Medical devices, autonomous vehicles, and the Internet of Things depend on the integrity and availability of trustworthy data from sensors to make safety-critical, automated decisions. How can such cyberphysical systems remain secure against an adversary using intentional interference to fool sensors? Building upon classic research in cryptographic fault injection and side channels, research in analog cybersecurity explores how to protect digital computer systems from physics-based attacks. Analog cybersecurity risks can bubble up into operating systems as bizarre, undefined behavior. For instance, transduction attacks exploit vulnerabilities in the physics of a sensor to manipulate its output. Transduction attacks using audible acoustic, ultrasonic, or radio interference can inject chosen signals into sensors found in devices ranging from fitbits to implantable medical devices to drones and smartphones.
Why do microprocessors blindly trust input from sensors, and what can be done to establish trust in unusual input channels in cyberphysical systems? Why are students taught to hold the digital abstraction as sacrosanct and unquestionable? Come to this talk to learn about undefined behavior in basic building blocks of computing. I will also suggest educational opportunities for embedded security and discuss how to design out analog cybersecurity risks by rethinking the computing stack from electrons to bits. This work brings some closure to my curiosity on why my cordless phone would ring whenever I executed certain memory operations on the video graphics chip of an Apple IIGS.
Kevin Fu is Associate Professor of EECS at the University of Michigan where he directs the Security and Privacy Research Group (SPQR.eecs.umich.edu) and the Archimedes Center for Medical Device Security (secure-medicine.org). His research focuses on analog cybersecurity – how to model and defend against threats to the physics of computation and sensing. His embedded security research interests span from the physics of cybersecurity through the operating system to human factors. Past research projects include MEMS sensor security, pacemaker/defibrillator security, cryptographic file systems, web authentication, RFID security and privacy, wirelessly powered sensors, medical device safety, and public policy for information security & privacy.
Kevin was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, and recipient of a Fed100 Award and NSF CAREER Award. He received best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. He co-founded healthcare cybersecurity startup Virta Labs. Kevin has testified in the House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the National Academy of Medicine. He is a member the Computing Community Consortium Council, ACM Committee on Computers and Public Policy, and the USENIX Security Steering Committee. He advises the American Hospital Association and Heart Rhythm Society on matters of healthcare cybersecurity. Kevin previously served as program chair of USENIX Security, a member of the NIST Information Security and Privacy Advisory Board, a visiting scientist at the Food & Drug Administration, and an advisor for Samsung's Strategy and Innovation Center. Kevin received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute.