A paper written by Kaiyuan Yang, assistant professor of electrical and computer engineering (ECE) at Rice, was named a 2022 Top Pick in Hardware and Embedded Security by the IEEE Hardware Security and Trust Technical Committee (HSTTC).
Yang’s paper was one of three honored this year. Top Picks recognizes the best papers published in the fields of hardware security, spanning subjects from microarchitecture to embedded systems. Eligible are papers published in conferences/journals in the last six years, including security, architecture, CAD and hardware security venues.
The paper addresses for the first time the possibility that a fabrication-time attacker can explore the analog behaviors of digital circuits to create a hardware backdoor that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before affecting a chip’s functionality). The attack diverts charge from unlikely signal transitions to implement its trigger, making it invisible to all known side-channel detection methods.
As an analog circuit, it is below the digital layer and missed by verification on the hardware description language. As a part of the implementation, Yan’s paper shows that a fabrication-time attacker can leverage the empty space common in chip layouts to implement malicious circuits. Experimental results on an open source processor prove that the attack works in silicon, leads to remotely controllable privilege escalation, eludes activation by a diverse set of benchmarks and suggests that it evades known defenses.
Yang earned his M.S. and Ph.D. in ECE from the University of Michigan in 2014 and 2017, respectively, and his B.S. in electrical engineering from Tsinghua University in China in 2012.
He joined the Rice faculty in 2017 and directs the SIMS Lab, which focuses on creating new hardware (integrated circuits and micro-systems) to enable emerging applications not possible without miniaturized electronics powered by tiny batteries.