CS+Buffett - Kevin Fu, University of Michigan

CS+Buffett - Kevin Fu, University of Michigan

New Frontiers in Global Research

Fall 2020: Computer Science and Global Studies

Global challenges necessitate international cooperation and interdisciplinary collaboration; they also call upon us to think anew, to engage alternative approaches and novel methodologies, and to take scholarly risks. Turning to a different locus of invention each quarter, Northwestern Buffett’s New Frontiers in Global Research series explores the spirits of creativity and spaces of invention emerging in global studies research.

This fall, we partner with a department that addresses a relatively young discipline that nonetheless influences nearly every aspect of our lives. Centrally about computing and communication, Computer Science enables us to gather and process data, essential aspects of researching and grappling with any major global problem today, from sustainability and human health to cybersecurity and misinformation. Our fall speakers will give us a sense of the promise and peril in applying computing and data science to our greatest challenges, and it is our hope that their engagement with the Northwestern community will catalyze cutting-edge projects at the intersection of computer science and global studies.

 

Live Stream link: 
https://northwestern.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=994...

Title: 
The Physics of Embedded Security: 
Tickling Sensors with Malicious 
Sound Waves, RF, and Lasers

Abstract

Medical devices, autonomous vehicles, small satellites, factory floors, and the Internet of Things depend on the integrity and availability of trustworthy data from sensors to make safety-critical, automated decisions. How can such cyber-physical systems remain secure against an adversary using intentional interference to fool sensors? Building upon classic research in cryptographic fault injection and side channels, research in analog sensor cybersecurity explores how to protect digital computer systems from physics-based attacks. Analog cybersecurity risks can bubble up into operating systems as bizarre, undefined behavior. For instance, transduction attacks exploit vulnerabilities in the physics of a sensor to manipulate its output. Transduction attacks using audible acoustics, ultrasound, RF, and even lasers can inject chosen signals into sensors found in devices ranging from Fitbits to implantable medical devices to smartphones to voice controlled assistants.

Defenders can fight back with physics, more trustworthy software APIs and a shift in thinking toward system engineering. Fu will explain how to respect von Neumann’s 1956 admonition to design reliable organisms from unreliable components in the context of embedded security. Based on joint work published at USENIX Security 2020; ACM CCS 2019; IEEE Security & Privacy 2020, 2019, 2018, 2013, & 2008; IEEE Euro Security & Privacy 2017, and others.

Biography

Kevin Fu is Associate Professor of EECS at the University of Michigan where he directs the Security and Privacy Research Group (SPQR.eecs.umich.edu) and the Archimedes Center for Medical Device Security (secure-medicine.org).  His research focuses on analog cybersecurity---how to model and defend against threats to the physics of computation and sensing with application to autonomous transportation, medical device design, small satellites, operational technology on factory floors, and the Internet of Things. His publications explore the cybersecurity effects of using lasers to control the output of MEMS microphones, acoustics on controlling the output of MEMS accelerometers, ultrasonic attack theories on diplomats harmed in Cuba, and malicious electromagnetic interference and EW that trick implanted pacemakers into becoming unintentional radio demodulators that inhibit pacing shocks.

Kevin was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, Fed100 Award recipient, and an IEEE Security and Privacy Test of Time Award. He received best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. Fu has testified in the U.S. House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the U.S. National Academy of Medicine. He co-chaired the AAMI cybersecurity working group to create FDA-recognized standards to improve the security of medical device manufacturing. He is a member of the ACM Committee on Computers and Public Policy, the USENIX Security Steering Committee, the N95decon.org team, and federal science advisory groups. He chairs the USENIX Security Test of Time Award committee. Kevin previously served as program chair of USENIX Security, a member of the U.S. NIST Information Security and Privacy Advisory Board, a member of the CRA's Computing Community Consortium Council, and a visiting scientist at the U.S. Food & Drug Administration. Fu received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute and is an intermediate level salsa dancer.