Jakub Szefer Wins CAREER Award For Computer Security Work

07/05/2017
Departments: Computer ScienceElectrical Engineering

Jakub Szefer, assistant professor of electrical engineering, has been selected to receive a 2017 Faculty Early Career Development (CAREER) Award from the National Science Foundation (NSF). 

The award provides funding for Szefer’s project, titled “Security Applications of DRAM Cell Decay Effects.” Awarded to researchers who exemplify the role of teacher-scholars, the CAREER is the NSF’s most prestigious award for junior faculty. 

Szefer’s project focuses on developing an extra layer of security by extracting a “fingerprint” for smart phones and other computer devices. For instance, an iPhone user now might log in to a banking site using a password – which could be stolen. But if the security system also includes the device’s hardware fingerprint, someone would need both the password and the user’s iPhone itself to get into the banking site. 

The project is based on the idea that, at the physical level, the hardware is unique to each device - even among identical models from the same manufacturer. Specifically, Szefer is focusing on dynamic random-access memory (DRAM), a data-storage system found in nearly every smartphone, Internet of Things (IoT), and other computer devices. Over time, the charge in the DRAM’s cell’s storage capacitors dissipates, so a refresh mechanism is needed to recharge the capacitors and keep the data in storage.

“When you fabricate the DRAM of any device, there are small variations in the manufacturing process – the length of the wires might be different, or the capacitors’ thickness might change - and all the variations manifest themselves in a unique behavior of each DRAM,” Szefer said.  Because of these variations, the DRAM cells decay at different rates in different devices. That’s where the “fingerprint” comes from. 

“All the DRAM modules have these variations, so the fingerprint is already there on your phone,” Szefer said. “So our contribution is extracting the fingerprint using the code we’ve written to control precisely the state of DRAM and the refresh cycles. We don’t need any special hardware or other mechanisms – everything is already there.” 

The key research challenge is not just extracting the fingerprint but also being able to put it to practical use. For instance, completely disabling the refresh mechanism would essentially make the smartphone, or other computing device, unusable.  “So we have to selectively disable some of the refresh mechanisms to read the fingerprint, but keep the rest of the DRAM refreshed so your apps keep running.”

Szefer said the five-year project should also lead to other applications, including those related to new hardware-based versions of cryptographic protocols, such as the Oblivious Transfer, in which two or more parties can exchange certain pieces of information but keep others secret.  The goal is to intertwine the physical characteristics of DRAM devices, and potentially others, with the variety of cryptographic protocols.