Below is a comprehensive list of my publications and patents.
You can also check out my Google Scholar
page.
Rowhammer is an increasingly threatening vulnerability that
grants an attacker the ability to flip bits in memory without
directly accessing them. Despite efforts to mitigate Rowhammer
via software and defenses built directly into DRAM modules,
more recent generations of DRAM are actually more susceptible
to malicious bit-flips than their predecessors. This
phenomenon has spawned numerous exploits, showing how
Rowhammer acts as the basis for various vulnerabilities that
target sensitive structures, such as Page Table Entries (PTEs)
or opcodes, to grant control over a victim machine.
However, in this paper, we consider Rowhammer as a
more general vulnerability, presenting a novel exploit
vector for Rowhammer that targets particular code patterns. We
show that if victim code is designed to return benign data to
an unprivileged user, and uses nested pointer dereferences,
Rowhammer can flip these pointers to gain arbitrary read access
in the victim’s address space. Furthermore, we identify
gadgets present in the Linux kernel, and demonstrate an
end-to-end attack that precisely flips a targeted pointer. To do so
we developed a number of improved Rowhammer primitives,
including kernel memory massaging, Rowhammer synchronization,
and testing for kernel flips, which may be of broader
interest to the Rowhammer community. Compared to prior
works’ leakage rate of .3 bits/s, we show that such gadgets
can be used to read out kernel data at a rate of 82.6 bits/s.
By targetting code gadgets, this work expands the scope and
attack surface exposed by Rowhammer. It is no longer sufficient
for software defenses to selectively pad previously exploited
memory structures in flip-safe memory, as any victim
code that follows the pattern in question must be protected.
Rowhammer is a hardware vulnerability in DDR memory by which attackers
can perform specific access patterns in their own memory to flip bits
in adjacent, uncontrolled rows without accessing them. Since its discovery
by Kim et. al. (ISCA 2014), Rowhammer attacks have emerged as an alarming
threat to numerous security mechanisms.
In this paper, we show that Rowhammer attacks can in fact
be more effective when combined with bank-level parallelism,
a technique in which the attacker hammers multiple memory
banks simultaneously. This allows us to increase the amount
of Rowhammer-induced flips 7-fold and significantly speed up
prior Rowhammer attacks relying on native code execution.
Instead of making incremental improvements to existing dynamic hardware
verification approaches, we leverage the observation that existing
software fuzzers already provide such a solution, and hence adapt them for
hardware verification. Specifically, we translate RTL hardware to a
software model and fuzz that model directly. The central challenge we
address is how to mitigate the differences between the hardware and
software execution models. This includes: 1) how to represent test cases,
2) what is the hardware equivalent of a crash, 3) what is an appropriate
coverage metric, and 4) how to create a general-purpose fuzzing harness
for hardware.
The recent Spectre attacks have revealed how the performance gains from branch prediction come at the cost of weakened security. Spectre Variant 1 (v1) shows how an attacker-controlled variable passed to speculatively executed lines of code can leak secret information to an attacker. Numerous defenses have since been proposed to prevent Spectre attacks, each attempting to block all or some of the Spectre variants. In particular, defenses using taint-tracking are claimed to be the only way to protect against all forms of Spectre v1. However, we show that the defenses proposed thus far can be bypassed by combining Spectre with the well-known Rowhammer vulnerability. By using Rowhammer to modify victim values, we relax the requirement that the attacker needs to share a variable with the victim. Thus, defenses that rely on this requirement, such as taint-tracking, are no longer effective. Furthermore, without this crucial requirement, the number of gadgets that can potentially be used to launch a Spectre attack increases dramatically; those present in Linux kernel version 5.6 increases from about 100 to about 20,000 via Rowhammer bit-flips. Attackers can use these gadgets to steal sensitive information such as stack cookies or canaries, or use new triple gadgets to read any address in memory. We demonstrate two versions of the combined attack on example victims in both user and kernel spaces, showing the attack’s ability to leak sensitive data.
Key exchange protocols establish a secret key
to confidentially communicate digital information over public channels.
Lattice-based key exchange protocols are a promising alternative
for next-generation applications due to their quantum-cryptanalysis
resistance and implementation efficiency. While these constructions
rely on the theory of quantum-resistant lattice problems, their
practical implementations have shown vulnerability against sidechannel
attacks in the context of public-key encryption or digital
signatures. Applying such attacks on key exchange protocols is,
however, much more challenging because the secret key changes
after each execution of the protocol, limiting the side-channel
adversary to a single measurement.
In this paper, we demonstrate the first successful power
sidechannel attack on lattice-based key exchange protocols. The attack
targets the hardware implementation of matrix and polynomial
multiplication used in these protocols. The crux of our idea is
to apply a horizontal attack that makes hypothesis on several
intermediate values within a single execution all relating to the same
secret and to combine their correlations for accurately estimating
the secret key. We illustrate that the design of key exchange protocols
combined with the nature of lattice arithmetic enables our attack.
Since a straightforward attack suffers from false positives, we
demonstrate a novel procedure to recover the key by following the
sequence of intermediate updates during multiplication.
We analyzed two key exchange protocols, NewHope (USENIX’16)
and Frodo (CCS’16), and show that their implementations can be
vulnerable to our attack. We test the effectiveness of the proposed
attack using concrete parameters of these protocols on a physical
platform with real measurements. On a SAKURA-G FPGA Board,
we show that the proposed attack can estimate the entire secret key
from a single power measurement with over 99% success rate.
We report on amplified spontaneous broadband terahertz emission in 1–7.6 THz range at 100 K via current injection in a distributed-feedback (DFB) dual-gate graphene-channel transistor. The device exhibited a nonlinear threshold-like behavior with respect to the current-injection level. A precise DFB cavity design is expected to transcend the observed spontaneous broadband emission to single-mode THz lasing.