Abstract: Medical devices, autonomous vehicles, small satellites, factory floors, and the Internet of Things depend on the integrity and availability of trustworthy data from sensors to make safety-critical, automated decisions. How can such cyber-physical systems remain secure against an adversary using intentional interference to fool sensors? Building upon classic research in cryptographic fault injection and side channels, research in analog sensor cybersecurity explores how to protect digital computer systems from physics-based attacks. Analog cybersecurity risks can bubble up into operating systems as bizarre, undefined behavior. For instance, transduction attacks exploit vulnerabilities in the physics of a sensor to manipulate its output. Transduction attacks using audible acoustics, ultrasound, RF, and even lasers can inject chosen signals into sensors found in devices ranging from Fitbits to implantable medical devices to smartphones to voice controlled assistants.
Defenders can fight back with physics, more trustworthy software APIs and a shift in thinking toward system engineering. Fu will explain how to respect von Neumann’s 1956 admonition to design reliable organisms from unreliable components in the context of embedded security. Based on joint work published at USENIX Security 2020; ACM CCS 2019; IEEE Security & Privacy 2020, 2019, 2018, 2013, & 2008; IEEE Euro Security & Privacy 2017, and others.
Bio: Kevin Fu is Associate Professor of EECS at the University of Michigan where he directs the Security and Privacy Research Group (SPQR.eecs.umich.edu) and the Archimedes Center for Medical Device Security (secure-medicine.org). His research focuses on analog cybersecurity---how to model and defend against threats to the physics of computation and sensing with application to autonomous transportation, medical device design, small satellites, operational technology on factory floors, and the Internet of Things. His publications explore the cybersecurity effects of using lasers to control the output of MEMS microphones, acoustics on controlling the output of MEMS accelerometers, ultrasonic attack theories on diplomats harmed in Cuba, and malicious electromagnetic interference and EW that trick implanted pacemakers into becoming unintentional radio demodulators that inhibit pacing shocks.
Kevin was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, Fed100 Award recipient, and an IEEE Security and Privacy Test of Time Award. He received best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. Fu has testified in the U.S. House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the U.S. National Academy of Medicine. He co-chaired the AAMI cybersecurity working group to create FDA-recognized standards to improve the security of medical device manufacturing. He is a member of the ACM Committee on Computers and Public Policy, the USENIX Security Steering Committee, the N95decon.org team, and federal science advisory groups. He chairs the USENIX Security Test of Time Award committee. Kevin previously served as program chair of USENIX Security, a member of the U.S. NIST Information Security and Privacy Advisory Board, a member of the CRA's Computing Community Consortium Council, and a visiting scientist at the U.S. Food & Drug Administration. Fu received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute and is an intermediate level salsa dancer.