Projects

HEADS Hardware and Embedded Design and Security LAB

 

Project Repository: https://github.com/HEADS-UNCC

 

Security for Internet-of-Things and Reconfigurable Architectures

Internet-of-Things are resource constrained and connected devices. These are target to remote attacks.
These devices have less computing resources to implement practical real world security practices through software alone. Our research focuses on hardware and embedded layers to leverage and implement efficient security solutions. We are working on exploring Secure Boot and secure Over-the-Air firmware and bitstream updates for reconfigurable architectures like Field Programmable Gate Arrays (FPGAs). Evaluation of secure frameworks with integrating Trusted Platform Modules security features.

• Yutian Gui, Ali Shuja Siddiqui, Suyash Mohan Tamore, and Fareena Saqib. “Security Vulnerabilities of Smart Meters in Smart Grid and Countermeasures.” {ISVLSI 2019 / Paper”}, 2019
• Yutian Gui, Ali Shuja Siddiqui, Fareena Saqib. “Hardware Based Root of Trust for Electronic Control Units.” {SoutheastCon 2018 / Paper}, 2018,
•  Goutham Pocklassery, Wenjie Che, Fareena Saqib, Matthew Areno, Jim Plusquellic, “Self-Authenticating Secure Boot for FPGAs”, IEEE Hardware-Oriented Security and Trust (HOST 2018), pp. 221-226, 2018.
• A.S. Siddiqui, Y. Gui, F. Saqib, “Hardware Based Root of Trust for Electronic Control Units”, IEEE SouthEastCon 2018, St. Petersburg, FL. USA, pp 1-7, 19-22 April 2018.
• A.S. Siddiqui, C-C. Lee, F. Saqib, “Hardware based Protection against Malwares by PUF based Access Control Mechanism”, IEEE 60^th International Midwest Symposium on Circuits and Systems (MWSCAS), Boston, MA, USA, 6-9 August 2017.
• Two students were awarded Richard Newton for participating at Design Automation Conference 2017
  <https://dac.com/content/richard-newton-young-student-fellow-program-0>

 

FPGA Side Channel Analysis and Countermeasures

Side-channel attacks steal secret information such as keys used in the encryption engine. During execution, the leakage of physical (a.k.a. side-channel) information is inevitable and can be utilized to reveal the information based on the fundamental principle that there is a correlated relationship between the side-channel leakage and the internal state of the processing device, which is related to the secret information by exploiting power consumption, electromagnetic radiation, and time-delay. Our research is focused specifically to implement FPGA secure design methodologies to provide hardware resistance against side channel attacks.

Our research objectives include study of hardware based fundamental building blocks and hardware-assisted framework for the field programmable gate array (FPGAs) secure design methodologies to implement countermeasures resistant to side channel attacks. Our design countermeasures include key update/ provisioning, secure key exchange and introducing diversity in the implementations of otherwise functionally identical operations. In this research we employ key update scheme as countermeasure for power and electromagnetic analysis-based attacks on the cryptographic device. The countermeasure utilizes a secure co-processor to provide secure key generation and storage in a trusted environment. We also study other countermeasure scheme integrating design variations in the place and route (P&R) characteristics, that can further change the timing characteristics of paths.

• Yutian Gui, Suyash Mohan Tamore, Ali Shuja Siddiqui, Fareena Saqib. “Key Update Countermeasure for Correlation-Based Side-Channel Attacks,” Journal of Hardware and Systems (HASS), 2020.
• I. Bow, N. Bete, F. Saqib, W. Che, C. Patel, R. Robucci, C. Chan, J. Plusquellic, “Side-Channel Power Resistance for Encryption Algorithms using Implementation Diversity”, MDPI Journal of Cryptography, 2020.
• Yutian Gui, Suyash Mohan Tamore, Ali Shuja Siddiqui, Nahome Bete, Jim Plusquellic and Fareena Saqib.  “A SCA-resilient Design Based on Dynamic Reconfiguration.” {HOST 2019/ DEMO}, 2019
• Yutian Gui, Ali Shuja Siddiqui, Suyash Mohan Tamore, Mary Broyhill, Fareena Saqib. “IoT-UNCC Lab – Smart Bulb” {CSAW’18 / Competition}, 2018
• Fareena Saqib, Jim Plusquellic, Book Chapter-X Hardware Trojans Detection Schemes using Path Delays and Side Channel Analysis”, pp. 221-271 in Farimah Farahmandi, Yuanwen Huang, and Prabhat Mishra (Eds), System-on-Chip Security Validation and Verification, Springer International Publishing 2019.

Security Extensions in RISC-V

 

Exploring techniques for Secure RISC-V architecture. RISC-V, is open-source, and has many applications in the area of Internet of Things (IoT). Currently are working on integrating security technique of (Information Flow Tracking) on RISC-V which can be used to protect the RISC-V cores from run-time attacks like memory corruption and buffer overflows and secure boot solutions integrating the TPM like features to enable measurable boot of the processor.

 

• Ali Shuja Siddiqui, Geraldine Shirley, Girija Bhagwat, Shreya Bendre, Jim Plusquellic, Fareena Saqib, “Secure Design Flow of FPGA based RISC-V Implementation”, International Verification and Security Workshop (IVSW), July 2019.
• G. Shirley, F. Saqib, “Information flow tracking in RISC-V”, 2019 IEEE 16^th International Conference on Smart Cities: Improving Quality of Life using ICT, IoT and AI, UNC Charlotte, October 2019.

 

Securing Communication on CAN FD bus Using Elliptic Curve Cryptography

Hackers have the potential to interrupt and intercept communication on a CAN bus through the OBDII port of a vehicle. Access to this port allows adversaries to perform attacks without the driver’s knowledge or control. This research aims to secure message transmission inside a vehicle by using transmission of secure messages across the bus, and disable the denial of service DoS attacks.

Out research seeks to develop prototype of intra ECU communication framework and evaluate its performance,  new authentication techniques using blockchain technology for distributed nodes, and statistical analysis and evaluation of the proposed techniques against model building, fault injection and other invasive and non-invasive attacks. The aim of our research is to qualify and quantify effects of hardware security primitives and authentication protocols. Currently we are investigating solutions for CAN bus, CAN-FD, and ethernet communication protocols. CAN bus allows rogue nodes to disrupt the performance of critical ECUs, risking the driver and other vehicles on the road. We propose a distributed secure key provisioning and exchange scheme using blockchain technology to authenticate nodes over CANBus.

• Bryson Shannon, Spandana Etikala, Yutian Gui, Ali Shuja Siddiqui, Fareena Saqib, “Blockchain based Distributed Key Provisioning and Secure Communication over CAN FD”, IEEE Computer Society Annual Symposium on VLSI (ISVLSI), Miami, FL, USA, July 2019, 638-644.
• Yutian Gui, Ali Shuja Siddiqui, Jim Plusquellic, Fareena Saqib. “Secure Communication for Intra-Vehicular CANFD Network.” {HOST 2018 / DEMO}, 2018,
•  A.S. Siddiqui, Y. Gui, F. Saqib, “Hardware Based Root of Trust for Electronic Control Units”, IEEE SouthEastCon 2018, St. Petersburg, FL. USA, pp 1-7, 19-22 April 2018.
• A. S. Siddiqui, C-C. Lee, W. Che, J. Plusquellic, F. Saqib, “Secure Intra-Vehicular Communication over CANFD”, Asian Hardware Oriented Security and Trust (AsianHOST, 2017), Beijing, China, 19-20 Oct. 2017.
• A.S. Siddiqui, Y. Gui, J. Plusquellic, F. Saqib, “A secure communication framework for ECUs”, Advances in Science, Technology and Engineering Systems Journal (ASTESJ) Special issue on Recent Advances in Engineering Systems, 2017, 2(3): 1307-1313.
• A.S. Siddiqui, Y. Gui, J. Plusquellic, F. Saqib, “Secure communication over CANBus”, IEEE 60^th International Midwest Symposium on Circuits and Systems (MWSCAS) , Boston, MA, USA, 6-9 August 2017.
• Awarded Best Poster for: Ali Shuja Siddiqui, Jim Plusquellic and Fareena Saqib, “A Secure ECU Design for Automotives”,FICS Research Annual Conference on Cybersecurity 2017.
  <https://fics.institute.ufl.edu/2017-fics-research-conferenbce-poster-winners/>