Patents by Inventor Kevin A. Kwiat
Kevin A. Kwiat has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220309192Abstract: In one embodiment, the invention is a method and apparatus for designing combinational logics with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a design method such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several methods as shown in several embodiments. The methods include randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.Type: ApplicationFiled: June 2, 2022Publication date: September 29, 2022Applicant: Government of the United States as Represented by the Secretary of the Air ForceInventors: YIYU SHI, TRAVIS SCHULZE, KEVIN KWIAT, CHARLES A. KAMHOUA
-
Patent number: 11354452Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.Type: GrantFiled: October 30, 2018Date of Patent: June 7, 2022Assignee: United States of America as represented by the Secretary of the Air ForceInventors: Yiyu Shi, Travis Schulze, Kevin Kwiat, Charles Kamhoua
-
Patent number: 11354451Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.Type: GrantFiled: October 30, 2018Date of Patent: June 7, 2022Assignee: United States of America as represented by the Secretary of the Air ForceInventors: Yiyu Shi, Travis Schulze, Kevin Kwiat, Charles Kamhoua
-
Patent number: 10812500Abstract: A cyberthreat detection method and system includes a distributed file system and a commodity cluster. The commodity cluster has a plurality of servers. A data array of key-value pairs related to social media is received; it stores a plurality of predetermined ground predicates. A ground predicate graph is constructed for each user then partitioned into balanced portions Pi each corresponding to a server and the ground predicates stored on that server. In parallel on each server, a plurality of leaned rules are determined for the files stored on that server. From a union of the plurality of learned rules, the system determines a respective weight for each of the learned rules. The plurality of rules are ranked in order of accuracy by the plurality of weights.Type: GrantFiled: January 30, 2018Date of Patent: October 20, 2020Assignee: The United States of America as represented by the Secretary of the Air ForceInventors: Praveen Rao, Charles Kamhoua, Kevin Kwiat, Laurent Njilla
-
Publication number: 20200026887Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.Type: ApplicationFiled: October 30, 2018Publication date: January 23, 2020Inventors: YIYU SHI, TRAVIS SCHULZE, KEVIN KWIAT, CHARLES KAMHOUA
-
Publication number: 20200026886Abstract: The invention is a secure logic chip with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a secure logic chip design such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several features including randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.Type: ApplicationFiled: October 30, 2018Publication date: January 23, 2020Inventors: YIYU SHI, TRAVIS SCHULZE, KEVIN KWIAT, CHARLES KAMHOUA
-
Publication number: 20190238564Abstract: A cyberthreat detection method and system includes a distributed file system and a commodity cluster configured in data communication via a network, wherein the commodity cluster is defined as a plurality m of servers, each including a computer processor and a non-transitory computer-readable storage medium. The system and method includes receiving a data array characterized by a key and a value in a set of pairs relating to social media posts and users, storing a plurality of predetermined ground predicates, constructing a ground predicate graph for each user reflected in the array, constructing a user centric graph having one or more vertices and one or more edges and wherein each vertex represents the ground predicate graph corresponding to each user. The method includes partitioning the user centric graph into balanced portions Pi corresponding to the number of servers and wherein the ground predicates of each vertex in partition Pi are stored as a file on a server associated with that partition Pi.Type: ApplicationFiled: January 30, 2018Publication date: August 1, 2019Inventors: Praveen Rao, Charles Kamhoua, Kevin Kwiat, Laurent Njilla
-
Patent number: 10348752Abstract: The invention comprises a system and article of manufacture to discover potential cyber threats on Twitter. The invention provides a unified framework for modeling and reasoning about the veracity of tweets to discover suspicious users and malicious content. The invention builds on the concept of Markov logic networks (MLNs) for knowledge representation and reasoning under uncertainty.Type: GrantFiled: May 3, 2017Date of Patent: July 9, 2019Assignee: The United States of America as represented by the Secretary of the Air ForceInventors: Praveen Rao, Charles Kamhoua, Laurent Njilla, Kevin Kwiat
-
Publication number: 20190087607Abstract: The invention is a method for designing combinational logics with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a design method such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several methods as shown in several embodiments. The methods include randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.Type: ApplicationFiled: October 30, 2018Publication date: March 21, 2019Inventors: YIYU SHI, TRAVIS SCHULZE, KEVIN KWIAT, CHARLES KAMHOUA
-
Publication number: 20180324196Abstract: The invention comprises a system and article of manufacture to discover potential cyber threats on Twitter. The invention provides a unified framework for modeling and reasoning about the veracity of tweets to discover suspicious users and malicious content. The invention builds on the concept of Markov logic networks (MLNs) for knowledge representation and reasoning under uncertainty.Type: ApplicationFiled: May 3, 2017Publication date: November 8, 2018Inventors: PRAVEEN RAO, CHARLES KAMHOUA, LAURENT NJILLA, KEVIN KWIAT
-
Patent number: 10121011Abstract: Apparatus, method and article of manufacture providing a randomized encoding scheme for sequential logics, for resistance to data leakage. Invention employs dual-rail encoding to randomize the information in the chip, and employs three-dimensional integration technology to protect the critical information that is needed to decode the data anywhere on-chip. With the present invention, even when the entire design is completely known to the attacker who also has full access to the outsourced portion, it is still not always possible to identify the information in the chip using data leakage Trojans.Type: GrantFiled: January 3, 2017Date of Patent: November 6, 2018Assignee: The United States of America as represented by the Secretary of the Air ForceInventors: Kevin Kwiat, Charles Kamhoua, Laurent Njilla, Yiyu Shi, Travis Schulze
-
Publication number: 20180137290Abstract: Apparatus, method and article of manufacture providing a randomized encoding scheme for sequential logics, for resistance to data leakage. Invention employs dual-rail encoding to randomize the information in the chip, and employs three-dimensional integration technology to protect the critical information that is needed to decode the data anywhere on-chip. With the present invention, even when the entire design is completely known to the attacker who also has full access to the outsourced portion, it is still not always possible to identify the information in the chip using data leakage Trojans.Type: ApplicationFiled: January 3, 2017Publication date: May 17, 2018Inventors: KEVIN KWIAT, CHARLES KAMHOUA, LAURENT NJILLA, YIYU SHI, TRAVIS SCHULZE
-
Patent number: 9832220Abstract: A method for enhancing security in a cloud computing system by allocating virtual machines over hypervisors, in a cloud computing environment, in a security-aware fashion. The invention solves the cloud user risk problem by inducing a state such that, unless there is a change in the conditions under which the present invention operates, the cloud users do not gain by deviating from the allocation induced by the present invention. The invention's methods include grouping virtual machines of similar loss potential on the same hypervisor, creating hypervisor environments of similar total loss, and implementing a risk tiered system of hypervisors based on expense factors.Type: GrantFiled: September 22, 2015Date of Patent: November 28, 2017Assignee: The United States of America as represented by the Secretary of the Air ForceInventors: Luke Kwiat, Charles Kamhoua, Kevin Kwiat
-
Publication number: 20170085582Abstract: A method for enhancing security in a cloud computing system by allocating virtual machines over hypervisors, in a cloud computing environment, in a security-aware fashion. The invention solves the cloud user risk problem by inducing a state such that, unless there is a change in the conditions under which the present invention operates, the cloud users do not gain by deviating from the allocation induced by the present invention. The invention's methods include grouping virtual machines of similar loss potential on the same hypervisor, creating hypervisor environments of similar total loss, and implementing a risk tiered system of hypervisors based on expense factors.Type: ApplicationFiled: September 22, 2015Publication date: March 23, 2017Inventors: LUKE KWIAT, CHARLES KAMHOUA, KEVIN KWIAT
-
Patent number: 7877748Abstract: A computer and software method and apparatus for distributed data processing which provides agreement between data sources (sensors) and data sinks (actuators) as to what data has been written into a shared buffer. The invention further provides methods and means for meeting data timeliness requirements. Invention employs a programming primitive which recognizes semantics so as to provide a consistent view of computation modules over prescribed time intervals, called “epochs”. Application-level control of the asynchrony and timing of information flow between various computation modules is realized. The invention has applications which include sensor fusion and network gaming.Type: GrantFiled: November 2, 2005Date of Patent: January 25, 2011Assignee: The United States of America as represented by the Secretary of the Air ForceInventors: Kevin A. Kwiat, Kaliappanadar Ravindran, Ali S. Sabbir
-
Publication number: 20060130030Abstract: A computer and software method and apparatus for distributed data processing which provides agreement between data sources (sensors) and data sinks (actuators) as to what data has been written into a shared buffer. The invention further provides methods and means for meeting data timeliness requirements. Invention employs a programming primitive which recognizes semantics so as to provide a consistent view of computation modules over prescribed time intervals, called “epochs”. Application-level control of the asynchrony and timing of information flow between various computation modules is realized. The invention has applications which include sensor fusion and network gaming.Type: ApplicationFiled: November 2, 2005Publication date: June 15, 2006Inventors: Kevin Kwiat, Kaliappanadar Ravindran, Ali Sabbir
-
Publication number: 20060080678Abstract: Method for securing tasks and servers in a distributed system from outside attack. Tasks are protected from modification and faulty execution using a combination of redundancy and distribution of data. A stripe virtual machine process control the execution of remote tasks at each server. Stripes are executed redundantly on multiple servers and concurrently on each server. A poller determines the majority machine state among the servers. Attacks are annulled by voting down the attacked server's state and restoring it to the majority state.Type: ApplicationFiled: September 7, 2004Publication date: April 13, 2006Inventors: Mark Bailey, Kevin Kwiat
-
Patent number: 6704887Abstract: A method and apparatus is disclosed which provides improved security in distributed-environment voting. At least three voting processors running a voting algorithm are connected to a local area network (LAN) and exchange their individually determined results of a process application. Each result is committed to an interface module where it is checked, authenticated and buffered. The allotted time for receiving and buffering committed results is constrained by a first timed interval within the interface module. The first timed interval may be reset several times. The allotted time for checking and comparing the committed results from each processor is constrained by a second timed interval within each voting processor. A majority vote of those authenticated committed results is formed once all necessary iterations of the both the first and second timed intervals are completed.Type: GrantFiled: March 8, 2001Date of Patent: March 9, 2004Assignee: The United States of America as represented by the Secretary of the Air ForceInventors: Kevin A. Kwiat, Benjamin C. Hardekopf
-
Publication number: 20020129296Abstract: A method and apparatus is disclosed which provides improved security in distributed-environment voting. At least three voting processors running a voting algorithm are connected to a local area network (LAN) and exchange their individually determined results of a process application. Each result is committed to an interface module where it is checked, authenticated and buffered. The allotted time for receiving and buffering committed results is constrained by a first timed interval within the interface module. The first timed interval may be reset several times. The allotted time for checking and comparing the committed results from each processor is constrained by a second timed interval within each voting processor. A majority vote of those authenticated committed results is formed once all necessary iterations of the both the first and second timed intervals are completed.Type: ApplicationFiled: March 8, 2001Publication date: September 12, 2002Inventors: Kevin A. Kwiat, Benjamin C. Hardekopf