New Hardware Architecture for Security and Privacy

NYUAD Assistant Professor of Electrical and Computer Engineering and director of MoMAlab is looking into a new computer architecture in which all data will be encrypted by default.

Michail Maniatakos began creating software — and selling it — at the age of 14. Since then he has moved on to computer problems far more complicated than the scheduling software he sold to hairdressers and the archiving software bought by photo studios in Athens, where he grew up.

Today Maniatakos is an assistant professor of Electrical and Computer Engineering at NYU Abu Dhabi and laboratory director for the University's faculty research lab Modern Microprocessor Architectures Laboratory, known as MoMAlab.

His research is now focused on security, increasingly essential in a world where so much vital work is done via computers and where the internal architecture of computers has not changed much since the 1970s. Hardware security, Maniatakos' chosen research field, has become a constant concern.

He is currently looking into a new computer architecture in which all data will be encrypted by default.

"Researchers have managed to extract information from a computer by directly observing the internal values of the storage elements," Maniatakos explained. "So if we can convert everything in the hardware to an encrypted version of the data, even if you were to look into my computer, you would not be able to find direct information."

Trusted platform modules now on the market can secure information that is already in a system, but these still require users to play an active role. "By building a new computer with an embedded system that will natively encrypt information, the system is then secured by default," Maniatakos noted.

To ensure correct computation, the data must be encrypted with specific cryptographic schemes that allow meaningful manipulation of encrypted data. Therefore, Maniatakos uses specific "homomorphic" encryption schemes, in which there is a 1:1 association between operations in the encrypted and unencrypted domains. That means that when the result of a homomorphic operation is decrypted, it will match the value of the corresponding unencrypted operation.

General purpose devices such as PCs and laptops typically consist of architectures with several instructions, such as addition, comparison, multiplication, etc. In the encrypted domain, however, the architecture cannot differentiate between instructions, since all data is encrypted. To address this problem, Maniatakos implemented a simple, powerful architecture that employs only one instruction. The judicious selection of that one instruction enables general-purpose computation — similar to typical PCs and laptops.

If we can convert everything in the hardware to an encrypted version of the data, even if you were to look into my computer, you would not be able to find direct information.

Michail Maniatakos, NYUAD assistant professor of Electrical and Computer Engineering.

Maniatakos' research is currently at a software prototype stage. A hardware architecture, to be ported to a Field Programmable Gate Array (FPGA), is currently under development before making it into a fabricated chip (also called Application Specific Integrated Circuit, or ASIC). "But for now, we're still working on improving the performance, security properties, and applicability of this prototype," Maniatakos said.

When successful, the fabrication of the encrypted chips will benefit anyone using a PC and especially those using cloud computing, typically users with a heavy workload but limited local hardware capacity. Buying cloud space allows the user to outsource the workload, but there is no way to ensure security; anyone may be peeking at the data.

Companies do have the option of buying their own servers, but purchasing and maintaining this hardware is not cheap. Encrypted hardware promises to be cost effective, helping an animation movie company, for example, to prevent its upcoming movie from being leaked, or ensuring that a doctor who is consulting a central database does not unwittingly reveal a patient's information. Maniatakos said he hopes his work will allow users to "tap into the knowledge of the world in this computer-savvy era but still be able to protect their identity."

In addition to hardware security, Maniatakos is also researching security in industrial embedded systems such as power grids. "Our electricity providers are smarter now. Using something called the smart grid, they know your exact consumption and when and where you are using your energy," Maniatakos noted. The smart grid allows users to fine-tune where electricity goes, and even store energy in their houses to avoid peak-time electric surcharges. But these smart devices, are also vulnerable to all kinds of cyber-attacks, viruses, and malware.

The implication of such attacks is enormous: these smart devices are connected to electrical substations and linked all the way to power-utility control rooms. Once a hacker works his way up the line, he could switch off the electricity for millions of people, or worse, affect a nuclear power plant.

Recognizing the importance of such research work, Con Edison, a major electricity provider in New York, gave a hefty research grant to Maniatakos and his MoMAlab team to further investigate smart-grid cyber security and find ways to protect the grid.

In the ever-changing landscape of technology, Maniatakos looks forward to continuing to improve these vital systems.

This article originally appeared in NYUAD's 2013-14 Research Report (13MB PDF).