RISE Embarks on Phase 2 – Addressing Semiconductor Security Challenges

NCSC has approved funding for RISE Phase 2 from 2023-2026, which is hosted under Professor Máire O’Neill at the Centre for Secure information Technology (CSIT), Queen’s University Belfast. 3 new RISE research projects have been funded by EPSRC, bolstering hardware & embedded systems security research.

The National Cyber Security Centre (NCSC) – a part of GCHQ – has approved funding for RISE Phase 2 from 2023-2026, which is hosted under Professor Máire O’Neill at the Centre for Secure Information Technologies (CSIT), Queen’s University Belfast. Three new RISE research projects have also been funded by the Engineering and Physical Sciences Research Council (EPSRC), bolstering hardware and embedded systems security research, innovation, and industry partnerships.

RISE aims to establish itself as a global hub for research and innovation in hardware security, and as part of phase 2, will have a focus on addressing crucial issues in semiconductor security. The institute’s strategy approach includes fostering close engagement with leading industry partners and stakeholders both within the UK and internationally, with a strong focus on translating research outcomes into practical products, services, and business opportunities to bolster the UK economy.

With the publication of the UK’s National Semiconductor Strategy in May 2023, a key focus of which is to build on our hardware strengths to improve cyber security and ensure that ‘cyber security is considered, and more widely prioritised, at the design stage of chips’, RISE stands poised to contribute significantly, enhancing the UK’s international research standing while augmenting economic competitiveness.

Professor Máire O’Neill summarises the key outcomes of the first phase: “We have made excellent progress across our funded research projects, we kicked-off an international collaboration between the core RISE partners and NTU and NUS in Singapore and launched a UK competition targeting final year UG/MSc students, sponsored by ARM, to help stimulate the next generation of UK hardware security experts.”

Significant research outputs to date include:

  • Plundervolt – an attack developed as part of the University of Birmingham funded project which exploited vulnerabilities with Intel’s Software Guard Extensions, leading to errors that could leak secret information such as encryption keys.
  • Thunderclap – research by the University of Cambridge team that identified vulnerabilities with USB and Thunderbolt interface standards, and which provided security recommendations for hardening systems that were incorporated into the USB 4 standard.
  • An Apple Pay vulnerability discovered by the University of Surrey’s RISE project which showed that Apple Pay in Express Transit mode if used with a Visa card could be abused to make an Apple Pay payment to any shop terminal, of any value, without the need for user authentication.
  • A Queen’s University Belfast project led to the first deep-learning based automated Hardware Trojan (HT) detection system based on gate-level netlists to effectively detect HTs without any pre-knowledge of the circuits. HTs are malicious modifications of integrated circuits.
  • A trusted FPGA environment developed by the University of Manchester team that solves two problems; firstly, it uses their FPGADefender virus scanner to help a cloud service provider (CSP) ensure a user bitstream is not malicious, and secondly, it ensures user IP protection by configuring an FPGA only with encrypted configuration bitstreams.

Phase 2 will involve annual RISE conferences; spring/summer schools; early career researcher training and innovation workshops; a UK/US Workshop on Semiconductor Security; and a UK-wide Training Roadshow. Aligned funding from EPSRC supports three new research projects addressing Trustworthy Deep-Learning based Hardware Trojan Detection at Queen’s University Belfast, Securing and Analysing Trusted Execution Beyond the CPU at the Universities of Southampton and Birmingham, and Securing composable hardware platforms at the University of Manchester.

Professor Máire O’Neill emphasizes, “RISE will continue to play its part in conducting research that addresses security throughout a device’s lifecycle, from the initial design and manufacture through to its operational environment. We will also continue to grow the skillsets and community in the UK in this strategically important area.”

Is Engineering Significant Difference the Key to Enhanced Cybersecurity?

A lively conversation about whether “Engineering Significant Difference” is the key to enhanced cybersecurity.

Contributors:

Peter Davies, Security Expert operating at the convergence of Safety and Security.
An honorary Fellow with Imperial College’s Institute for Security Science & Technology and chair of the AESIN Security Workstream. He is a leading expert on Countering Cyber Attacks targeted Supply Chain infiltration and Cyber Physical Attacks. He has led the Cyber Security aspects of 3 C-CAV research activities and has 30+ years of verifying security systems in hardware and software. Peter likes to say that he does security where it can’t afford to fail. 

Professor Kerstin Eder, University of Bristol, who researches research specification, verification and analysis techniques, allowing engineers to design a system and verify/explore its behaviour in terms of functional correctness, safety, performance, power consumption and energy efficiency. Her work includes both formal methods and traditional simulation-based approaches. She has a strong background in computational logic, especially formal verification, declarative programming languages and their implentation, abstract machines, compilation techniques and meta programming.

Dr Weiqiang Liu is currently a full Professor and the Vice Dean of College of Electronic and Information Engineering, Nanjing University of Aeronautics and Astronautics (NUAA), Nanjing, China. He received the B.Sc. degree in Information Engineering from NUAA and the Ph.D. degree in Electronic Engineering from Queen’s University Belfast (QUB), Belfast, United Kingdom, in 2006 and 2012, respectively.

Dr Daniel Page is currently a Senior Lecturer within the Department of Computer Science, University of Bristol. His current research focuses on challenges in cryptographic engineering, the implementation (in hardware and/or software) of and implementation attacks (relating to both side-channel and fault attacks) on cryptographic primitives and arithmetic in particular. 

Dr. Chongyan Gu is a Lecturer in the School of Electronic Electrical Engineering and Computer Science (EEECS) at Queen’s University Belfast, and a member of the Centre for Secure Information Technologies (CSIT) within Queen’s Global Research Institute of Electronics, Communications & Information Technology (ECIT). Her research focuses on developing advanced hardware security methodologies for enhancing the robustness, reliability, resource efficiency and resilience of hardware devices. 

PhD Studentship Opportunities at Queen’s University Belfast

The Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast is seeking motivated PhD students to work on the following research topics:

For further information and how to apply, please visit the QUB website for PhD study

Automotive Cyber Resilience: Operationalizing, Standards and Research

Presenting the work of AESIN and the UK Automotive Council and Zenzic, supported by Queens University Belfast, University of South Wales, University of Edinburgh and the Turing Institute and with further support from BSI, this series of workshops is designed to:

  • Present and discuss the limitations with existing standards in meeting the requirements of the Automotive and other mobility industries worldwide
  • Present the methodology proposed by AESIN, UK Automotive Council and Zenzic to achieve operationalizable and legally sustainable cyber resilience
  • In the context of that methodology set out the research agenda and give examples of applying the outcomes of existing and potential research in support of the methodology

There are 4 workshops which are each limited to 50 attendees. At each site a different academic partner will highlight examples of applying the outcomes of existing and potential research in different areas in support of the methodology.

The workshops will be held at:

4th Dec 2019 – ECIT, Queen’s University of Belfast, Queen’s Road, Queen’s Island, Belfast, BT3 9DT. QUB are the academic partner and will use research examples from hardware. Click here for tickets

11th Dec 2019 – University of South Wales Conference Centre, CF37 1DL UoSW are the academic partner and will use research examples from Forensics. Click here for tickets

8th Jan 2020 – NXP, Colvilles Road, Glasgow G75 0TG. University of Edinburgh are the academic partner and will use research examples from Modelling. Click here for tickets

15th Jan 2020 – Plexal, 14 East Bay Lane, Here East, Queen Elizabeth Olympic Park, London, E20 3BS. The Turing Institute are the academic partner and will use research examples from mathematics and probability. Click here for tickets

Who should attend?

This event is designed specifically for researchers with an interest in automotive cyber resilience and the application of security and other research outcomes, including PhD and other research students and their supervisors, early career researchers, representatives from industry, government and other defence and security-relevant NGOs.

For further information please refer to the below guide.

IEEE Computer Symposium – Miami, July 2019

Wolfe Centre

We are delighted to welcome another new guest blogger to contribute to the RISE blog for August 2019. Shichao Yu is a PhD student at Queen’s University Belfast, working in the world class research centre – The Centre for Secure Information Technology (CSIT). Thank you Shichao!

Welcome to Miami – Summer is coming!

Hi, I am Shichao, I am typing this blog shortly after the closing remarks of IEEE Computer Society Annual Symposium on VLSI in Miami, which is excellent and provided me an amazing conference experience. This was my first time in Miami, and this is the first conference I have attend with a poster paper. I travelled from Belfast to Miami, from north to south, feeling like I flew into the summer from winter when I just arrived there. If I choose rainy day as the mark of the climate in Belfast, then Miami’s symbol must be sunshine.

ISVLSI 2019 @ Miami

ISVLSI is an IEEE computer society annual symposium with a history over three decades. It explores emerging trends, novel ideas and basic concepts covering a broad range of VLSI-related topics, which also include new technologies and burgeoning application areas, such as hardware security, and artificial intelligence.

This year’s ISVLSI was held at Florida International University in Wolfe University Center.

What impressed me is that more than 25% of submissions this year related to system design and security (SDS), and the submission number occupies the first in all categories. I can see that the security direction is receiving increasing attention from researchers all over the world.

“Can you trust your machine learning system?”

For Hardware Security, the papers presented in this year’s security session mainly focused on logic obfuscation, side channel susceptibility mitigation, secure zone design on NoC (Network on Chip) and Hardware Trojan. The System Design and Security group covers four sub-sessions in three days and two related special session: “Botnet of Things: Hardware Insecurity in the IoT Era” and “Secure, Smart, Connected Devices for Emergent Applications”, which talk about IoT devices and it’s security problems.

In addition, an enlightening keynote “Can you trust your machine learning system?” presented by Professor Sandip Kundu on the second day really attracted me. This presentation showed the potential security issues of machine learning (ML) and deep learning (DL) at this stage and details the possible attack methods. As the Chinese idiom goes, virtue is one foot tall, the devil ten. It always takes constant vigilance to secure new technologies. (That scares me too Shichao!)

Poster Session

The poster session was held in the afternoon of the first day. We had a big ballroom to hang all 30 posters and 4 research demonstrations. The session last nearly two hours, which is much more than the scheduled time, with continuous technical discussions and social communication.

The paper I presented on my poster was “An Improved Automatic Hardware Trojan Generation Platform”, which is a new method to generate Hardware Trojans (HTs) using a highly configurable generation platform based on transition probability. (WOW :O – great stuff Shichao! \0/)

I always enjoy the discussion with other researchers. But, as I work in hardware security, I really hope that I had explained my poster clearly to some researchers who work in software side.

Until Next Time Miami 🙂

Three days ISVLSI went by too quickly and it was super busy. My record is slightly broken, but the great keynotes and presentations are unforgettable. Miami Beach is also beautiful and relaxing.

In the evening of the last day, I took a photo when blue hour made Miami Beach a little tranquil, and said goodbye to this beautiful city. (Good you got to check out the sandy beaches 🙂 BTW where is our present?? 😀 )

Miami Beach front @ dusk