CV

Assistant Professor

School of Computer and Cyber Sciences, Augusta University

• Hardware Security, Systems Security, CAD for VLSI

Postdoctoral Researcher

Warren B. Nelms Institute for Connected World, Department of Electrical Engineering, University of Florida

Worked with Dr. Swarup Bhunia on research problems related to Hardware Security, System-on-Chip Security and developing attacks/countermeasures for IoT devices

• Hardware Security, Systems Security

Research Intern

IBM System Design Labs, Bangalore, India

Distributed EDA framework for scalable VLSI design management

• Artificial Intelligence, Distributed Systems, CAD for VLSI

Graduate Teaching and Research Assistant

Indian Institute of Technology, Madras

Was Advised by Dr. Kamakoti Veezhinathan. Thesis topic: Gate-sizing for Energy Efficient and Secure Digital Design. Dual Masters and Ph.D. Degree (Converted from MS to PhD in April 2014).

• Hardware Security, Systems Security

MS

IIT Madras

Energy Efficient Computing

PhD

IIT Madras

Electronic Design Automation, Energy Efficient Computing, Systems Security

B.Tech

Pondicherry Engineering College

Electronics and Communication Engineering

Establishing trust in untrusted IC testing and provisioning environment

US Patent

A system for secure testing and provisioning of an integrated circuit (IC) includes, in part, a secure reconfigurable key provisioning architecture (SLEEVE) module disposed in the IC, and a secure asset provisioning hardware entity (SAPHE) module. The IC may include, in part, a modified IEEE 1500 wrapper to control its operation modes. The SLEEVE module may include, in part, an encoding/decoding module and an unlocking module. The encoding/decoding module may include, in part, a decode key stream cipher module, an encode key stream cipher module, Seed Key programmable linear-feedback shift registers (LFSRs), Initialization Vector (IV) LFSRs, and configuration registers. The encoding/decoding module may be configured to generate key bits for decoding and encoding inputs and outputs of the IC. The unlocking module may include, in part, a pattern matching block and a counter. The unlocking module may be configured to enable write access to the configuration registers. The SAPHE module may include, in part, a microcontroller, a logging module, a provisioning module, and a communications module. The SAPHE module may be configured to interact with the IC to obtain a status of the IC during a testing and provisioning process. The logging module may include, in part, dedicated memory segments to store values for configuring the SLEEVE module and unlocking patterns for enabling write access to the configuration registers. The provisioning module may include, in part, a content accessible memory (CAM) module to store encrypted test patterns and encoded asset provisioning vectors for intellectual property (IP) blocks in the IC.

IOLock: An Input/Output Locking Scheme for Protection Against Reverse Engineering Attacks

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Reverse engineering (RE) of hardware designs poses a significant threat to the modern distributed electronics supply chain. RE can be performed at both chip and printed circuit board (PCB) levels by using structural, functional, or combined analysis techniques. Recent studies on artificial intelligence (AI)-inspired RE techniques have seen a drastic increase in the effectiveness of such attacks. While various countermeasures, e.g., logic locking (LL) at the chip level and camouflaging at the board level, have been studies to combat RE, the advent of Boolean satisfiability (SAT)-based functional query at chip level and 3-D imaging attacks at board level has shown that these protections can be easily bypassed. We observe that a common factor that contributes to the success of these attacks at both chip and board levels is the ability of an attacker to observe the input/output (I/O) patterns of a working system. Based on this observation, we present a novel locking scheme called IOLock that can effectively prevent access to golden I/O behavior of a working system. IOLock restricts access to the actual I/Os of the chips in a PCB by introducing a low-overhead key management unit (KMU) that works in conjunction with internal encryption/decryption modules near the I/O ports. The encryption/decryption modules are designed to work with the existing joint test action group (JTAG) infrastructure. IOLock can be used in standalone mode or in conjunction with another LL scheme to enhance the overall security of the design. We evaluate the security guarantees offered by IOLock theoretically, through simulation, and hardware measurements. We show that IOLock provides robust protection against both chip-level and PCB-level RE attacks while incurring minimal design overhead.

MeLPUF: Memory-in-logic PUF structures for low-overhead IC authentication

IEEE Physical Assurance and Inspection of Electronics (PAINE)

Physically Unclonable Functions (PUFs) are used for securing electronic devices across the implementation spectrum ranging from Field Programmable Gate Array (FPGA) to system on chips (SoCs). However, existing PUF implementations often suffer from one or more significant deficiencies: (1) Significant design overhead; (2) Difficulty to configure and integrate based on application-specific requirements; (3) Vulnerability to model-building attacks; and (4) Spatial locality to a specific region of a chip. These factors limit their application in the authentication of designs used in various applications. In this work, we propose MeLPUF: Memory-in-Logic PUF; a low-overhead distributed PUF that leverages the existing logic gates in a design to create cross-coupled inverters (i.e., memory cells), in a logic circuit as an entropy source. It exploits these memory cells' power-up states as the source of entropy to generate device-specific unique fingerprints. A dedicated control signal governs these on-demand memory cells. They can be dispersed across the combinational logic of a design to achieve distributed authentication. They can also be synthesized with a standard logic synthesis tool to meet the target area, power, and performance constraints. We demonstrate the scalability of MeLPUF by aggregating power-up states from multiple memory cells, thus creating PUF signatures or digital identifiers of varying lengths. Our analysis shows the high quality of the PUF in terms of uniqueness, randomness, and robustness while incurring modest overhead.