Publications
In situ microfluidic SERS assay for monitoring enzymatic breakdown of organophosphates
June 3, 2015
Journal Article
Published in:
Nanoscale, Vol. 7, No. 25, 2015, 11013-23.
Topic:
R&D area:
Summary
In this paper, we report on a method to probe the breakdown of the organophosphate (OP) simulants o, s-diethyl methyl phosphonothioate (OSDMP) and demeton S by the enzyme organophosphorous hydrolase (OPH) in a microfluidic device by surface enhanced Raman spectroscopy (SERS). SERS hotspots were formed on-demand inside the microfluidic device by laser-induced aggregation of injected Ag NPs suspensions. The Ag NP clusters, covering micron-sized areas, were formed within minutes using a conventional confocal Raman laser microscope. These Ag NP clusters were used to enhance the Raman spectra of the thiol products of OP breakdown in the microfluidic device: ethanethiol (EtSH) and (ethylsulfanyl) ethane-1-thiol (2-EET). When the OPH enzyme and its substrates OSDMP and demeton S were introduced, the thiolated breakdown products were generated, resulting in changes in the SERS spectra. With the ability to analyze reaction volumes as low as 20 nL, our approach demonstrates great potential for miniaturization of SERS analytical protocols.
Summary
In this paper, we report on a method to probe the breakdown of the organophosphate (OP) simulants o, s-diethyl methyl phosphonothioate (OSDMP) and demeton S by the enzyme organophosphorous hydrolase (OPH) in a microfluidic device by surface enhanced Raman spectroscopy (SERS). SERS hotspots were formed on-demand inside the microfluidic device...
READ MORE
Fabrication process and properties of fully planarized deep-submicron Nb/Al-AlOx/Nb Josephson junctions for VLSI circuits
June 1, 2015
Journal Article
Published in:
IEEE Trans. Appl. Supercond., Vol. 25, No. 3, June 2015, 1101312.
Summary
A fabrication process for Nb/Al-AlOx/Nb Josephson junctions (JJs) with sizes down to 200 nm has been developed on a 200-mm-wafer tool set typical for CMOS foundry. This process is the core of several nodes of a roadmap for fully-planarized fabrication processes for superconductor integrated circuits with 4, 8, and 10 niobium layers developed at MIT Lincoln Laboratory. The process utilizes 248 nm photolithography, anodization, high-density plasma etching, and chemical mechanical polishing (CMP) for planarization of SiO2 interlayer dielectric. JJ electric properties and statistics such as on-chip and wafer spreads of critical current, Ic, normal-state conductance, GN, and run-to-run reproducibility have been measured on 200-mm wafers over a broad range of JJ diameters from 200 nm to 1500 nm and critical current densities, Jc, from 10 kA/cm^2 to 50 kA/cm^2 where the JJs become self-shunted. Diffraction-limited photolithography of JJs is discussed. A relationship between JJ mask size, JJ size on wafer, and the minimum printable size for coherent and partially coherent illumination has been worked out. The GN and Ic spreads obtained have been found to be mainly caused by variations of the JJ areas and agree with the model accounting for an enhancement of mask errors near the diffraction-limited minimum printable size of JJs. Ic and GN spreads from 0.8% to 3% have been obtained for JJs with sizes form 1500 nm down to 500 nm. The spreads increase to about 8% for 200-nm JJs. Prospects for circuit densities > 10^6 JJ/cm^2 and 193-nm photolithography for JJ definition are discussed.
Summary
A fabrication process for Nb/Al-AlOx/Nb Josephson junctions (JJs) with sizes down to 200 nm has been developed on a 200-mm-wafer tool set typical for CMOS foundry. This process is the core of several nodes of a roadmap for fully-planarized fabrication processes for superconductor integrated circuits with 4, 8, and 10...
READ MORE
Inductance of circuit structures for MIT LL superconductor electronics fabrication process with 8 niobium layers
June 1, 2015
Journal Article
Published in:
IEEE Trans. Appl. Supercond., Vol. 25, No. 3, 1 June 2015, 1100905.
Topic:
R&D area:
Summary
Inductance of superconducting thin-film inductors and structures with linewidth down to 250 nm has been experimentally evaluated. The inductors include various striplines and microstrips, their 90 degree bends and meanders, interlayer vias, etc., typically used in superconducting digital circuits. The circuits have been fabricated by a fully planarized process with 8 niobium layers, developed at MIT Lincoln Laboratory for very-large-scale superconducting integrated circuits. Excellent run-to-run reproducibility and inductance uniformity of better than 1% across 200-mm wafers have been found. It has been found that the inductance per unit length of stripline and microstrip line inductors continues to grow as the inductor linewidth is reduced deep into the submicron range to the widths comparable to the film thickness and magnetic field penetration depth. It is shown that the linewidth reduction does not lead to widening of the parameter spread due to diminishing sensitivity of the inductance to the linewidth and dielectric thickness. The experimental results were compared with numeric inductance extraction using commercial software and freeware, and a good agreement was found for 3-D inductance extractors. Methods of further miniaturization of circuit inductors for achieving circuit densities >10^6 Josephson junctions per cm^2 are discussed.
Summary
Inductance of superconducting thin-film inductors and structures with linewidth down to 250 nm has been experimentally evaluated. The inductors include various striplines and microstrips, their 90 degree bends and meanders, interlayer vias, etc., typically used in superconducting digital circuits. The circuits have been fabricated by a fully planarized process with...
READ MORE
Silicon Geiger-mode avalanche photodiode arrays for photon-starved imaging
May 28, 2015
Conference Paper
Published in:
SPIE, Vol. 9492, Advanced Photon Counting Techniques IX, 28 May 2015.
Summary
Geiger-mode avalanche photodiodes (GMAPDs) are capable of detecting single photons. They can be operated to directly trigger all-digital circuits, so that detection events are digitally counted or time stamped in each pixel. An imager based on an array of GMAPDs therefore has zero readout noise, enabling quantum-limited sensitivity for photon-starved imaging applications. In this review, we discuss devices developed for 3D imaging, wavefront sensing, and passive imaging.
Summary
Geiger-mode avalanche photodiodes (GMAPDs) are capable of detecting single photons. They can be operated to directly trigger all-digital circuits, so that detection events are digitally counted or time stamped in each pixel. An imager based on an array of GMAPDs therefore has zero readout noise, enabling quantum-limited sensitivity for photon-starved...
READ MORE
Revised multifunction phased array radar (MPAR) network siting analysis
May 26, 2015
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-425
Summary
As part of the NextGen Surveillance and Weather Radar Capability (NSWRC) program, the Federal Aviation Administration (FAA) is currently developing the solution for aircraft and meteorological surveillance in the future National Airspace System (NAS). A potential solution is a multifunction phased array radar (MPAR) that would replace some or all of the single-purpose radar types used in the NAS today. One attractive aspect of MPAR is that the number of radars deployed would decrease, because redundancy in coverage by single-mission sensors would be reduced with a multifunction system. The lower radar count might then result in overall life cycle cost savings, but in order to estimate costs, a reliable estimate of the number of MPARs is needed. Thus this report addresses the question, "If today's weather and aircraft surveillance radars are replaced by a single class of multimission radars, how many would be needed to replicate the current air space coverage over the United States and its territories?" Various replacement scenarios must be considered, since it is not yet determined which of the organizations that own today's radars (the FAA, the National Weather Service (NWS), the different branches of the U.S. military) would join in an MPAR program. It updates a previous study using a revised set of legacy systems, including 81 additional military airbase radars. Six replacement scenarios were considered, depending on the radar mission categories. Scenario 1 would replace terminal radars only, i.e., the Airport Surveillance Radars (ASRs) and the Terminal Doppler Weather Radar (TDWR). Scenario 2 would include the Scenario 1 radars plus the long-range weather radar, commonly known as NEXRAD. Scenario 3 would add the long-range aircraft surveillance radars, i.e., the Air Route Surveillance Radars (ARSRs), to the Scenario 2 radars. To each of these three scenarios, we then add the military's Ground Position Navigation (GPN) airbase radars for Scenarios 1G, 2G, and 3G. We assumed that the new multimission radar would be available in two sizes--a full-size MPAR and a scaled-down terminal MPAR (TMPAR). Furthermore, we assumed that the new radar antennas would have four sides that could be populated by one, two, three, or four phased array faces, such that the azimuthal coverage provided could be scaled from 90 degrees to 360 degrees. Radars in the 50 United States, Guam, Puerto Rico, U.S. Virgin Islands, Guantanamo Bay (Cuba), and Kwajalein (Marshall Islands) were included in the study.
Summary
As part of the NextGen Surveillance and Weather Radar Capability (NSWRC) program, the Federal Aviation Administration (FAA) is currently developing the solution for aircraft and meteorological surveillance in the future National Airspace System (NAS). A potential solution is a multifunction phased array radar (MPAR) that would replace some or all...
READ MORE
Missing the point(er): on the effectiveness of code pointer integrity
May 18, 2015
Conference Paper
Published in:
2015 IEEE Symp. on Security and Privacy, 18-20 May 2015.
Topic:
R&D area:
R&D group:
Summary
Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Numerous defenses have been proposed against memory corruption attacks, but they all have their limitations and weaknesses. Stronger defenses such as complete memory safety for legacy languages (C/C++) incur a large overhead, while weaker ones such as practical control flow integrity have been shown to be ineffective. A recent technique called code pointer integrity (CPI) promises to balance security and performance by focusing memory safety on code pointers thus preventing most control-hijacking attacks while maintaining low overhead. CPI protects access to code pointers by storing them in a safe region that is protected by instruction level isolation. On x86-32, this isolation is enforced by hardware; on x86-64 and ARM, isolation is enforced by information hiding. We show that, for architectures that do not support segmentation in which CPI relies on information hiding, CPI's safe region can be leaked and then maliciously modified by using data pointer overwrites. We implement a proof-of-concept exploit against Nginx and successfully bypass CPI implementations that rely on information hiding in 6 seconds with 13 observed crashes. We also present an attack that generates no crashes and is able to bypass CPI in 98 hours. Our attack demonstrates the importance of adequately protecting secrets in security mechanisms and the dangers of relying on difficulty of guessing without guaranteeing the absence of memory leaks.
Summary
Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Numerous defenses have been proposed against memory corruption attacks, but they all have their limitations and weaknesses. Stronger defenses such as complete memory safety for legacy languages (C/C++) incur a large overhead, while weaker ones...
READ MORE
Simultaneous transmit and receive (STAR) system architecture using multiple analog cancellation layers
May 17, 2015
Conference Paper
Published in:
2015 IEEE MTT-S Int. Microwave Symp. (IMS 2015) 17-22 May 2015.
Summary
Simultaneous Transmit and Receive operation requires a high amount of transmit-to-receive isolation in order to avoid self-interference. This isolation is best achieved by utilizing multiple cancellation techniques. The combination of adaptive multiple-input multiple-output spatial cancellation with a high-isolation antenna and RF canceller produces a novel system architecture that focuses on cancellation in the analog domain before the receiver's low-noise amplifier. A prototype of this system has been implemented on a moving vehicle, and measurements have proven that this design is capable of providing more than 90 dB of total isolation in realistic multi path environments over a 30 MHz bandwidth centered at 2.45 GHz. Index Terms-Adaptive systems, full-duplex wireless communication, interference cancellation, multiaccess communication, simultaneous transmit and receive, STAR.
Summary
Simultaneous Transmit and Receive operation requires a high amount of transmit-to-receive isolation in order to avoid self-interference. This isolation is best achieved by utilizing multiple cancellation techniques. The combination of adaptive multiple-input multiple-output spatial cancellation with a high-isolation antenna and RF canceller produces a novel system architecture that focuses on...
READ MORE
Repeatable reverse engineering for the greater good with PANDA
May 16, 2015
Conference Paper
Published in:
37th Int. Conf. on Software Engineering, 16 May 2015.
Topic:
R&D area:
R&D group:
Summary
We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses. Further, the replay log files are compact and shareable, allowing for repeatable experiments. A nine billion instruction boot of FreeBSD, e.g., is represented by only a few hundred MB. Furhter, PANDA leverages QEMU's support of thirteen different CPU architectures to make analyses of those diverse instruction sets possible within the LLVM IR. In this way, PANDA can have a single dynamic taint analysis, for example, that precisely supports many CPUs. PANDA analyses are written in a simple plugin architecture which includes a mechanism to share functionality between plugins, increasing analysis code re-use and simplifying complex analysis development. We demonstrate PANDA's effectiveness via a number of use cases, including enabling an old but legitimate version of Starcraft to rund espite a lost CD key, in-depth diagnosis of an Internet Explorer crash, and uncovering the censorship activities and mechanisms of a Chinese IM client.
Summary
We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling...
READ MORE
Coherent beam-combining of quantum cascade amplifier arrays
May 10, 2015
Conference Paper
Published in:
CLEO: Conf. on Lasers and Electro-Optics, 10-15 May 2015.
Topic:
R&D area:
Summary
We present design, packaging and coherent beam combining of quantum cascade amplifier (QCA) arrays, measurements of QCA phase noise, the drive-current-to-optical-phase transfer function, and the small signal gain for QCAs.
Summary
We present design, packaging and coherent beam combining of quantum cascade amplifier (QCA) arrays, measurements of QCA phase noise, the drive-current-to-optical-phase transfer function, and the small signal gain for QCAs.
READ MORE
Unifying leakage classes: simulatable leakage and pseudoentropy
May 2, 2015
Conference Paper
Published in:
8th Int. Conf. Information-Theoretic Security (ICITS 2015), 2-5 May 2015 in Lecture Notes in Computer Science (LNCS), Vol. 9063, 2015, pp. 69-86.
Topic:
R&D area:
R&D group:
Summary
Leakage resilient cryptography designs systems to withstand partial adversary knowledge of secret state. Ideally, leakage-resilient systems withstand current and future attacks; restoring confidence in the security of implemented cryptographic systems. Understanding the relation between classes of leakage functions is an important aspect. In this work, we consider the memory leakage model, where the leakage class contains functions over the system's entire secret state. Standard limitations include functions over the system's entire secret state. Standard limitations include functions with bounded output length, functions that retain (pseudo) entropy in the secret, and functions that leave the secret computationally unpredictable. Standaert, Pereira, and Yu (Crypto, 2013) introduced a new class of leakage functions they call simulatable leakage. A leakage function is simulatable if a simulator can produce indistinguishable leakage without access to the true secret state. We extend their notion to general applications and consider two versions. For weak simulatability: the simulated leakage must be indistinguishable from the true leakage in the presence of public information. For strong simulatability, this requirement must also hold when the distinguisher has access to the true secret state. We show the following: --Weakly simulatable functions retain computational unpredictability. --Strongly simulatability functions retain pseudoentropy. --There are bounded length functions that are not weakly simulatable. --There are weakly simulatable functions that remove pseudoentropy. --There are leakage functions that retain computational unpredictability are not weakly simulatable.
Summary
Leakage resilient cryptography designs systems to withstand partial adversary knowledge of secret state. Ideally, leakage-resilient systems withstand current and future attacks; restoring confidence in the security of implemented cryptographic systems. Understanding the relation between classes of leakage functions is an important aspect. In this work, we consider the memory leakage...
READ MORE