200 Technology Square
Cambridge, MA 02139


Computation Structures Group
Top People Publications Projects Courses Miscellaneous



The Search project aims to develop secure architectures for pervasive computing applications. We are investigating the development of :
  • Secure networks of devices: The integration of wearable and embedded devices into a pervasive computing environment requires significant attention to security and privacy issues. We are developing a system architecture with associated protocols for secure pervasive computing.

  • Secure smartcards: A Physical Unknown Function (PUF) is a function that maps challenges to responses, that is embodied by a physical device, and which is easy to evaluate and hard to characterize. PUF's can be implemented using hidden keys in tamper-resistant integrated circuits or by exploiting the statistical variation due to the inherent complexity of manufacturing integrated circuits. We are developing secure smartcards based on PUF's.

  • Secure processors: We are designing a secure processor, the Search processor, based on PUF's. This processor will enable many applications in the domain of intellectual property protection, software licensing and certified execution.

Secure Hardware Processors using Silicon Physical One-Way Functions (View complete abstract)
Dwaine Clarke, Blaise Gassend, Marten van Dijk and Srinivas Devadas
Introduction: Physical one way functions (POWF) are functions that combine an input value with the state of a physical system to produce an output value. In addition, they have in common with classical one way functions (OWF) that they are difficult to invert: given an output value, it is hard to find an input value and a physical system that would produce that output.

POWFs were introduced in [1], where they are implemented by shining a mobile laser beam through a nonhomogenous medium and observing the resulting speckle pattern. They were used to make unclonable ID cards. Indeed, an important characteristic of POWFs is that when it is difficult to reproduce the physical system or to characterize it precisely enough to simulate it, an unclonable system results.

In many current applications, in particular smart cards, unclonability is provided by supplying a supposedly secure chip with a key that is supposed to remain hidden within the chip. The chip proves its identity by proving that it is the bearer of the right key. Unfortunately, experience shows that a host of techniques are available for hackers to extract the key from a chip (see [2]). Once the key is extracted an attacker knows everything about the chip and is able to make a clone, or a malicious imitation of it.

The Untrusted Computer Problem and Camera Based Authentication (View complete abstract)
Matt Burnside, Dwaine Clarke, Blaise Gassend, Thomas Kotwal, Marten van Dijk, Srinivas Devadas, Ronald Rivest
Introduction: The use of computers in public places is increasingly common in everyday life. In using one of these computers, a user is trusting it to correctly carry out her orders. For many transactions, particularly banking operations, blind trust in a public terminal will not satisfy most users. Our aim is therefore to provide the user with authenticated communication between herself and a remote trusted computer, via the untrusted public terminal.

Access-Controlled Resource Discovery (View complete abstract)
Matt Burnside, Dwaine Clarke, Sanjay Raman, Srinivas Devadas, Ronald Rivest
Introduction: Resource discovery is one of the fundamental challenges that must be faced in the context of pervasive computing. The dynamic nature of pervasive networks makes it difficult for users and applications to know exactly which resources are available at any given time. Furthermore, pervasive computing environments typically handle a diverse and heterogeneous set of users and resources, including computationally-limited devcies, posing new and different security challenges. Communication channels between many disparate devices must be secure and access control must be granted to resources in order to regulate their usage. While several systems propose resource discovery solutions for dynamic environments, they do not consider how the integration of security protocols influence scalability and performance. Here we describe a resource discovery system that provides access-controlled resource discovery, using the Intentional Naming System (INS). INS [1] is a naming system that enables applications to describe what they are looking for not where to find it. The access-controlled resource discovery system is part of a larger security infrastructure based strongly on proxy-based SPKI/SDSI [2] to provide a distributed security framework for pervasive networks of devices and computers.

Proxy-Based Security Protocols in Networked Mobile Resources (View complete abstract)
Matthew Burnside, Dwaine Clarke, Todd Mills, Andrew Maywah, Srinivas Devadas, Ronald Rivest
Introduction: The goals of ubiquitous and pervasive computing [1, 2] are becoming more and more feasible as the number of computing resources1 in the world increases rapidly. However, there are still significant hurdles to overcome when integrating wearable and embedded resources into a ubiquitous computing environment. These hurdles include designing resources smart enough to collaborate with each other, increasing ease-of-use, and enabling enhanced connectivity between the different resources. Security in the system is extremely important; resources must only allow access to authorized users and must also keep the communication secure when transmitting or receiving personal or private information.


Malleable Caches
Commit-Reconcile and Fences(CRF)
Old CAA Projects

Computer-Aided Devices
Hardware Synthesis

Programming Languages
pH (Parallel Haskell)
Implicit Parallel Programming in pH