## Hardware for Secure Autonomy

Md Tanvir Arafin

May 31, 2023

The C4I and Cyber Center George Mason University Fairfax, VA



# Hardware Security & Autonomous Systems

#### Smart Yet Vulnerable Hardware



Subaru Cockpit [Image https://www.subaru.com/vehicles/outback/gallery.html] Tesla Cockpit [Image https://www.tesla.com/tesla-gallery, Courtesy of Tesla, Inc.]

## Autonomous Systems

#### Key Idea

Intelligent machines sense, plan, and act in a changing environment



#### Questions

How to verify data or processes at the edge?

How to accelerate cryptography computation?

How to enable secure data aggregation and distributed learning?

## Secure Sensing and Fusion at the Physical Layer

## Global Positioning System (GPS) Spoofing: Evidence

#### Crimea, 2021



#### White Rose, 2013



Pokemon GO, 2016



#### Lockheed RQ-170, 2013



Russia spoofed AIS data. Source://www.theregister.com/2021/06/24/russia\_ais\_spoofing/

## Synchronization in Smart Grid



## Crystal Oscillators

#### Obiquitous

Piezo-electric quartz crystal

- Intrinsically Unclonable
  - Imperfect cutting
  - Cutting variations
  - Physically unclonable time offset
- Reliable Correct timing with temperature variation





## Fault in Our Clocks



Clock offset between two GPS clocks

Clock offset for TCXO and MEMS clocks

#### Key Idea

Measure drift (unclonable) against the received GPS signal (untrusted) to detect spoofing

#### Results: Meaconing and Replay Attack



(a) Spoofing attack at 5130 seconds (b) Estimation of the frequency offset (black curve) and the LL of the frequency offset(red curve) and (c) Estimation of the frequency drift and the LL of the frequency drift.

[Joint work with NIST]

Arafin, Anand, & Qu, GLSVLSI 2017. A low-cost GPS spoofing detector designed for Internet of Things (IoT) applications. p 161. [Best Paper Nomination]

## Current Works & Capabilities

#### Physical Layer Security of Sensor Hardware

- Security of intelligent sensor processing units (ISPUs) from side-channel (SC) and fault injection attacks.
- Novel SC attacks and countermeasures using probabilistic modelling of logic computation.



SC and FI set-up in our lab with Chip-Whisperer (CWLITE) boards.

## Current Works & Capabilities

#### Physical Layer Security of Sensor Hardware

Sensor security for Wireless Industrial Node

- ◎ 3D accelerometer + gyro-based inertial measurement units
- Ultra-low-power 3-axis accelerometer
- ◎ 3-axis magnetometer, and barometer etc.



Sensor evaluation platform in our lab using CWLITE and STEVAL-STWINBX1 Development Kit

## Secure Hardware Architecture for Intelligent Systems

## Post Quantum Cryptography (PQC) Accelerators

#### Key Idea

Simple error correction techniques (i.e., parity) can lead to lightweight yet quantum-resistant cryptography.



Fabricated device and basic matrix-vector computation

Arafin, Shen, Tehranipoor & Qu, GLSVLSI 2019. LPN-based Device Authentication Using Resistive Memory. p 9.

## Current Works & Capabilities

- Hardware accelerator prototyping for post-quantum cryptography (PQC) and fully-homomorphic encryption (FHE).
- Applied cybersecurity issues in domain-specific computation.
- ◎ FPGA prototyping in Xilinx Ultrascale+ and Versal devices.



Xilinx Ultrascale+ platform in our lab for acceleration prototyping.

## Current Works & Capabilities

- Hardware accelerator tape-out capability for PQC and FHE.
- ◎ Semiconductor manufacturing and security research.
- ◎ Secure system-on-chip design for medical applications.
- Experience in open-source Skywater 130nm technology.



Low power RISC-V taped out by our lab on Skywater 130nm technology.\*

<sup>\*</sup>Fabrication support by Apple

Hardware Security in the System Level Information Fusion

## Hardware Security of AI/ML Tools



Xu, Arafin, Qu, ASP-DAC 2021, Hardware Security of neural networks from a hardware perspective: A survey and beyond

YOLO v1 [CVPR16.Redmon.YOLO].

#### Funded by ARLIS

## Current Works & Capabilities

- Driving and sensor fusion using Robot Operating System (ROS) and Autoware.
- Experimentation capabilities for secure vision pipeline.





Attack simulation on Autoware using ROS2 and Applo (CYSE 465 project).

Jetson Orin with 3D-vision capability.

#### Conclusions

We bring both *experimental and theoretical* hardware and system security research capabilities in

- ◎ Side-channel, fault injection attacks on real targets;
- FPGA prototyping and remote SCA analysis;
- ASIC design;
- Secure sensor fusion;
- Semiconductor supply chain issues.

## Contributions and Accomplishments



#### Device and Circuits

- PUFs [TC 2021 🏆, ASP-DAC 2017, ICCAD 2015]
- Approximate Computing [Computer 2017, GLSVLSI 2017 🍝]
- Supply Chain Integrity [ISCAS 2017]



#### Architecture

- Accelerators [ASPDAC 2021, SOCC 2020, GLSVLSI 2019]
- In-memory Computation [ASPDAC 2022, TVLSI 2018]
- Vulnerability [GLSVLSI 2020]



#### Systems

- ROT [CISS 2021, IOTSMS 2020, ASIAN-HOST 2018 🏆]
- ML Security [ASPDAC 2021, ASIAN-HOST 2020]
- Hardware Reverse Engineering



## Additional Slides

## Modeling a Clock

#### State Space Model

$$X_{n} = F_{n}X_{n-1} + W_{n}$$
(4)  
$$\xi_{n} = H_{n}X_{n} + V_{n}$$
(5)

| Clock state             | X = [x, y, D] |
|-------------------------|---------------|
| Time offset             | X             |
| Frequency offset        | У             |
| Frequency drift         | D             |
| State transition matrix | F             |
| Process noise           | W             |

## Energy-Efficient In-Memory Architecture for Cryptography



Latency of N-bit fixed-point multiplier.

Area /  $\mu m^2$  & energy consumption / pJ for a single 32-bit floating-point multiplier

Lu, Arafin, & Qu, ASP-DAC 2021. RIME: A scalable and energy-efficient processing-in-memory architecture for floating-point operations. p. 120.

## Energy-Efficient In-Memory Architecture for Cryptography



Implementation of a RIME computation unit



Implementation of a 4-bit Wallace-tree multiplier in RIME.

Lu, Arafin, & Qu, ASP-DAC 2021. RIME: A scalable and energy-efficient processing-in-memory architecture for floating-point operations. p. 120.

## Hardware Lottery

#### Axiom

We are moving away from processor-centric to data-centric architecture



Multicore Architecture vs. TPU

Patterson, ISCA 2018 A New Golden Age for Computer Architecture: Domain-Specific Hardware/Software Co-Design. p. 1.

#### Hardware Security

- Security is a *full-stack*, *cross-layered* problem
- Hardware: the weakest link

#### Hardware Security

- Security is a *full-stack*, *cross-layered* problem
- Hardware: the weakest link
- O Hardware: the strongest link

#### Lab Members



Tanvir Arafin Pl marafin@gmu.edu



Fahim Ahmed Ph.D student\* fahmed32@gmu.edu



Huizhen Zhao MS student hzou9@gmu.edu



Adnan Alam Undergraduate student aalam24@gmu.edu