-
Designing a Photonic Physically Unclonable Function Having Resilience to Machine Learning Attacks
Authors:
Elena R. Henderson,
Jessie M. Henderson,
Hiva Shahoei,
William V. Oxford,
Eric C. Larson,
Duncan L. MacFarlane,
Mitchell A. Thornton
Abstract:
Physically unclonable functions (PUFs) are designed to act as device 'fingerprints.' Given an input challenge, the PUF circuit should produce an unpredictable response for use in situations such as root-of-trust applications and other hardware-level cybersecurity applications. PUFs are typically subcircuits present within integrated circuits (ICs), and while conventional IC PUFs are well-understoo…
▽ More
Physically unclonable functions (PUFs) are designed to act as device 'fingerprints.' Given an input challenge, the PUF circuit should produce an unpredictable response for use in situations such as root-of-trust applications and other hardware-level cybersecurity applications. PUFs are typically subcircuits present within integrated circuits (ICs), and while conventional IC PUFs are well-understood, several implementations have proven vulnerable to malicious exploits, including those perpetrated by machine learning (ML)-based attacks. Such attacks can be difficult to prevent because they are often designed to work even when relatively few challenge-response pairs are known in advance. Hence the need for both more resilient PUF designs and analysis of ML-attack susceptibility. Previous work has developed a PUF for photonic integrated circuits (PICs). A PIC PUF not only produces unpredictable responses given manufacturing-introduced tolerances, but is also less prone to electromagnetic radiation eavesdrop** attacks than a purely electronic IC PUF. In this work, we analyze the resilience of the proposed photonic PUF when subjected to ML-based attacks. Specifically, we describe a computational PUF model for producing the large datasets required for training ML attacks; we analyze the quality of the model; and we discuss the modeled PUF's susceptibility to ML-based attacks. We find that the modeled PUF generates distributions that resemble uniform white noise, explaining the exhibited resilience to neural-network-based attacks designed to exploit latent relationships between challenges and responses. Preliminary analysis suggests that the PUF exhibits similar resilience to generative adversarial networks, and continued development will show whether more-sophisticated ML approaches better compromise the PUF and -- if so -- how design modifications might improve resilience.
△ Less
Submitted 2 April, 2024;
originally announced April 2024.
-
A Photonic Physically Unclonable Function's Resilience to Multiple-Valued Machine Learning Attacks
Authors:
Jessie M. Henderson,
Elena R. Henderson,
Clayton A. Harper,
Hiva Shahoei,
William V. Oxford,
Eric C. Larson,
Duncan L. MacFarlane,
Mitchell A. Thornton
Abstract:
Physically unclonable functions (PUFs) identify integrated circuits using nonlinearly-related challenge-response pairs (CRPs). Ideally, the relationship between challenges and corresponding responses is unpredictable, even if a subset of CRPs is known. Previous work developed a photonic PUF offering improved security compared to non-optical counterparts. Here, we investigate this PUF's susceptibil…
▽ More
Physically unclonable functions (PUFs) identify integrated circuits using nonlinearly-related challenge-response pairs (CRPs). Ideally, the relationship between challenges and corresponding responses is unpredictable, even if a subset of CRPs is known. Previous work developed a photonic PUF offering improved security compared to non-optical counterparts. Here, we investigate this PUF's susceptibility to Multiple-Valued-Logic-based machine learning attacks. We find that approximately 1,000 CRPs are necessary to train models that predict response bits better than random chance. Given the significant challenge of acquiring a vast number of CRPs from a photonic PUF, our results demonstrate photonic PUF resilience against such attacks.
△ Less
Submitted 2 March, 2024;
originally announced March 2024.
-
Demonstration of a Hardware-Independent Toolkit for Automated Quantum Subcircuit Synthesis
Authors:
Elena R. Henderson,
Jessie M. Henderson,
Aviraj Sinha,
Eric C. Larson,
Mitchell A. Thornton
Abstract:
The quantum computer has become contemporary reality, with the first two-qubit machine of mere decades ago transforming into cloud-accessible devices with tens, hundreds, or -- in a few cases -- even thousands of qubits. While such hardware is noisy and still relatively small, the increasing number of operable qubits raises another challenge: how to develop the now-sizeable quantum circuits execut…
▽ More
The quantum computer has become contemporary reality, with the first two-qubit machine of mere decades ago transforming into cloud-accessible devices with tens, hundreds, or -- in a few cases -- even thousands of qubits. While such hardware is noisy and still relatively small, the increasing number of operable qubits raises another challenge: how to develop the now-sizeable quantum circuits executable on these machines. Preparing circuits manually for specifications of any meaningful size is at best tedious and at worst impossible, creating a need for automation. This article describes an automated quantum-software toolkit for synthesis, compilation, and optimization, which transforms classically-specified, irreversible functions into both technology-independent and technology-dependent quantum circuits. We also describe and analyze the toolkit's application to three situations -- quantum read-only memories, quantum random number generators, and quantum oracles -- and illustrate the toolkit's start-to-finish features, from the input of classical functions to the output of technology-dependent quantum circuits. Furthermore, we illustrate how the toolkit enables research beyond circuit synthesis, including comparison of synthesis and optimization methods and deeper understanding of even well-studied quantum algorithms. As quantum hardware continues to develop, such quantum circuit toolkits will play a critical role in realizing its potential.
△ Less
Submitted 8 February, 2024; v1 submitted 2 September, 2023;
originally announced September 2023.
-
CNN-Assisted Steganography -- Integrating Machine Learning with Established Steganographic Techniques
Authors:
Andrew Havard,
Theodore Manikas,
Eric C. Larson,
Mitchell A. Thornton
Abstract:
We propose a method to improve steganography by increasing the resilience of stego-media to discovery through steganalysis. Our approach enhances a class of steganographic approaches through the inclusion of a steganographic assistant convolutional neural network (SA-CNN). Previous research showed success in discovering the presence of hidden information within stego-images using trained neural ne…
▽ More
We propose a method to improve steganography by increasing the resilience of stego-media to discovery through steganalysis. Our approach enhances a class of steganographic approaches through the inclusion of a steganographic assistant convolutional neural network (SA-CNN). Previous research showed success in discovering the presence of hidden information within stego-images using trained neural networks as steganalyzers that are applied to stego-images. Our results show that such steganalyzers are less effective when SA-CNN is employed during the generation of a stego-image. We also explore the advantages and disadvantages of representing all the possible outputs of our SA-CNN within a smaller, discrete space, rather than a continuous space. Our SA-CNN enables certain classes of parametric steganographic algorithms to be customized based on characteristics of the cover media in which information is to be embedded. Thus, SA-CNN is adaptive in the sense that it enables the core steganographic algorithm to be especially configured for each particular instance of cover media. Experimental results are provided that employ a recent steganographic technique, S-UNIWARD, both with and without the use of SA-CNN. We then apply both sets of stego-images, those produced with and without SA-CNN, to an exmaple steganalyzer, Yedroudj-Net, and we compare the results. We believe that this approach for the integration of neural networks with hand-crafted algorithms increases the reliability and adaptability of steganographic algorithms.
△ Less
Submitted 24 April, 2023;
originally announced April 2023.
-
A Programmable True Random Number Generator Using Commercial Quantum Computers
Authors:
Aviraj Sinha,
Elena R. Henderson,
Jessie M. Henderson,
Eric C. Larson,
Mitchell A. Thornton
Abstract:
Random number generators (RNG) are essential elements in many cryptographic systems. True random number generators (TRNG) rely upon sources of randomness from natural processes such as those arising from quantum mechanics phenomena. We demonstrate that a quantum computer can serve as a high-quality, weakly random source for a generalized user-defined probability mass function (PMF). Specifically,…
▽ More
Random number generators (RNG) are essential elements in many cryptographic systems. True random number generators (TRNG) rely upon sources of randomness from natural processes such as those arising from quantum mechanics phenomena. We demonstrate that a quantum computer can serve as a high-quality, weakly random source for a generalized user-defined probability mass function (PMF). Specifically, QC measurement implements the process of variate sampling according to a user-specified PMF resulting in a word comprised of electronic bits that can then be processed by an extractor function to address inaccuracies due to non-ideal quantum gate operations and other system biases. We introduce an automated and flexible method for implementing a TRNG as a programmed quantum circuit that executes on commercially-available, gate-model quantum computers. The user specifies the desired word size as the number of qubits and a definition of the desired PMF. Based upon the user specification of the PMF, our compilation tool automatically synthesizes the desired TRNG as a structural OpenQASM file containing native gate operations that are optimized to reduce the circuit's quantum depth. The resulting TRNG provides multiple bits of randomness for each execution/measurement cycle; thus, the number of random bits produced in each execution is limited only by the size of the QC. We provide experimental results to illustrate the viability of this approach.
△ Less
Submitted 7 April, 2023;
originally announced April 2023.
-
LAST: Latent Space Assisted Adaptive Sampling for Protein Trajectories
Authors:
Hao Tian,
Xi Jiang,
Sian Xiao,
Hunter La Force,
Eric C. Larson,
Peng Tao
Abstract:
Molecular dynamics (MD) simulation is widely used to study protein conformations and dynamics. However, conventional simulation suffers from being trapped in some local energy minima that are hard to escape. Thus, most computational time is spent sampling in the already visited regions. This leads to an inefficient sampling process and further hinders the exploration of protein movements in afford…
▽ More
Molecular dynamics (MD) simulation is widely used to study protein conformations and dynamics. However, conventional simulation suffers from being trapped in some local energy minima that are hard to escape. Thus, most computational time is spent sampling in the already visited regions. This leads to an inefficient sampling process and further hinders the exploration of protein movements in affordable simulation time. The advancement of deep learning provides new opportunities for protein sampling. Variational autoencoders are a class of deep learning models to learn a low-dimensional representation (referred to as the latent space) that can capture the key features of the input data. Based on this characteristic, we proposed a new adaptive sampling method, latent space assisted adaptive sampling for protein trajectories (LAST), to accelerate the exploration of protein conformational space. This method comprises cycles of (i) variational autoencoders training, (ii) seed structure selection on the latent space and (iii) conformational sampling through additional MD simulations. The proposed approach is validated through the sampling of four structures of two protein systems: two metastable states of E. Coli adenosine kinase (ADK) and two native states of Vivid (VVD). In all four conformations, seed structures were shown to lie on the boundary of conformation distributions. Moreover, large conformational changes were observed in a shorter simulation time when compared with conventional MD (cMD) simulations in both systems. In metastable ADK simulations, LAST explored two transition paths toward two stable states while cMD became trapped in an energy basin. In VVD light state simulations, LAST was three times faster than cMD simulation with a similar conformational space.
△ Less
Submitted 27 April, 2022;
originally announced April 2022.
-
Smartphone Camera Oximetry in an Induced Hypoxemia Study
Authors:
Jason S. Hoffman,
Varun Viswanath,
Xinyi Ding,
Matthew J. Thompson,
Eric C. Larson,
Shwetak N. Patel,
Edward Wang
Abstract:
Hypoxemia, a medical condition that occurs when the blood is not carrying enough oxygen to adequately supply the tissues, is a leading indicator for dangerous complications of respiratory diseases like asthma, COPD, and COVID-19. While purpose-built pulse oximeters can provide accurate blood-oxygen saturation (SpO$_2$) readings that allow for diagnosis of hypoxemia, enabling this capability in unm…
▽ More
Hypoxemia, a medical condition that occurs when the blood is not carrying enough oxygen to adequately supply the tissues, is a leading indicator for dangerous complications of respiratory diseases like asthma, COPD, and COVID-19. While purpose-built pulse oximeters can provide accurate blood-oxygen saturation (SpO$_2$) readings that allow for diagnosis of hypoxemia, enabling this capability in unmodified smartphone cameras via a software update could give more people access to important information about their health, as well as improve physicians' ability to remotely diagnose and treat respiratory conditions. In this work, we take a step towards this goal by performing the first clinical development validation on a smartphone-based SpO$_2$ sensing system using a varied fraction of inspired oxygen (FiO$_2$) protocol, creating a clinically relevant validation dataset for solely smartphone-based methods on a wide range of SpO$_2$ values (70%-100%) for the first time. This contrasts with previous studies, which evaluated performance on a far smaller range (85%-100%). We build a deep learning model using this data to demonstrate accurate reporting of SpO$_2$ level with an overall MAE=5.00% SpO$_2$ and identifying positive cases of low SpO$_2$<90% with 81% sensitivity and 79% specificity. We ground our analysis with a summary of recent literature in smartphone-based SpO2 monitoring, and we provide the data from the FiO$_2$ study in open-source format, so that others may build on this work.
△ Less
Submitted 31 March, 2021;
originally announced April 2021.
-
On the Interpretability of Deep Learning Based Models for Knowledge Tracing
Authors:
Xinyi Ding,
Eric C. Larson
Abstract:
Knowledge tracing allows Intelligent Tutoring Systems to infer which topics or skills a student has mastered, thus adjusting curriculum accordingly. Deep Learning based models like Deep Knowledge Tracing (DKT) and Dynamic Key-Value Memory Network (DKVMN) have achieved significant improvements compared with models like Bayesian Knowledge Tracing (BKT) and Performance Factors Analysis (PFA). However…
▽ More
Knowledge tracing allows Intelligent Tutoring Systems to infer which topics or skills a student has mastered, thus adjusting curriculum accordingly. Deep Learning based models like Deep Knowledge Tracing (DKT) and Dynamic Key-Value Memory Network (DKVMN) have achieved significant improvements compared with models like Bayesian Knowledge Tracing (BKT) and Performance Factors Analysis (PFA). However, these deep learning based models are not as interpretable as other models because the decision-making process learned by deep neural networks is not wholly understood by the research community. In previous work, we critically examined the DKT model, visualizing and analyzing the behaviors of DKT in high dimensional space. In this work, we extend our original analyses with a much larger dataset and add discussions about the memory states of the DKVMN model. We discover that Deep Knowledge Tracing has some critical pitfalls: 1) instead of tracking each skill through time, DKT is more likely to learn an `ability' model; 2) the recurrent nature of DKT reinforces irrelevant information that it uses during the tracking task; 3) an untrained recurrent network can achieve similar results to a trained DKT model, supporting a conclusion that recurrence relations are not properly learned and, instead, improvements are simply a benefit of projection into a high dimensional, sparse vector space. Based on these observations, we propose improvements and future directions for conducting knowledge tracing research using deep neural network models.
△ Less
Submitted 27 January, 2021;
originally announced January 2021.
-
AirWare: Utilizing Embedded Audio and Infrared Signals for In-Air Hand-Gesture Recognition
Authors:
Nibhrat Lohia,
Raunak Mundada,
Arya D. McCarthy,
Eric C. Larson
Abstract:
We introduce AirWare, an in-air hand-gesture recognition system that uses the already embedded speaker and microphone in most electronic devices, together with embedded infrared proximity sensors. Gestures identified by AirWare are performed in the air above a touchscreen or a mobile phone. AirWare utilizes convolutional neural networks to classify a large vocabulary of hand gestures using multi-m…
▽ More
We introduce AirWare, an in-air hand-gesture recognition system that uses the already embedded speaker and microphone in most electronic devices, together with embedded infrared proximity sensors. Gestures identified by AirWare are performed in the air above a touchscreen or a mobile phone. AirWare utilizes convolutional neural networks to classify a large vocabulary of hand gestures using multi-modal audio Doppler signatures and infrared (IR) sensor information. As opposed to other systems which use high frequency Doppler radars or depth cameras to uniquely identify in-air gestures, AirWare does not require any external sensors. In our analysis, we use openly available APIs to interface with the Samsung Galaxy S5 audio and proximity sensors for data collection. We find that AirWare is not reliable enough for a deployable interaction system when trying to classify a gesture set of 21 gestures, with an average true positive rate of only 50.5% per gesture. To improve performance, we train AirWare to identify subsets of the 21 gestures vocabulary based on possible usage scenarios. We find that AirWare can identify three gesture sets with average true positive rate greater than 80% using 4--7 gestures per set, which comprises a vocabulary of 16 unique in-air gestures.
△ Less
Submitted 25 January, 2021;
originally announced January 2021.
-
Writers Gonna Wait: The Effectiveness of Notifications to Initiate Aversive Action in Writing Procrastination
Authors:
Chatchai Wangwiwattana,
Sunjoli Aggarwal,
Eric C. Larson
Abstract:
This paper evaluates the use of notifications to reduce aversive-task-procrastination by hel** initiate action. Specifically, we focus on aversion to graded writing tasks. We evaluate software designs commonly used by behavior change applications, such as goal setting and action support systems. We conduct a two-phase control trial experiment with 21 college students tasked to write two 3000-wor…
▽ More
This paper evaluates the use of notifications to reduce aversive-task-procrastination by hel** initiate action. Specifically, we focus on aversion to graded writing tasks. We evaluate software designs commonly used by behavior change applications, such as goal setting and action support systems. We conduct a two-phase control trial experiment with 21 college students tasked to write two 3000-word writing assignments (14 students fully completed the experiment). Participants use a customized text editor designed to continuously collect writing behavior. The results from the study reveal that notifications have minimal effect in encouraging users to get started. They can also increase negative effects on participants. Other techniques, such as eliminating distraction and showing simple writing statistics, yield higher satisfaction among participants as they complete the writing task. Furthermore, the incorporation of text mining decreases aversion to the task and helps participants overcome writer's block. Finally, we discuss lessons learned from our evaluation that help quantify the difficulty of behavior change for writing procrastination, with emphasis on goals for the HCI community.
△ Less
Submitted 25 January, 2021;
originally announced January 2021.
-
Swapped Face Detection using Deep Learning and Subjective Assessment
Authors:
Xinyi Ding,
Zohreh Raziei,
Eric C. Larson,
Eli V. Olinick,
Paul Krueger,
Michael Hahsler
Abstract:
The tremendous success of deep learning for imaging applications has resulted in numerous beneficial advances. Unfortunately, this success has also been a catalyst for malicious uses such as photo-realistic face swap** of parties without consent. Transferring one person's face from a source image to a target image of another person, while kee** the image photo-realistic overall has become incr…
▽ More
The tremendous success of deep learning for imaging applications has resulted in numerous beneficial advances. Unfortunately, this success has also been a catalyst for malicious uses such as photo-realistic face swap** of parties without consent. Transferring one person's face from a source image to a target image of another person, while kee** the image photo-realistic overall has become increasingly easy and automatic, even for individuals without much knowledge of image processing. In this study, we use deep transfer learning for face swap** detection, showing true positive rates >96% with very few false alarms. Distinguished from existing methods that only provide detection accuracy, we also provide uncertainty for each prediction, which is critical for trust in the deployment of such detection systems. Moreover, we provide a comparison to human subjects. To capture human recognition performance, we build a website to collect pairwise comparisons of images from human subjects. Based on these comparisons, images are ranked from most real to most fake. We compare this ranking to the outputs from our automatic model, showing good, but imperfect, correspondence with linear correlations >0.75. Overall, the results show the effectiveness of our method. As part of this study, we create a novel, publicly available dataset that is, to the best of our knowledge, the largest public swapped face dataset created using still images. Our goal of this study is to inspire more research in the field of image forensics through the creation of a public dataset and initial analysis.
△ Less
Submitted 9 September, 2019;
originally announced September 2019.