U.S. Army awards Ohio State, Potomac Research, $1.1 million for cybersecurity research

Posted: June 23, 2021

Physics Professor Daniel Gauthier of the College of Arts and Sciences, electrical and computer engineering Professor Emre Koksal of the College of Engineering, and Potomac Research, LLC, recently received a $1.1 million Sequential Phase II Small Business Technology Transfer (STTR) from the U.S. Army to continue research and development of an innovative cybersecurity technology called the Entropy Extraction Device (EED).

The EED is a type of physically unclonable function (PUF), which uses the unpredictability of chaos to assign unique digital fingerprints to electronic chips, making them virtually unhackable. The EED design has been exclusively licensed to Verilock, a startup co-founded by Gauthier and created to bring this Ohio State technology to market.

Koksal is no stranger to defense startups, as the Founder and CEO of Datanchor Inc., an Ohio State research spin-off company.

As a part of the effort, Koksal leads the evaluation of the basic limits of authentication via the PUF hardware built, with the help of ECE Graduate Student Ahmed Bendary.

"Our team will build dynamic detection schemes for key-free hardware and user authentication," he said. "Further, we will build adaptive codes to achieve robust security using unreliable hardware components."

The award is a two-year Phase II follow-on extension of previous Phase II STTR funding allocated by the U.S. Army and will allow for environmental and accelerated-aging tests when used as a firmware update for field-programmable gate arrays, or reconfigurable electronic circuits. When complete, the EED will bolster electronic devices’ cybersecurity and authentication capabilities, adding an extra layer of digital protection to defend against hackers and cyber-attacks.

“There have been really high-profile hacks and ransomware attacks recently,” Gauthier said. “This device would have been able to protect against those types of hacks.”

“As the exclusive licensee of the EED’s underlying technology, we see this award as a very positive signal of the commercial potential of our approach,” said Jim Northup, CEO of Verilock. “This investment will bring us closer to a market-ready product that has been thoroughly tested by the U.S. government and vetted to their highest standards for reliability and security. As the need for superior authentication and data security methods continues to grow in importance, we expect the EED to be a valuable tool in the security toolbox.”

The EED is a new form of a PUF, which leverages miniscule, physical variations — sometimes even at the atomic level — that occur naturally when each individual computer chip is manufactured. These physical differences are used to create a bit pattern — 1s and 0s — that can be used to authenticate that particular chip and its data.

Traditional PUFs have a relatively limited number of bit patterns that can be produced, meaning sophisticated hackers can eventually compromise that chip’s security and expose its information. The EED, however, uses the concept of chaos to generate an effectively innumerable amount of unique bit patterns. In essence, the device can extract more entropy, or randomness, from the chip’s physical characteristics than a traditional PUF.

“The entropy generated by some of the existing PUFs is quite low, whereas ours is very high,” Gauthier said. “When we talk to people in the intelligence community and in the Department of Defense and we say ‘physically unclonable function,’ they say, ‘Well that’s already 20 years old. We’ve been there and done that.’ And we’re saying that we’ve got something quite different here.”

Gauthier and his research group have conducted preliminary feasibility testing of the EED on a small set of chips, which points to its revolutionary potential — so revolutionary that Koksal and his group in the College of Engineering had to develop new theoretical approaches to analyze the EED. The expanded funding from the U.S. Army will allow for further testing and analysis of data to confirm the device’s effectiveness across the wide range of conditions commercial and industrial devices are expected to operate in.

“We’ve done testing on maybe 10 or 20 different chips that we’ve been collecting data from,” Gauthier said. “But for the community to really believe our claims and to get this device in your next laptop, we need to test upward of 1,000 different chips.”

The two-year Sequential Phase II project concentrates on thorough testing of a statistically significant sample of chips to prepare for the launch of a commercial product based on the technology. In parallel, Verilock is pursuing the design of EED realized in an application-specific integrated circuit with the long-term goal of integration in third-party chips, such as the advanced processors powering the connected world. Securing advanced microchips is a key strategic need of the U.S., and embedded EEDs can verify the authenticity and integrity of the global supply chain. Verilock intends to position the EED as a key enabler of the next generation of a secure cybersecurity infrastructure.