Researchers develop an algorithm that defends against side-channel attacks on hardware
Researchers at the University of Cincinnati developed an algorithm that safeguards hardware from attacks to steal data. In these attacks, hackers detect variations of power and electromagnetic radiation in electronic devices’ hardware and then use that variation to steal encrypted information.
The UC researchers recently published their work in the Institute of Engineering and Technology Journal.
The findings shape the future of hardware security in innovative and impactful ways, staples of UC’s strategic direction, Next Lives Here.
Electronic devices are more secure than ever before. Devices that used to rely on passwords now use Touch ID, or even face-recognition software. Unlocking our phones is like entering a 21st century Batcave, with high-tech security measures guarding every entry.
But protecting software is only one part of electronic security. Hardware is also susceptible to attacks.
“In general, we believe that because we write secure software, we can secure everything,” said University of Wyoming assistant professor Mike Borowczak, Ph.D., who graduated from UC. He and his advisor, UC professor Ranga Vemuri, Ph.D., led the project.
“Regardless of how secure you make your software, if your hardware leaks information, you can basically bypass all those security mechanisms,” Borowczak said.
Devices such as remote car keys, cable boxes and even credit card chips are all vulnerable to hardware attacks, mostly because of their design. These devices are small and lightweight and typically operate on minimal power. Engineers optimize designs, so the devices can work within these low-power constraints.
“The problem is if you try to absolutely minimize all the time, you’re basically selectively optimizing,” said Borowczak. “You’re optimizing for speed, power, area and cost, but you’re taking a hit on security.”
Regardless of how secure you make your software, if your hardware leaks information, you can basically bypass all those security mechanisms.
Mike Borowczak,University of Wyoming assistant professor, former UC Ph.D. student
Here’s how a device becomes vulnerable to attacks: When something like a cable box turns on, it decodes and encodes specific manufacturer information tied to its security. This decoding and encoding process draws more power and emits more electromagnetic radiation than when all of the other functions are on. Over time, these variations in power and radiation create a pattern unique to that cable box, and that unique signature is exactly what hackers are looking for.
“If you could steal information from something like a DVR early on, you could basically use it to reverse engineer and figure out how the decryption was happening,” Borowczak said.
And hackers don’t need physical access to a device to take this information. Attackers can remotely detect frequencies in car keys and break into a car from more than 100 yards away.
We’ve basically equalized the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.
Ranga Vemuri,UC professor
To secure the hardware in these devices, Vemuri and Borowczak went back to square one: the device’s design.
Borowczak and Vemuri aim to restructure their design and code them in a way that doesn’t leak information. To do this, they developed an algorithm to design more secure hardware.
“You take the design specification and restructure it at an algorithmic level, so that the algorithm, no matter how it is implemented, draws the same amount of power in every cycle,” Vemuri said. “We’ve basically equalized the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.”
What’s left is a more secure device with a more automated design. Rather than manually securing each hardware component, the algorithm automates the process. On top of that, a device created using this algorithm only uses about 5 percent more power than an insecure device, making the work commercially viable.
Software and hardware security is an ongoing game of cat and mouse: As security technologies improve, hackers eventually find ways around these barriers. Hardware security is further complicated by the expanding network of devices and their interactivity, also known as the Internet of Things.
Innovative research, like the work by Vemuri and Borowczak, can give people an extra layer of safety and security in this future of connected devices.
The Latest on: Hardware security
[google_news title=”” keyword=”hardware security” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Hardware security
- Ledger Nano S Hardware Wallet For Crypto Private Keys: Setup & App Guide Releaseon February 27, 2024 at 4:43 pm
The piece also explains the basics of how these hardware devices work and why they represent the ... integrates seamlessly with the Ledger Live application to combine hardware security with the ...
- Pictures Reveal Hardware on Taiwan's Hunter-Killer Submarineon February 27, 2024 at 5:27 am
Taiwan's first homemade sub is being debuted with two target audiences in mind: main defense supplier Washington and No. 1 threat Beijing, an analyst says.
- Flexibility In Security With A Full Tool Benchon February 27, 2024 at 2:15 am
The key is being able to understand the full capabilities of your security solution and then translate that into complete protection.
- Small businesses taking extreme measures to stop shoplifters because of soft-on-crime laws: security experton February 26, 2024 at 3:09 pm
“It’s pretty bad,” Sam Black, manager of Fredericksen Hardware & Paint in San Francisco ... Private investigator and security expert Patrick McCall says that businesses are seeing record numbers of ...
- Windows security updates could come with fewer reboots beginning later this yearon February 26, 2024 at 10:03 am
Microsoft is already testing Windows 11 24H2, this fall's big new Windows release. The company has already demonstrated a few new features, like 80Gbps USB4 support and Sudo for Windows, and the new ...
- Nervos CKB Partners with OneKey for New Hardware Walleton February 26, 2024 at 5:06 am
Nervos Network partners with OneKey Wallet to launch a co-branded hardware wallet, enhancing user experience and security.
- Intel report highlights continued security assurance investments, growing bug bounty programon February 23, 2024 at 10:00 am
Intel added that its ongoing prioritization of the advancement of security assurance, robust incident response, community advocacy and research help provide unique value to its customers and partners.
- Security in the Crypto World: Top Bitcoin Protection Measureson February 22, 2024 at 2:07 am
Introduction: As Bitcoin continues to gain prominence in the financial landscape, ensuring the security of digital assets becomes paramount. The decentralized nature of cryptocurrencies, while ...
- Safeguarding Your Digital Wealth: Exploring the Top Bitcoin Hardware Walletson February 21, 2024 at 2:02 am
Introduction In the realm of cryptocurrency, safeguarding your digital assets is paramount. As the value of Bitcoin continues to surge, ensuring the security of your holdings becomes increasingly ...
- The best security key in 2024: hardware keys for top online protectionon February 20, 2024 at 1:50 am
Unlike the more common software-based 2FA methods, which rely on text messages or emails for identity verification, hardware-based security keys provide a more robust solution. These devices ...
via Bing News