Samuel Pagliarini: We try to demonstrate solutions to real-life scenarios
TalTech professor Samuel Pagliarini joined TalTech in August 2019 and brought a new research topic of Hardware Security with him. Since then he has been leading a Hardware Security research group at TalTech and in this semester will also teach a corresponding course.
About the notion and practical application of hardware security, importance of lab-based seminars, challenges of doing research in Estonia and more in the interview with Samuel.
How it started
I studied Computer Engineering at my Bachelor’s and then followed a specialization course on how to design integrated circuits. In Estonia, there is no equivalent to this, but it is like a Master’s without a thesis, more or less. Afterwards one becomes a certified circuit designer. I did that and then I went to work in the industry. Nevertheless, after just half a year I realized it was not for me, I absolutely disliked the environment and how things were done, it didn’t make any sense to me and I started doing a Master’s degree part-time, working and studying.
After another 6 months I quitted the job completely, focusing on my Master’s. In a short time I started teaching, even though I didn’t have the Master’s degree yet. It made sense to teach some lectures due to my work experience. Further progression from Master’s to PhD was a very natural for me, followed by PostDoc and professorship. From there on it was a very straightforward academic career I would say.
What is Hardware Security?
It is generally accepted that cybersecurity is a kind of umbrella and the notions of software and hardware security are located under it. I don’t really like this definition as I usually don’t consider myself to be working in cybersecurity. I call it hardware security and that’s what I do.
So what is it hardware security? I have a very simple definition — it is the study of all bad things someone can do to a computer chip. Someone can try to reverse engineer the technology in the chip, someone can try to copy the chip, to make its knock off version. Someone can try to listen to what the chip is doing in order to figure out some sort of correlation about the computation that is happening. And then there are also privacy issues, when cryptographic keys that should be private are revealed. The circuits can be also modified maliciously, certain programmes can be executed upon them so they will leak some information or in a rather drastic scenario stop working completely.
This is a summary of the type of studies we do.
Hardware Security research group
I have five PhD students at the moment, all working on different topics, because our goal is to cover a broad array of adversaries. If there is an adversary out there who can manipulate a circuit, I want to have one PhD student that studies that. If there is another adversary interested in copying the circuit to sell cheap versions of it, I have a PhD student who studies that. So that’s how more or less I distribute the topics among my team.
There is one thing, one dimension that we are pushing a lot right now and that is obfuscation, in the sense that we want to design circuits that look like something else - on purpose - to confuse an adversary. This is very-very tricky, since you can of course make a circuit that looks like something else but somehow you have to measure how smart the adversary is to figure out what exactly were the changes that performed. It is very hard to quantify how capable and smart the adversary is, so it is hard to measure the effectiveness of the solution we are proposing. But this is a big topic for us, we spend a lot of time thinking about this and coming up with solutions to make something that should look like A look like B just in order to confuse an adversary.
Hardware Security course at TalTech
Since I joined TalTech I knew I would spend more time on research than on teaching and so in this semester I will teach a full-semester course here at TalTech for the first time.
The title of the course is Hardware Security and content wise I tried to make it as close as possible to the problems that the students will encounter in real life. There are many interesting things within my research, but what is a good scholarly exercise is not necessarily a good topic for a course. Instead, I am going to cover so-called hardware security primitives. These are little pieces of hardware that help to add security to the entire system and I’m going to teach students how to build those. One example of the technology taught in the course is called Physically Unclonable Function (PUF). What it means is that every circuit that is fabricated, even though they are identical (the Intel processor of my computer and of yours function exactly the same) one can give them a unique signature or fingerprints. It is done by exploiting some tiny defects during the fabrication process. We are talking not about bad defects making the circuit non-functional, but about those not influencing the functionality and yet significant enough to measure and make a sort of signature out of them. There are many ways to build these things and I’m going to cover two or three of them in my course.
It is very practical, it is something students will learn during the course and if they ever run into this kind of problem later in their career they will be able to insert signatures to the chips, collect them, create a database and track them.
Regular checks and frequent labs
In general, I like to teach courses that are lab-based, I like to spend a lot of time with the students while they are writing their code, their solution. For me this is always the best kind of cooperation. I don’t like to give student complex homework or projects that they would have to do at home and submit in the end of semester. This is exactly the opposite of my style. I tend to do more of regular checks during frequent labs. For instance, in this semester’s course, there is a lab every week, so we cover the technical/theoretical aspects at the beginning of the lecture and implement them in the lab right after.
How to find your niche?
It is a complicated question, because everyone’s choices are so individual. I can however tell about my experience as a Bachelor’s student and what helped and didn’t help me. Back then I was studying a five-year long programme in Computer Engineering, and it is a weird science because it consists of two sides — electrical engineering and computer science. And I had a strong tendency to like the courses from the latter and dislike the courses from the former, to the point that after 2–3 years I still thought that maybe I should switch and that it was not for me.
But then in my 4th year I was very lucky to attend a course on Circuit Design the topic I am still working on until today, after a decade and a half.
The course was very good and the professor was very easy-going and approachable. For me it was this one thing, one spark, I found my niche, practically out of the blue. There was an array of options that I could have followed, but it happened that way, it was a little bit of luck you can say.
That’s what changed everything for me and defined my future career.
I don’t know what would have happened have I followed the urge to quit or to do something else. I did stick to it for a long time until it finally worked. But I also wouldn’t like to give people an advice to do something they hate. Maybe there is a light at the end of the tunnel, I don’t know. I can only comment on my own experience — it took a long time for me to find a path I really liked, but once I was there it was so clear that there was no doubt this is what I want to do.
What do you do in your free time?
I run. I used to run marathons quite frequently. It was a hobby that I picked up quite late, I never did any running until I was around 25 years old and then from that age until 30 it was all I did. I was running crazy amounts of time, say 15 hours a week was a pretty standard marathon training for me. Running twice per day, running in the morning, running in the afternoon, it was pretty normal. These days I don’t have the same crazy routine, but I still run consistently.
“Every single international experience was very different”
To recap, I did my Bachelor’s and Master’s in Brazil, my PhD in France, my first research appointment was in the UK, second in the US and now professorship here in Estonia.
Every single experience was very different. In the US, you have access to technology and the best scholars you can think of to collaborate. The university is very well-organised, it is like a well-oiled machine, where everything works perfectly and if it doesn’t people get fired. It is a very competitive environment, it is hard to survive in this environment, but if you do you get this I-can-do-it feeling. And I think I kind of have this badge of honour. I have been in the US for four years, my research was very well funded and very successful. I did that until I didn’t want to do it anymore.
In the UK you have a slightly better work-life balance. It is not as bad as in the US but you still put long hours and the research is very competitive.
And then I would put Estonia below those two, as I don’t see the same competitiveness and eagerness. There is a good side to this but also a bad side. We are not super competitive in so many things because social structure is different, you have other things to worry about.
Plans and concerns regarding the future research
I think of my research here as of applied hardware security research. There are other research groups that tend to do more theoretical work and there is absolutely nothing wrong with that, it is their niche, but I prefer applied research.
We really try to demonstrate our solutions and ideas in real-life scenarios. We work very hard to fabricate the chips that contain our ideas or techniques, whatever it is we are working on at a given moment. The chips come back , then we measure, assess and check if things really work and then we publish on that. In the future I want to keep doing that in exactly the same way.
It may create some difficulties because every time you want to go this deep with your demonstrations you have to commit a lot of time and a lot of money. Right now I’m in a place and situation where it is working out great — I am doing it at the moment and I can keep doing it. And I really hope in the future I can still keep funding this type of research that is expensive and long-term.
I say this because when I think of the future, I think of the funding situation here in Estonia and that it still has to improve by a lot. At least the above average researchers in Estonia should get funding, which right now is not there. And so one has to keep writing research proposals, taking a lot of your one’s time as a professor, with only up to 20% of success in the best case scenario. And you have to keep doing these things to keep yourself afloat, it’s tough at times.
Find a suitable programme in English at Tallinn University of Technology (TalTech) to make the first step toward your international career.
