We don’t often think about the computers embedded in devices we use every day—in the kitchen, in the car, even in our bodies. But it’s essential that these embedded devices are secure, private, and trusted.

Wayne Burleson, professor of electrical and computer engineering, is at the forefront of research in computer security. The effort combines expertise in engineering, computer science, nursing, medicine, and public health. “Computer security is hard and interesting, because it involves human adversaries,” he says. “These adversaries are very, very smart.”

Engineers operate on a threat model: who is the adversary, what do they want, what are their capabilities? Burleson and his colleagues perform offensive research to identify security vulnerabilities in embedded devices and to devise countermeasures. “We actually try to break things,” he says.

Embedded security must be ongoing, Burleson says. “You have to constantly monitor; it’s almost like having a guard or a defense force, because there are always new attacks. You have to fix them while maintaining services.”

Some of the guidelines engineers follow to ensure embedded security are incorporating security early into a device’s design, encrypting sensitive traffic, authenticating linked devices, and protecting against unintentional leakage.

The security of embedded medical devices, such as pacemakers, insulin pumps, and neurotransmitters, is essential and is a focus of Burleson’s work. For example, he has worked on security design for an injectable biosensor for personalized cancer drug monitoring to prevent the devices’ data from being stolen or tampered with.

While much of Burleson’s recent research has been on the application side of embedded security, Dan Holcomb, associate professor of electrical and computer engineering, focuses on new techniques for securing hardware, primarily the ubiquitous computer chip. Working with a National Science Foundation (NSF) grant to study supply chain security, his group’s research aims to stop everything from physical attacks to counterfeits and malicious tampering with design.

There are myriad opportunities along the global supply chain for a bad actor to do harm. According to Holcomb, “each hardware system can have different exposure based on the provenance of its IP, design tools, and manufacture, so we try to develop a toolbox of defensive techniques that can be deployed according to situational need.”

One way to improve security is to identify a chip’s unique fingerprint. UMass researchers have devised innovative methods to identify chips, including through their surface texture and through the signature delays of the signals along the wires on the chips, or along the interposer between chiplets. “We can use fingerprints to stop counterfeits. It’s also a good way to detect if someone is tampering with your system, or torturing it in some way to extract its secrets,” Holcomb says.

There is a pressing need for embedded security for critical technological aspects of modern life—from autonomous vehicles, to power distribution, smart homes, critical infrastructure, and finance. To prepare UMass Amherst students for government jobs that address this need, the university participates in CyberCorps: Scholarship for Service. Sponsored by the NSF, this program helps train the next generation of security professionals and researchers who will modernize the executive branch workforce, advance technology at government laboratories, and secure our national defense.