Associate Professor of EECS at the University of Michigan
IEEE Fellow and NSF Career Award Recipient
The Physics of Sensor Cybersecurity
Medical devices, autonomous vehicles, and the Internet of Things depend on the integrity and availability of trustworthy data from sensors to make safety-critical, automated decisions. How can such cyber-physical systems remain secure against adversary using intentional interference to fool sensors? Building upon classic research in cryptographic fault injection and side channels, research in analog cybersecurity explores how to protect digital computer systems from physics-based attacks. Analog cybersecurity risks can bubble up into operating systems as bizarre, undefined behavior. For instance, transduction attacks exploit vulnerabilities in the physics of a sensor to manipulate its output. Transduction attacks using audible acoustics, ultrasonic or radio interference can inject chosen signals into sensors found in devices ranging from Fitbits to implantable medical devices to smartphones, drones and CubeSats.
Defenders can fight back with physics, more trustworthy software APIs and a shift in thinking toward system engineering. Fu will explain how to respect von Neumann’s 1956 admonition to design reliable organisms from unreliable components in the context of embedded security. He will also discuss the need for science and engineering national leadership by faculty in Washington on strategic matters of cybersecurity R&D and education.
Kevin Fu is Associate Professor of EECS at the University of Michigan where he directs the SPQR lab (SPQR.eecs.umich.edu) and the Archimedes Center for Medical Device Security (secure-medicine.org). His research focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. His embedded security research interests span from the physics of cybersecurity through the operating system to human factors. Past research projects include MEMS sensor security, pacemaker/defibrillator security, cryptographic file systems, web authentication, RFID security and privacy, wirelessly powered sensors, medical device safety, and public policy for information security & privacy.
Kevin was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, and recipient of a Fed100 Award and NSF CAREER Award. He received best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. He co-founded healthcare cybersecurity startup Virta Labs. Kevin has testified in the House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the National Academy of Medicine. He is a member the Computing Community Consortium Council, ACM Committee on Computers and Public Policy, and the USENIX Security Steering Committee. He advises the American Hospital Association and Heart Rhythm Society on matters of healthcare cybersecurity. Kevin previously served as program chair of USENIX Security, a member of the NIST Information Security and Privacy Advisory Board, a visiting scientist at the Food & Drug Administration, and an advisor for Samsung’s Strategy and Innovation Center. Kevin received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute.