Research Projects

Our research effort bridges various engineering, computation and science disciplines, and are primarily focused on modern embedded systems, hardware security and protection, system security (including software and data), radio security, data integrity, sensor networks, and statistical signal processing. Of particular interest to us are complex problems that are composed of various subcomponents, where unified design paradigms and methods that reach a much greater scope than the original problem are being developed. In conjunction with developing new concepts, we also adopt techniques from statistics and optimizations to address emerging and challenging technological, industrial and theoretical problems. We refer the interested readers to our papers. Here are a few examples of our recent research efforts and the underlying mechanisms.

1. Unique and remote control and authentication of hardware (active hardware metering): The current horizontal semiconductor business model is subject to the threats of piracy and tampering of hardware. As the leading edge designers of hardware IPs mostly have to manufacture their designs in untrusted offshore countries where the labor and manufacturing costs are less. The way the designed IP is transparent to the manufacturers while the fabrication process, quantity, and added circuitry to the manufactured integrated circuits (ICs) by the foundry are concealed, places the designer in an unusual asymmetric relationship. Although the financial loss and the economic impacts of hardware piracy are more dramatic than software, it has received far less attention. This might be due to the relative ease of Software piracy compared to Hardware piracy as it requires low-cost resources available to the general public. However, the protection of hardware is also crucially important because the ICs are widely used in almost all electronic devices and the potentially adversarial fabrication house has the full control over the hardware resources being manufactured. It is estimated that the most pirated IP components are computer hardware, computer peripherals, and embedded systems. What exacerbates the problem is that such an adversary can embed additional circuitry at manufacturing time, enabling the attacker to take control over other ICs in a larger system as well as over the system and application software that will be executed on the tampered IC while in use.

We have invented the first “active hardware metering” approach in our group. IC metering is a set of security protocols that enable the design house to gain post-fabrication control by passive or active control of the number of produced ICs, their properties and use, or by runtime disabling of ICs in case of tamper detection. Our method is the very first that uniquely and automatically locks each IC upon manufacturing, such that the design house is the only entity that can provide the specific key to unlock the chip. Thus, the manufactured ICs cannot be operational (pirated) without the consent of the designer. The technique can also be used for remote disabling and activation of chips by the IP rights owner during the circuit's operation. The locking mechanism leverages: (i) the functional description of the design that is not known by any outside entity except by the design house, and (2) unique chip identifiers. The lock is integrated within the structure of the finite state machine (FSM) of the design. The advantage of FSM is that it is the common computational model used in hardware design. While some aspects of the FSM states and their transition information can be easily verified on the ICs, altering, replaying, or removal of the FSMs incurs an effort equivalent to redoing the design.

Unique identification of each chip is accomplished by physically unclonable functions (PUFs) that are easy to verify, but are hard to copy, replay or remove. Note that our scheme is not vulnerable to removal attacks, since the IDs are integrated within the functional description and thus, removal of the IDs would impact the circuit's functionality and produce incorrect results. We have also addressed many other potential attacks and presented countermeasures against them. We have so far shown successful low-overhead implementation of our approach, both in theory and on silicon. Furthermore, we have extended the work so it is not only checking the specific keys to work at the power-up, but also it continuously checks for the specific keys during the runtime.

In our novel invention, secrecy is not provided by digital keys, but it is provided by the functional uniqueness. The secret is really the structure of the state transitions graph (STG) that represents the FSM. The IP rights owner is the only entity who can traverse the FSM and STG. Combinations of the two security mechanisms, (i) variability-based uniqueness of each IC, (ii) and structural manipulation of FSM while preserving original behavioral specification, provide powerful basis for creating many new security and DRM protocols. For example, new royalty enforcement systems are enabled: design reuse has emerged as a dominant strategy, where different cores (IPs) are often supplied by different vendors. The final integrator pays each IP supplier royalties that are proportional to the number of manufactured ICs. All what is needed for royalty enforcement is that each supplier uses its own active or passive HM scheme inside its IPs. Our novel security methods are particularly well-suited for embedded systems with stringent power, memory and area constraints where security processing overwhelms available resources.

2. N-variant designs – flexible ASICs: N-variant design is the generation of N>2 realizations of the same initial design description. The advantage of the technique is that it provides improved flexibility, robustness, attack resiliency, and design diversity. The strength and usefulness of N-variant designs was previously demonstrated for programs, for virtual machines, and for achieving architectural heterogeneity. While the method was initially intended for providing fault-tolerance, recent applications in security of computer systems, software and data has amplified its importance. Many attacks that take advantage of the specific and stationary nature of the underlying platform may be eliminated by using N-variants. Our group has proposed the first method for designing N-variant sequential circuits.

The method is based on extending the finite state machine (FSM) of the design to include multiple variants of the same design specification. The state transitions are managed by added signals that may come from various triggers depending on the target application. We devise an algorithm for implementing the N-variant IC design. We discuss the necessary manipulations of the added signals that would facilitate the various tasks. The key advantage to integrating the heterogeneity in the functional specification of the design is that we can configure the variant during or post-manufacturing, but removal, extraction or deletion of the variants is not viable. Experimental results on benchmark circuits demonstrate that the method can be automatically and efficiently implemented. Because of its light-weight, N-variant design is particularly well-suited for securing embedded systems. As a proof-of-concept, we implement the N-variant method for protection of content of portable media players, e.g., iPod. The flexibility provided by the N-variants enables a number of important tasks, including IP protection, IP metering, security, design optimization, self-adaptation and fault-tolerance. We discuss how N-variant design methodology readily enables new digital rights management methods.

 

3. Noninvasive post-silicon characterization of ICs:   This project targets the key problem of noninvasive post-silicon characterization of integrated circuits. The characterization is done at the gate-level and for properties such as delay, static, or dynamic power. We develop techniques that organize measurements and supply test vectors in such a way that the characterization is accurate, even in presence of measurement errors and manufacturing variability. We formulate the problem as instances of optimization problems. The accuracy is enhanced through compounding optimization with statistical validation techniques. We introduce the novel method of fast noninvasive tomography of ICs that works by integrating characterization optimizations with the new theory of compressive sensing. This method provides unprecedented controllability and observability into the ICs and contribute to radically new understanding of the manufacturing variability distribution and characteristics.

The proposed analysis results and tools create a basis for a range of important and challenging tasks, including: hardware Trojan horse detection in case of untrusted foundries, finding realistic models for the state-of-the-art CMOS nodes that are considered the foundry’s confidential technological edge, forming the data-driven models of process parameters and fault models, establishing the randomness and uniqueness of the underlying distribution for variability-based security, new chip testing methods, on-chip sensor placement to enhance controllability of observability, and post-silicon optimizations. The project brings a radically different tool – compressive sensing –into the hardware characterization arena. While the research projects are intended to provide sound formal analysis, applicable models, analysis tools, and software, they simultaneously advance the theory and practice of integrated circuits, security, optimization, and statistics.

 

4. Benchmarks for distributed embedded sensor-based systems: Benchmarks are a key tool in unifying an emerging technology. When new technologies and concepts are being developed, usually there is no robust and unique solution for their challenges. Various researchers come up with different solutions for the same problem. While everyone by a number of simulations claims his/her approach is an improvement over the previous solutions, it is not easy to have an apple to apple comparison of various solutions; different researchers make different assumptions on their simulations. The reality is that, in the most challenging engineering problems, there is no optimal solution for a general problem; based on the properties of the underlying instance, one solution might be better than the other ones or vice versa. In such a fuzzy situation, benchmark data sets, if they are chosen carefully, can classify different solutions of the problem. They help researchers compare their solutions with the other available solutions under carefully chosen assumptions. The benchmark data sets determine under which conditions one solution performs better than the other solutions.

So far, we have created the first comprehensive and challenging benchmark data set for the ad-hoc location discovery (LD). The benchmark is a collection of representative real-life distance measurement data that establishes a common basis for understanding, characterization, evaluation and comparison of the LD algorithms and solvers. It is constructed using a novel analysis methodology that systematically establishes the difficulty of discovering the locations. Presence of measurement noise renders the problem difficult even in dense networks. The noise impacts the continuous optimization underlying the LD calculations. We focus on the difficulty of node localization in dense networks. In such networks, the location calculation is viewed as a continuous optimization problem instance with an objective function and a set of constraints. We devise a number of new metrics that evaluate the difficulty of the continuous optimization based on the data set properties. For the LD optimization, a fast simulation methodology is devised for rapid analysis of the sensitivity of the goodness with respect to the data set properties. The LD benchmarks are publicly available at: http://www.ece.rice.edu/~mm7/benchLD/

 

5. Spatio-temporal signal processing of laser spectroscopic trace gas sensor networks: This project, develops a prototype integrating trace-gas sensing platform to overcome the biggest barriers (sensor performance, integrated networked platforms, and at-scale deployments), explores the development of sensor technologies, sensor platforms, networking, data analysis, and control in one integrated platform. The PHOTOnic Networked Sensors (PHOTONS) platform, developed from the ground-up, enables researchers, developers, and commercial organizations to rapidly experiment with never-before-possible trace-gas sensing applications in security, and industrial and environmental monitoring in an affordable, portable, power-efficient manner. The key innovations of PHOTONS include advanced sensor technologies, system platform development, and a framework to accelerate development of novel applications such as medical applications.

Our plan is the development of a novel trace-gas sensor that is at least two orders of magnitude smaller, lower cost, and lower power than any commercially available. We devise a three-pier platform consisting of sensor node, new networking primitives, and application toolbox permitting flexible control. This architecture allows the node, the network, of the application to control sensor's sensing accuracy and corresponding energy consumption at fine granularity. The PHOTONS open-access repository provides a standard set of hardware, software, and application libraries, along with complete characterization of performance metrics at multiple granularities. This project is a collaboration with several other research groups at Rice: Prof. Tittel (Laser Science group), Prof. Sabharwal (Center for Multimedia Communication), and Prof. Zhang (Rice Efficient Computing Group).