Engineering a Smarter Surfboard

The Smartfin project was highlighted in a ThisWeek@UCSD article. The Smartfin holds a microcontroller, temperature sensor, inertial measurement unit, and wireless radio — all embedded into a surfboard fin. This allows surfers to opportunistically gather oceanographic data in the near-shore environment, which is otherwise challenging for more traditionally sensors on buoys and moorings. Engineers for Exploration students are working this summer as part of the NSF-funded REU Site to solidify the data collection process, and develop in-house ability to manufacture Smartfins in a low-cost and open-source manner.

Exploiting the AMBA AXI Protocol for Denial of Service Attacks

Francesco Restuccia was invited to give a talk at the June 2022 edition of — a conference dedicated towards showcasing novel hardware attacks and training the security community to defend against those attacks. Francesco’s talk details how the popular on-chip communication protocol is prone to attacks against the security and safety of on-chip resources. The attacks take advantage of inadequacies in the protocol, which was developed for high-speed communications, and not necessarily designed with safety and security in mind. For more details, check out his talk in its entiretly.

Scaling Hardware Security Property Generation

One of the biggest challenges in hardware security verification is developing formal properties that can subsequently be verified by automated tools. This is a difficult and time-consuming task typically assigned to security verification engineers that must manually sort through hundreds of thousands of lines of a hardware description.

Isadora Duncan By Arnold Genthe -, Public Domain,

Our recent article in IEEE Security & Privacy Special Issue on Formal Methods at Scale describes our research on developing Isadora – a tool that automates the property generation process for information-flow properties that are critical to the security of hardware designs. Isadora combines information flow tracking with specification mining to help automate the challenging security verification process. Congrats to the authors: Calvin Deutschbein, Andy Meza, Francesco Restuccia, Ryan Kastner, and Cynthia Sturton.

Olivia Weng Named NSF Graduate Research Fellow

Congratulations to Olivia Weng for being awarded a National Science Foundation Graduate Research Fellowship. The NSF GRF is one of the most prestigious graduate fellowships in the US. The fellowship will fund Liv for the remainder of her PhD allowing her to continue her research on the co-design of efficient, fault-tolerant computer architectures for applications in high-energy physics. One example is the Large Hadron Collider, where physicists need hardware that will process millions of particle collisions per second. Her research will allow their hardware, and the machine learning software that runs on it, to meet these intense computing demands while handing faults that are inherent in such sensors.

Smartfin turns Surfers into Citizen Scientists

Smartfin is an oceanographic sensor–equipped surfboard fin and citizen science program aimed to provide an increase of coastal ocean observations. Smartfins are used by surfers and paddlers in surf zone and nearshore regions to provide valuable oceanographic data in these challenging to sample ecosystems. Smartfin measures temperature, motion, and wet/dry sensing, GPS location, and cellular data transmission capabilities for the near-real-time monitoring of coastal physics and environmental parameters.

Over 300 Smartfins have been distributed around the world and have been in use for up to five years. The technology has been proven to be a useful scientific research tool in the coastal ocean—especially for observing spatiotemporal variability, validating remotely sensed data, and characterizing surface water depth profiles when combined with other tools—and the project has yielded promising results in terms of formal and informal education and community engagement in coastal health issues with broad international reach.

Our recent research article in the Continental Shelf Research journal describes the technology, the citizen science project design, and the results in terms of natural and social science analyses. We also discuss progress toward our outreach, education, and scientific goals. Congrats to Phil Bresnahan and all the authors!

Sherlock: Quickly Understanding Design Spaces

Design space exploration aims to quickly determine the design parameters that yield the best results. In software, the designer must set algorithmic and performance parameters, e.g., thresholds, bounds, and other input parameters that provide the best output in terms of accuracy and runtime. In hardware design, the designer must determine parameters related to pipelining, memory architecture, and data types to give the best tradeoff between resource usage and performance. In both cases, one wants to quickly understand the relationship between the input and outputs and find the Pareto set of designs.

Sherlock is a DSE framework that can handle multiple conflicting optimization objectives and aggressively focuses on finding Pareto optimal solutions. Sherlock integrates a model selection process to choose the regression model that helps reach the optimal solution faster. Sherlock designs a strategy based around the Multi-Armed Bandit (MAB) problem, opting to balance exploration and exploitation based on the learned and expected results. Sherlock can decrease the importance of models that do not provide correct estimates, reaching the optimal design faster. Sherlock is capable of tailoring its choice of regression models to the problem at hand, leading to a model that best reflects the application design space

Sherlock: A Multi-Objective Design Space Exploration Framework” was recently published in the ACM Transactions on Design Automation of Electronic Systems (TODAES). Congrats to the authors Quentin Gautier, Alric Althoff, Chris Crutchfield, and Ryan Kastner. The Sherlock algorithm was also released as open-source. We plan to use it in the future to tune machine learning models for optimized hardware implementations and tune algorithmic parameters for aerial tracking project. We hope that others will find is similarly useful!

CSE Postdoc Fellow

Dr. Francesco Restuccia was awarded a UCSD CSE Postdoc Fellowship to return to UCSD to develop safe and secure system-on-chip architectures.

Francesco is very familiar with UCSD (and vice versa). He spent about 9 months here as a visiting PhD student from January – August 2020. Despite much of his time here being under lockdown, he was incredibly productive. Francesco developed the Aker security verification framework for system on a chip (SoC) access control that was published in ICCAD 2021. Additionally, Francesco worked on another project to develop a makeshift ventilator system in response to the pandemic (see IEEE Embedded Systems Letter for more info).

Francesco will continue his work on developing safe and secure electronic systems, in particular, we aim to explore the use of program synthesis for secure system generation in collaboration with Sean Gao and Nadia Polikarpova. Be on the look out for some more VeriSketch-like research lead by Francesco.

Welcome back Francesco!

Spying on Your FPGA Neighbors

Amazon, Baidu, Microsoft, and other cloud providers now allow one to rent FPGAs and use them to implement powerful and efficient custom architectures for machine learning, video transcoding, encryption, networking, and other high throughput computations. Those FPGAs are large, and quite very expensive, which brings about the natural question: can we virtualize the FPGA across multiple users and maximize their usage? And more importantly, what are the security implications of two tenants sharing the same physical FPGA device?

In our DAC 2021 paper “Classifying Computations on Multi-Tenant FPGA“, we show that a co-tenant can implement a relatively simple circuit time-to-digital converter (TDC) on one part of the FPGA and use that to determine types of computation occurring on another part of the FPGA. The TDC measures small changes in how a signal propagates through a carry chain. If the co-tenant computation is using a lot of power, this creates a side channel via the power supply rail that will slow down the propagation of the signal in the carry chain. We show that his subtle information can be used to

This includes determining if there is another co-tenant, if that co-tenant is performing encryption, whether the co-tenant is utilizing a soft processor, and other questions that violate the confidentiality of the co-tenant. This a necessary precursor for performing attacks in a virtualized FPGA environment, where an attacker must identify a co-located core before performing an attack, or defending against them, where a provider recognizes malicious cores and terminates service

The work was a broad collaboration across several universities. It was lead by Dustin Richmond (UW post-doc) and includes Mustafa Gobulukoglu (UCSD BS/MS now at Northrop Grumman), Colin Drewes (UCSD BS/MS), and Bill Hunter (Georgia Tech Research Institute).

DAC Under-40 Innovator Award

Kastner Research Group alum Dr. Jason Oberg was given the DAC Under-40 Innovators Award. The award recognizes the top young innovators who have made a significant impact in the field of electronics design and automation.

Jason receiving the Under-40 Innovator Award at DAC 2021

Jason is a leader in the hardware security community. Jason’s PhD work helped lay the foundation for hardware information flow tracking. After his PhD, he commercialized this research as co-founder and CEO of Tortuga Logic. Hardware information flow tracking is now a key part of hardware security validation used in top semiconductor companies in a large part due to Jason’s strategic and technical guidance. Jason is currently is CTO at Tortuga, and continues to drive many of the innovations there and in the broader hardware security community.

Floppy-haired Jason at FCCM 2010.

I met Jason at UC Santa Barbara back when I was a professor there. Jason was a floppy-haired surfer fresh from Hawaii, but also an outstanding undergraduate researcher. He worked with Bridget Benson in developing the early version of the AquaModem. Shortly thereafter, I moved to UC San Diego and convinced Jason to follow me there for his PhD. Jason worked on a lot of different topics. He eventually settled on hardware security.

Jason’s hair has gotten a lot less floppy, but the psyche still remains. I have thoroughly enjoyed working with him over the years, and look forward to all the great things that he will undoubtedly do in the future.

iSTELLAR and Aker at ICCAD

Our group presented two papers related to hardware security at the International Conference on Computer-Aided Design (ICCAD). ICCAD is a top-tier conference in electronic design automation. There is an increasing emphasis on hardware security at ICCAD (and most other hardware design research venues) in the past years.

Prof. Jeremy Blackstone presented our group’s first paper: iSTELLAR: intermittent Signature aTtenuation Embedded CRYPTO with Low-Level metAl Routing. iSTELLAR presents a defense against electromagnetic and power attacks on that combines circuit-level and physical-level mitigations from STELLAR with notion of computational blinking. The end result is a flexible defense that enables a tradeoff between power consumption with leakage mitigation. The work was done in collaboration with Prof. Shreyas Sen (Purdue), Dr. Debayan Das (Purdue/Intel), and Dr. Alric Althoff (Tortuga Logic).

Aker — an Egyptian god that guards the netherworld. Image by Jeff Dahl – Own work, CC BY-SA 4.0

Our group’s second paper — Aker: A Design and Verification Framework for Safe and Secure SoC Access Control — was presented by Andy Meza. Aker is a design and security verification framework for system on chip access control. Aker provides flexible hardware access control wrappers that monitor memory accesses. And it provides an extensible security verification environment that can generate a variety of hardware security based upon the threat model. This work was done in collaboration with Dr. Francesco Restuccia (Scuola Superiore Sant’Anna Pisa and soon to be UCSD!). The hardware designs and security properties are released for open use in our Aker repository.

Congrats to all the authors!

Related Links: iSTELLAR paper, Aker paper, Aker Repository