Most or all of the research on hardware secuirty concetrates on securing ASICs and ICs. Eventhough trojan emulation and detection technique evaluation extensively use FPGA, there has been no work to verify the FPGA fabric itself against malicious modifications. This is the first work to address detection malicicious modifications in FPGAs silicon fabric. One of the key advantages of the proposed technique is: detection does not require a golden design.
[A] V. Jyothi, M Thoonoli, R Stern, R Karri, FPGA Trust Zone: Incorporating Trust and Reliability into FPGA Designs, IEEE International Conference on Computer Design, October 2016 (ICCD'16).
[B] Y.Pino, V.Jyothi, M. French, Intra-Die Process Variation Aware Anomaly Detection in FPGAs, IEEE International Test Conference, October 2014 (ITC'14).
[C] Y.Pino, V.Jyothi, M. French, Within-Die Process Variation Aware Anomaly Detection in FPGAs, Government Microcircuit Applications and Critical Technology Conference, April 2014 (GOMACTECH'14).
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm rate close to 0%.
[A] V. Jyothi, X. Wang, S.Addepalli, R. Karri, BRAIN: BehavioR based Adaptive Intrusion detection in Networks: Using Hardware Performance Counters to detect DDoS Attacks, VLSI Design Conference, January 2016 (VLSID'16).
Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol specific fields. However, application layer (L7) field extraction is computationally expensive. This work proposes a Deep Packet Field Extraction Engine (DPFEE) to offload the application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) on a single FPGA, achieved a bandwidth of 257.1 Gbps and this can be easily scaled beyond 300 Gbps.
[A] V. Jyothi, S.Addepalli, R. Karri, DPFEE: A high performance scalable pre-processor for network security systems, IEEE Transactions on Multi-Scale Computing Systems, October 2017 (TMSCS'17).
[B] V. Jyothi, S.Addepalli, R. Karri, Deep Packet Field Extraction Engine (DPFEE): A pre-processor for Network Intrusion Detection and Denial-of-Service Detection Systems, IEEE International Conference on Computer Design, October 2015 (ICCD'15) - Nominated for best paper award.
Embedded System Challenge (ESC) offers a red team blue team platform for hardware security. In the ESC, the blue team (for example, NYU-Poly) designs a target system. The red teams (for example, ESC participating universities) will try to identify and exploit the vulnerabilities in the target system. Assessing the trustworthiness of hardware security techniques by a red team blue team approach mimics the real world attackers and enables effective defense mechanisms.
[A] J. Rajendran, V. Jyothi, and R. Karri, Red team blue team approach to hardware trust assessment: The embedded systems challenge experience, in the Proceedings of IEEE International Symposium on Computer Design, Oct 2011, pp. 285-288 (ICCD'11).
"The Hunt for the Kill Switch" article which appeared in an article of IEEE Spectrum shed light on the importance of TRUST in the IC design & manufacturing cycle. In recent years, economic incentives have driven the semiconductor industry to separate design from fabrication and leading many industries to go fabless. This trend leads to potential vulnerabilities from untrusted circuit foundries to implant malicious hardware Trojans covertly into a genuine design. Hardware Trojans provide back doors for on-chip manipulation, or leak secret information off-chip after the compromised IC is deployed in the field.
In this project, we design a non-invasive hardware trojan detection technique that can identify any malicious modification done to a genuine design. Circuit paths in a design are reconfigured into ring oscillators (ROs) by adding a small amount of logic. Trojans are detected by observing the changes in the frequency of the ROs.
[A] J. Rajendran, V. Jyothi, O. Sinanoglu, and R. Karri, Design and Analysis of Ring Oscillator-based Design-for-Trust technique, in the Proceedings of IEEE VLSI Test Symposium, May 2011, pp. 105-110 (VTS'11).
[A] Reconfiguring functional path into Trojan detecting Ring oscillators (US Patent 20120278893).
Army Research Office (ARO) Workshop on Trustworthy Hardware, NYU - 2013.
IEEE Hardware and Architectural Support for Security and Privacy (HASP).
IEEE International Workshop on Information Forensics and Security (WIFS).
IEEE International Test Conference (ITC).
IEEE Computer Society Annual Symposium on VLSI (ISVLSI).
IEEE International Symposium on Hardware Oriented Security and Trust (HOST).
IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS).
IEEE International Conference on Computer Communications and Networks (ICCCN).
IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).
Journal of Information Security and Applications (JISA).
IEEE European Test Symposium (ETS).
Specialization in Hardware Security and Network Security Architectures.
Specialization in Hardware Design, Hardware Security and Analog Neural Networks.
Global Academy of Technology, Bangalore, India.
Next generation Fleet Management System.
Stealth mode AI Company.
Advanced Hardware Design and Reconfigurable Computing.
Advanced Computer Hardware Design, Computer Engineering Design Project, Computer Architecture, Reconfigurable Systems, Real time Embedded Systems, and Design of Trustworthy Hardware.
Repository related to hardware security techniques including - SAT Attacks, Physically Unclonable Functions, Crytography.
Building application software became seamlessly easy with the advent of application programming interfaces (API), which are a set of subroutine definitions, protocols, and tools for building application software. By abstracting the underlying implementation and only exposing objects or actions the developer needs, an API reduces the cognitive load on a programmer and inherently reduces the development life cycle. However, accelerating applications using FPGAs require considerable expertise in hardware design and digital logic. This project aims at advancing hardware acceleration programming interface (HAPI) for All Programmable System on Chip (APSoC) such as PYNQ. HAPI can provide on-demand hardware acceleration to developers for improving the performance of applications. As a case study, we explore the design space area of accelerating crypto-systems such as DES and AES which play a critical role in security. The goal is to develop hardware libraries required for the application using digital logic design and/or hardware description language. HAPI will provide seamless interface to the underlying hardware libraries to be accessed using software. Once developed, applications can be accelerated using FPGAs even by a person without the knowledge/expertise of hardware design or digital logic.