Cutting Through the Complexity of Reverse Engineering Embedded Devices

Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs

Generation of a squeezed state of an oscillator by stroboscopic back-action-evading measurement

Continuous observation on an oscillator is known to result in quantum back-action which limits the knowledge acquired by the measurement. A careful balance between the information obtained and the back-action disturbance leads to a limit known as the standard quantum limit. The means to surpass this limit by modulating the measurement strength with the period proportional to half period of the oscillation has been proposed decades ago (Braginskii et al 1978 JETP Lett. 27 276; Thorne et al 1978 Phys. Rev. Lett. 40 667; Braginskii et al 1980 Science 209 547). Such modulated or stroboscopic observation leading to a squeezed state of one quadrature of the oscillator motion with the quantum noise below that of the zero-point fluctuations has been a long-standing goal. Here, we report on the generation of a quadrature-squeezed state of an oscillator by stroboscopic back-action evading measurement. The oscillator is the collective spin of an atomic ensemble precessing in magnetic field. It is initially prepared in nearly the ground state with an average thermal occupancy number $0.08 \pm 0.01$. The oscillator is coupled to the optical mode of a cavity, and the cavity output field detected with polarization homodyning serves as the meter. A back-action-evading measurement is performed by stroboscopically modulating the intensity of the light field at twice the Larmor frequency, resulting in a squeezed state conditioned on the light-polarization measurement with $2.2 \pm 0.3$ dB noise reduction below the zero-point fluctuations for the measured quadrature. The demonstrated squeezing holds promise for metrological advantage in quantum sensing

Hypersonic Bose–Einstein condensates in accelerator rings

© 2019, The Author(s), under exclusive licence to Springer Nature Limited. Some of the most sensitive and precise measurements—for example, of inertia1, gravity2 and rotation3—are based on matter-wave interferometry with free-falling atomic clouds. To achieve very high sensitivities, the interrogation time has to be very long, and consequently the experimental apparatus needs to be very tall (in some cases reaching ten or even one hundred metres) or the experiments must be performed in microgravity in space4–7. Cancelling gravitational acceleration (for example, in atomtronic circuits8,9 and matter-wave guides10) is expected to result in compact devices with extended interrogation times and therefore increased sensitivity. Here we demonstrate smooth and controllable matter-wave guides by transporting Bose–Einstein condensates (BECs) over macroscopic distances. We use a neutral-atom accelerator ring to bring BECs to very high speeds (16 times their sound velocity) and transport them in a magnetic matter-wave guide for 15 centimetres while fully preserving their internal coherence. The resulting high angular momentum of more than 40,000ħ per atom (where ħ is the reduced Planck constant) gives access to the higher Landau levels of quantum Hall states, and the hypersonic velocitiesachieved, combined with our ability to control potentials with picokelvin precision, will facilitate the study of superfluidity and give rise to tunnelling and a large range oftransport regimes of ultracold atoms11–13. Coherent matter-wave guides are expected to enable interaction times of several seconds in highly compact devices and lead to portable guided-atom interferometers for applications such as inertial navigation and gravity mapping

Non-invasive detection of animal nerve impulses with an atomic magnetometer operating near quantum limited sensitivity

Magnetic fields generated by human and animal organs, such as the heart, brain and nervous system carry information useful for biological and medical purposes. These magnetic fields are most commonly detected using cryogenically-cooled superconducting magnetometers. Here we present the frst detection of action potentials from an animal nerve using an optical atomic magnetometer. Using an optimal design we are able to achieve the sensitivity dominated by the quantum shot noise of light and quantum projection noise of atomic spins. Such sensitivity allows us to measure the nerve impulse with a miniature room-temperature sensor which is a critical advantage for biomedical applications. Positioning the sensor at a distance of a few millimeters from the nerve, corresponding to the distance between the skin and nerves in biological studies, we detect the magnetic field generated by an action potential of a frog sciatic nerve. From the magnetic field measurements we determine the activity of the nerve and the temporal shape of the nerve impulse. This work opens new ways towards implementing optical magnetometers as practical devices for medical diagnostics.Comment: Main text with figures, and methods and supplementary informatio

Towards rotation sensing with a single atomic clock

We discuss a scheme to implement a gyroscopic atom sensor with magnetically trapped ultra-cold atoms. Unlike standard light or matter wave Sagnac interferometers no free wave propagation is used. Interferometer operation is controlled only with static, radio-frequency and microwave magnetic fields, which removes the need for interferometric stability of optical laser beams. Due to the confinement of atoms, the scheme may allow the construction of small scale portable sensors. We discuss the main elements of the scheme and report on recent results and efforts towards its experimental realization

AEDGE: Atomic Experiment for Dark Matter and Gravity Exploration in Space

Abstract: We propose in this White Paper a concept for a space experiment using cold atoms to search for ultra-light dark matter, and to detect gravitational waves in the frequency range between the most sensitive ranges of LISA and the terrestrial LIGO/Virgo/KAGRA/INDIGO experiments. This interdisciplinary experiment, called Atomic Experiment for Dark Matter and Gravity Exploration (AEDGE), will also complement other planned searches for dark matter, and exploit synergies with other gravitational wave detectors. We give examples of the extended range of sensitivity to ultra-light dark matter offered by AEDGE, and how its gravitational-wave measurements could explore the assembly of super-massive black holes, first-order phase transitions in the early universe and cosmic strings. AEDGE will be based upon technologies now being developed for terrestrial experiments using cold atoms, and will benefit from the space experience obtained with, e.g., LISA and cold atom experiments in microgravity. KCL-PH-TH/2019-65, CERN-TH-2019-12