Research

My research focuses on hardware security, side-channel analysis, and secure implementations of novel software algorithms. Below are selected projects and publications.

Post-Quantum Cryptography · Side-Channel Analysis · FPGA Acceleration

Under Submission

2023–2025

Exploring Side-Channel Protections in Hardware Implementations of PQC ML-KEM Verification

This work provides a systematic evaluation of side-channel vulnerabilities in hardware implementations of ML-KEM (previously known as CRYSTALS-Kyber) decapsulation verification, with a focus on the Fujisaki–Okamoto (FO) transform. While prior research has largely examined software and microcontroller platforms, this study investigates whether FPGA-based acceleration improves side-channel resilience or merely amplifies leakage. We implement and analyze three verification designs, unprotected, hash-based, and higher-order masked, on both a Cortex-M4 microcontroller and a Spartan-6 FPGA. Through detailed power and EM analyses, we show that hardware parallelism significantly improves the signal-to-noise ratio, enabling reliable classification of decapsulation outcomes and full secret-key recovery even for higher-order masked designs. These results demonstrate that countermeasures developed for serial platforms do not directly translate to parallel hardware, underscoring the need for architecture-aware side-channel protections for post-quantum cryptography.

  • Parallelism Amplifies Leakage: Demonstrates that increasing comparison width and hardware parallelism on FPGAs dramatically increases SNR and side-channel observability, often exceeding leakage seen on microcontrollers.
  • Hash-Based FO Verification Remains Insecure: SHAKE-128-based comparisons leak through early permutation rounds, and lightweight execution randomization fails to prevent collision-style side-channel attacks on FPGA designs.
  • Higher-Order Masking Breaks down on FPGAs: Despite being t-probing secure in theory, higher-order masked implementations leak strongly when parallelized, enabling successful attacks with higher accuracy than prior microcontroller-based results.
  • Implications for PQC Deployment: Highlights the necessity of hardware-aware verification redesigns for ML-KEM, especially as PQC moves toward widespread adoption in high-performance and embedded systems.

Hardware Security · USB Hub Congestion · Privacy

HOST 2025

2023–2024

Preprint (PDF)Slides

USBSnoop -- Revealing Device Activities via USB Congestions

This work introduces USBSnoop, a new class of remote side-channel attacks that exploit congestion within shared USB hubs to infer sensitive user activity. Inspired by prior congestion-based attacks on PCIe, this research demonstrates that USB, despite its ubiquity and perceived benignity, leaks high-resolution timing information that can be exploited without physical access or special privileges. We show that a malicious USB device can profile the keystroke and web-browsing behavior of co-located devices by carefully saturating the hub bandwidth and observing latency variations. Using machine-learning techniques, these congestion traces enable accurate recovery of typed passwords and fingerprinting of visited websites across multiple USB generations and under real-world network conditions, revealing systemic weaknesses in the USB standard that are difficult to mitigate solely in software.

  • Stealthy and Remote Threat Model: Attacks require no physical access, administrator privileges, and operates under normal user configurations.
  • Keystroke Recovery via USB Hubs: Shows that interrupt-based USB devices (keyboards) can be profiled using congestion induced by a spoofed USB mouse, achieving high password recovery accuracy using HMMs
  • Website Fingerprinting at Scale: Uses bulk-transfer congestion to fingerprint browsing activity with BiLSTM models, achieving over 87% Top-3 accuracy across multiple hubs, networks, and even VPN usage.
  • Cross-Generation Applicability: Validated on USB 2.0, USB 3.X, and USB-C hubs, highlighting that the vulnerability is architectural rather than device-specific.