The ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design does focused
research to enhance the safety, security and efficiency of Hardware/Software Systems.
We are always looking for researchers at all levels (Bachelor, Masters, PhD) to enrich the scientific activities in the
group. For Post-doc positions, take a look at the individual research projects for opening. If you wish to join our group, contact
Sudipta Chattopadhyay email: sudipta_chattopadhyay@sutd.edu.sg directly with your CV.
News
-
April 14, 2021
NEW: Our Greyhound Fuzzer (for both Wi-Fi and BLE) is now successfully integrated into a commercial pen testing tool used by major automotive industry (names undisclosed due to confidentiality). They have subsequently used the Greyhound component to discover new Denial-of-Service (DoS) attacks. We are glad to see the translation, commercial success and effectiveness at industrial scale within just two years of the inception of Greyhound project at ASSET group.
-
March 11, 2021
NEW: ASSET group PhD student Matheus E. Garbelini wins a bug bounty equivalent to 6000 SGD for finding highly critical security vulnerabilities in Bluetooth protocol implementation (currently undisclosed due to confidentiality). Congratulations Matheus!!!
-
December 07, 2020
NEW: Stitcher framework designed by Yee Ching featured and discussed in Forensic Focus. Great work Yee Ching!!!!
-
December 04, 2020
NEW: We are organizing SIMLA 2021 Workshop (Security in Machine Learning and its Applications) affiliated with ACNS 2021. If you are working in the area of AI safety and security or application of AI in security, then consider submitting a paper.
-
November 20, 2020
NEW: Medtronic acknowledges our SweynTooth work by including involved ASSET group members in their outstanding research contributor page. Many thanks to CSA, Singapore for acknowledging our research effort on discovering Sweyntooth.
-
October 10, 2020
NEW: We provide a tutorial on IoT protocol vulnerabilities at Cybersecurity R&D Workshop 2020 held as part of the Singapore International Cyber Week 2020. Watch the Day 2 video (our tutorial starts at 2:26:28).
-
July 14, 2020
The details of the second wave of SweynTooth vulnerabilities (CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595) diclosed today. Affected vendors include (but not limited to, as we do not track all vendors) Espressif Systems, Texas Instruments, Microchip and Zephyr Project. Have fun.
-
March 04, 2020
United States Department of Homeland Security and USA Food and Drug Administration raise SweynTooth alert to make everyone aware of this critical BLE implementation vulnerability. Read the ICS Alert and the FDA Safety Communication. The respective alerts by Cyber Security Agency, Singapore and Health Sciences Authority, Singapore can be found in SingCERT Alert and HSA Safety Communication. It is a wake up call for all BLE SoC vendors and IoT product manufacturers.
-
February 25, 2020
SweynTooth and ASSET group featured in WIRED (top technology journal in the world) and 30+ news articles (and also podcasts) in English as well as in Non-English languages all over the world. I am glad to say that the work is almost single handedly pulled off by a first-year PhD student Matheus Eduardo in the ASSET group.
-
February 11, 2020
Today we release SweynTooth, a family of 12 new Bluetooth implementation vulnerabilities (more coming) affecting major system-on-chip (SoC) vendors such as NXP, Cypress, Texas Instruments, Dialog, Telink, ST Microelectronics and Microchip (the list is not exhaustive) and potentially affecting more than 480 IoT products already in market (most of them unpatched). SweynTooth reveals the terrible state of Bluetooth certification process. Read the description to know what the vulnerabilities are, how they can be exploited and why we name them SweynTooth. Feel free to reach us at sweyntooth@gmail.com for any question and clarification.
-
February 09, 2020
12 new CVEs assigned to show how to cause havoc in wireless systems (currently undisclosed for confidentiality). The vulnerabilities affect millions of wireless products being used. If you are in a "smart" nation, then you are almost certainly at risk (we are currently in the 90-day responsible disclosure window). Watch this space on 9th February, 2020 when we disclose the exploits and the details.
Research
Side-channel Freedom
Securing systems against side-channel attacks. One post-doc position open in this project starting Oct, 2019.
AI Safety and Security
Validation and Verification of AI/ML-based Systems to make them safe and secure. One post-doc position open in this project starting as soon as possible.
IoT Wireless Security
IIoT Wireless Security Testing and Countermeasures. One post-doc position open in this project starting as soon as possible.
Fast Software and Systems
Validation, Verification and Optimization of Software and Systems Performance.
People
Faculty
Sudipta Chattopadhyay
Researchers
Michele Lora
Chundong Wang
Saurav Kumar Ghosh
Xingbin Jiang
Vaibhav Bedi
UROP Students
Gerald Woo
Peng Shanshan
Lionell Loh
Louth Bin Rawshan
Graduate Students
Tok Yee Ching
Sakshi Udeshi
Jia Yifan
Eric Gerard Rothstein Morris
Matheus Eduardo
Juan David Guarnizo Hernandez
Sai Sathiesh Rajan
Collaborators
Ahmed Rezine
Ezekiel Olamide Soremekun
