Honor Society is a network of preeminent scholars who exemplify academic and personal excellence, foster environments of support, and serve as examples of scholarship, leadership, character, service, and advocacy for students who have been traditionally underrepresented in the academy. 

Jeremy will fit in perfectly. His research on hardware security is exploring new ways to mitigate side channel attacks. It has resulted in several research papers in top venues. His leadership, service, and advocacy are evident during his time as an undergraduate at Howard University and throughout his PhD career at UCSD. A small sampling of this includes tutoring and mentoring elementary, high school, and undergraduate students, many of which have come from underrepresented groups. He served as President of Jacob’s Graduate Student Council where he helped organize events for engineering students to present their research with their peers to get feedback for future presentations and to young students to inspire them to pursue engineering.

Edward Bouchet was the first African American doctoral recipient in the United States. He entered Yale College (now Yale University) in 1870. He graduated in 1874 and decided to stay on a couple more years to get his PhD in Physics. Despite an impressive academic record (he got a PhD in two years!), he was unable to land a position in a college or university due to his race. He taught chemistry and physics at the School for Colored Youth in Philadelphia for more than 25 years; it was one of the few institutions that offered African Americans a rigorous academic program. 

CSE Research Open House

Our research was represented prominently at the CSE Research Open House, held on January 31, 2020. The open house provides an opportunity for industry, alumni, and broader UCSD community to get a view of the research going on in our department. It consisted of research talks in the morning, demos in the afternoon, a research poster session, and awards ceremony.

Arden Ma and Dillon Hicks showing off some of the mangrove monitoring technology.

Engineers for Exploration (E4E) described their latest and greatest technologies during the sustainable computing session in the morning and showed off demos in the afternoon. The featured E4E projects included our project to document Maya archaeology sites where we use state of the art imaging sensors to create large scale 3D models of archaeological site. This is then viewable in virtual reality. Another featured project is mangrove monitoring which uses drones, multispectral image sensors, machine learning for automated ecosystem classification, and other new technologies to document and understand these fragile and important ecosystems. The radio collar tracker was the final presented project. The goal is to track animals equipped with radio transmitters using drones and software defined radio. Here’s the presentation if you want more detail on these projects and the E4E program.

Michael and his fancy best poster award.

Michael Barrow was awarded the best poster for his research on “Data Driven Tissue Models for Surgical Image Guidance“. Michael leads this multidisciplinary project that spans across the Jacobs School of Engineering and the School of Medicine. The goal is to develop more accurate modeling and visualization of tumors, blood vessels, and other important landmarks to provide surgeons real-time feedback during the operation.

Finally, our close collaborator Tim Sherwood was honored with a CSE Distinguished Alumni awards. We have been working with Tim for almost two decades (pretty much since the time he graduated from UCSD) Our research includes a number of fundamental projects in hardware security including some of the initial work in FPGA security, 3D integrated circuit security, hardware information flow tracking, and computational blinking.

VeriSketch – Automating Secure Hardware Design

While it took much, much longer than it should have, the semiconductor industry is starting to realize that security is a critical part of the design process. Spector, Meltdown, and other high profile hardware security flaws have shown the danger of ignoring security during the design and verification process. Intel, Xilinx, Qualcomm, Broadcom, NXP and other large semiconductor companies have large and growing security teams that perform audits for their chips to help find and then mitigate security flaws.

Emerging hardware security verification tools (including those spun out of our research group from Tortuga Logic) help find potential security flaws. They are powerful at detecting flaws that violate specified security properties and providing example behaviors on how to exploit the flaw. Unfortunately, fixing these flaws remains a manual process, which is time consuming and often left without a viable solution.

VeriSketch takes a first step at automatically fixing the bugs found by the hardware verification tools. VeriSketch asks the designer to partially specify the hardware design, and then uses formal techniques to automatically fill in the sketch to create a design that is guaranteed to be devoid of the flaw. It leverages program synthesis, which automatically constructs programs that fit given specifications. VeriSketch introduces program synthesis into the hardware design world and uses security and functional constraints for the specification. This allows hardware designers to leave out details related to the control (e.g., partially constructed finite state machines) and datapath (e.g., incomplete logic constructs). VeriSketch uses formal methods to automatically derive these unknown parts of the hardware such that they meet the security constraints.

As a proof of concept, we used hardware security verification tools to show that PLCache (a well known cache that is supposedly resilient to cache side channel) does indeed have a flaw through its meta-data (more specifically the LRU bit). And we were able to use VeriSketch to automatically augment the PLCache design to remove this flaw.

More details on VeriSketch, the PLCache flaw, and other interesting hardware security verification techniques are detailed in our paper “VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties” presented at the ACM Conference on Computer and Communications Security. Congrats to the authors Armaiti Ardeshiricham, Yoshiki Takashima, Sicun Gao, and Ryan Kastner!

Holistic Power Side Channel Leakage Assessment

It is surprisingly easy to extract critical information from a computer chip by simply monitoring the amount of power that it consumes over time. These power side channels have been used time and time again to break otherwise secure cryptographic algorithms. Countless mitigation strategies have been used to thwart these attacks. Their effectiveness is difficult to measure since vulnerability metrics do not adequately consider leakage in a comprehensive manner. In particular, metrics typically focus on single instances in time, i.e., specific attack points, which severely underestimate information leakage especially when considering emerging attacks that target multiple places in the power consumption trace.

We developed a multidimensional metric that addresses these flaws and enables hardware designers to quickly and more effectively understand how the hardware that they develop is resistant to power side channel attacks. Our metric considers all points in time of the power trace, without assuming an underlying model of computation or leakage. This will enable the development of more secure hardware that is resilient to power side channel attacks. This work was recently published at the International Conference on Computer Aided Design (ICCAD), one of the premier forums for technical innovations in electronic design automation.

For further information see: Alric Althoff, Jeremy Blackstone, and Ryan Kastner, “Holistic Power Side-Channel Leakage Assessment: Towards a Robust Multidimensional Metric“,  International Conference on Computer Aided Design (ICCAD), November 2019 (pdf)

Documenting Maya Archaeological Sites with Low-cost 3D Imaging Sensors

Deep in the heart of the Peten Basin in Eastern Guatemala lies the ruins of the ancient Maya civilization. Jungles have overtaken these ancient cities, leaving archaeologists to painstakingly excavate their ruins in order to uncover their secrets about their culture, traditions, and rituals. This process is time-consuming and tedious; archaeologists carefully tunnel into the temples and other structures using pickaxes and shovels. They manually sift through the limestone remains in hopes of finding artifacts, tombs, ancient walls, masks, and murals and better understand the usage of these structures and artifacts. The result of this is hundreds of meters of man made tunnels that burrow deep into these structures and snake across multiple levels.

Dr. Quentin Gautier successfully defended his PhD thesis which focused on using modern technologies to better document these archaeological sites. His thesis documents is a series of 3D imaging prototypes, which can generate large-scale 3D models of Maya archaeological sites. Over the years, Quentin lead the development of several generations of scanning systems and he ventured on several expeditions deep in the the Guatemala jungle to deploy these systems. The result is an unprecedented amount of data collection, which has turned into impressive 3D models that are viewable in virtual reality and other 3D visualization systems.

Quentin’s PhD journey was much like these excavations. It was at times painstaking and tedious. He is an expert system builder and this often conflicted with the unfortunate publish-or-perish model of academics. He certainly could have focused on writing more papers on incremental ideas in lieu of developing real systems that were field tested and deployed. In the end, I believe his thesis will be more impactful than these unwritten papers. The excavation sites that he helped document are windows into our past, and many of these windows have been closed as the excavations have been backfilled in order to preserve these precious sites. Quentin’s digital models will allow archaeologists and others all over the world to view these cultural heritage treasures. His system development will help our research group’s continued efforts to use modern technologies to aid in scientific purposes. And his mentorship to the countless undergraduate students (like Giovanni below) will have lasting impacts on their careers.

Congratulations Dr. Gautier and best of luck in Japan! I look forward to seeing all of the amazing systems that you develop in the future.

FastWave: A Hardware Architecture for Audio Neural Networks

When Siri, Alexa, Cortana, Google Assistant or your other favorite digital assistant talk to you, they rely on neural networks to create the audio file that speaks to you. WaveNet is a deep neural network for generating audio that provides amazingly accurate results. Yet, this process is slow and cannot be performed in real-time. Our FastWave hardware architecture accelerates this process providing a 10x decrease in the time required to generate the audio file as compared to a state of the art GPU solution. This is the first hardware accelerated platform for autoregressive convolutional neural networks.

FastWave is being presented at the International Conference on Computer-aided Design (ICCAD). ICCAD is one of the top conferences for topics related to hardware design automation. The paper was developed as a project in my CSE 237C class, which teaches hardware design and prototyping using high level synthesis. Shehzeen Hussain, Mojan Javaheripi, and Paarth Neekhara developed the initial idea as a final class project. They continued their work after class and the end result is the paper, FastWave: Accelerating Autoregressive Convolutional Neural Networks on FPGA.