Before joining IIT Bombay, Prof. Sayandeep Saha had two stints as a postdoctoral researcher. His first stint was at Nanyang Technological University, Singapore with Prof. Thomas Peyrin, and the second one was at UC Louvain Belgium with Prof. François-Xavier Standaert. Prior to this, he completed his Ph.D. in the Department of Computer Science and Engineering at IIT Kharagpur under the supervision of Prof. Debdeep Mukhopadhyay and Prof. Pallab Dasgupta.
His primary area of research is Hardware Security and Cryptography. In his Ph.D. and postdoctoral research, he worked on Fault Attacks for Symmetric-key Cryptosystems and Post-quantum Public-key Cryptosystems. He also works on Side-Channel Attacks and other aspects of Hardware Security, such as Microarchitectural Attacks and Logic Locking.
Outside of his research, he spends most of his leisure time reading books and travelling.
Can you share with us the pivotal moments or experiences during your academic journey that led you to specialize in Hardware Security and Cryptography?
It all started from an internship at IIT Kharagpur during my B.Tech in which I worked on Image Watermarking. There, I was exposed to the world of hardware security. Seeing the keys being recovered from an AES core within a minute was the watershed moment in my career. Eventually, I ended up joining the group as an MS student working on Hardware Trojan detection problems with Prof. Rajat Subhra Chakraborty and Prof. Debdeep Mukhopadhyay. The journey continued with Prof. Debdeep Mukhopadhyay and Prof. Pallab Dasgupta during my Ph.D.
Could you elaborate on your Ph.D. research that earned you the EDAA Outstanding Dissertation Award in 2022? What were the key findings or contributions of your dissertation?
My Ph.D. research had two distinct verticals. In one of the verticals, we developed some of the first automated tools to evaluate the security of protected/unprotected block ciphers against Fault Attacks (ExpFault and ALAFA/DL-FALAT). The other part was more focused on attacks and their countermeasures, where we proposed the Fault Template Attacks (FTA), having significant theoretical and practical impact on Fault Attack Security. For example, we showed that even without having any access to the ciphertexts, one could break the strongest side-channel and fault protections, which was believed impossible before FTA. All of these attacks originated from the properties of digital circuits and used some classical concepts of VLSI testing. I believe these findings made the EDA community interested in my work.
Transitioning from your doctoral studies to postdoctoral research positions at NTU Singapore and UCLouvain, how did these experiences shape your research interests and methodologies?
During my postdoctoral research, I started focusing more on the theoretical aspects of physical attacks. Today, there is a significant gap between the theory community and practitioners working on physical attacks, mainly due to fundamentally different motivations in these two communities. For the last two years, I have been trying to create a bridge between these two — creating practically useful physical security with theoretical proof. Currently, I am looking forward to extending this philosophy of mine to a broader class of security problems.
Given your diverse academic background and experiences, how do you envision integrating your expertise into the research and educational activities at IITB Trust Lab?
Hardware Security (which I like to rename as physical security) is a booming and crucial area of research in this digital era. It is also a primary thrust area of IITB Trust Lab. I think my research can be a very interesting part of the IITB Trust Lab pipeline, where we can validate the practical security of the theoretically proven crypto and security schemes. Moreover, as I mentioned in my previous comment, we require inputs from theoreticians and practitioners to solve the fundamental problems in hardware security eventually. In this regard, IITB Trust Lab has the perfect combination of people. I hope, together, we will be able to solve some very nice, open, and practically impactful problems.
What are some upcoming challenges or emerging trends in Hardware Security and Cryptography that you find particularly intriguing or worth investigating?
Broadly, the main question is how to design physically secure Cryptography and general security schemes we can trust. In other words, how can we test and prove the security of a product to a customer? This involves designing pre and post-silicon test methodologies, testable designs, and, most importantly, mathematical abstractions of physical phenomena (which serve as our security models). The most challenging part is abstracting the physical leakage and faults to design provably and practically secure countermeasures. Currently, the physical security community is slowly adopting this philosophy. Another important practical trend is evaluating the security of emerging cryptosystems (such as Post-Quantum crypto algorithms, homomorphic encryption, and zero-knowledge proofs), and the new computing devices (modern CPUs and GPUs). I have always been interested in exploring new attacks (which gives me a nice adrenaline rush). This is a hot area and will remain there for at least five to six years. Finally, we are observing several works addressing the vulnerability of deep neural networks to physical attacks. This, too, will become one of the prime areas in hardware security in a few years.
Collaboration often plays a crucial role in academia. Are there any specific interdisciplinary collaborations or industry partnerships you’re looking forward to exploring at IIT Bombay?
My research philosophy has always been to establish a bridge between theory and practice. Therefore, I frequently collaborate with people working in theory. Moreover, recently, I started working in microarchitectural security. To solve the problems in this area I will collaborate with people from computer architecture research. Prof. Biswabandan Panda is one of the big names in this area. Companies in VLSI CAD, security audit, processor design, and defence are highly interested in our research today. I collaborated with many of them during my Ph.D. at IIT Kharagpur. It would be great to collaborate with them in future.
Could you share your advice for aspiring researchers or students interested in pursuing a career in Hardware Security and Cryptography, based on your own journey and experiences?
The first step towards developing a secure system is to see it from an attacker’s viewpoint. My primary advice would be to develop an attacker’s mindset first. One misnomer in Hardware Security is the word “hardware”, which makes many people think that we always do hardware design. While hardware design is indeed an important component, it is only a small aspect of this area. So, my advice would be to look at things mathematically, try to go to the core of the problem, and then validate it on the platform you are comfortable with (software/hardware implementation).
On a personal note, can you tell us about some of your hobbies or interests outside of your academic and research pursuits?
I am a bookworm especially a big fan of classics. I also love travelling and hiking.