Researchers develop an algorithm that defends against side-channel attacks on hardware
Researchers at the University of Cincinnati developed an algorithm that safeguards hardware from attacks to steal data. In these attacks, hackers detect variations of power and electromagnetic radiation in electronic devices’ hardware and then use that variation to steal encrypted information.
The UC researchers recently published their work in the Institute of Engineering and Technology Journal.
The findings shape the future of hardware security in innovative and impactful ways, staples of UC’s strategic direction, Next Lives Here.
Electronic devices are more secure than ever before. Devices that used to rely on passwords now use Touch ID, or even face-recognition software. Unlocking our phones is like entering a 21st century Batcave, with high-tech security measures guarding every entry.
But protecting software is only one part of electronic security. Hardware is also susceptible to attacks.
“In general, we believe that because we write secure software, we can secure everything,” said University of Wyoming assistant professor Mike Borowczak, Ph.D., who graduated from UC. He and his advisor, UC professor Ranga Vemuri, Ph.D., led the project.
“Regardless of how secure you make your software, if your hardware leaks information, you can basically bypass all those security mechanisms,” Borowczak said.
Devices such as remote car keys, cable boxes and even credit card chips are all vulnerable to hardware attacks, mostly because of their design. These devices are small and lightweight and typically operate on minimal power. Engineers optimize designs, so the devices can work within these low-power constraints.
“The problem is if you try to absolutely minimize all the time, you’re basically selectively optimizing,” said Borowczak. “You’re optimizing for speed, power, area and cost, but you’re taking a hit on security.”
Regardless of how secure you make your software, if your hardware leaks information, you can basically bypass all those security mechanisms.
Mike Borowczak,University of Wyoming assistant professor, former UC Ph.D. student
Here’s how a device becomes vulnerable to attacks: When something like a cable box turns on, it decodes and encodes specific manufacturer information tied to its security. This decoding and encoding process draws more power and emits more electromagnetic radiation than when all of the other functions are on. Over time, these variations in power and radiation create a pattern unique to that cable box, and that unique signature is exactly what hackers are looking for.
“If you could steal information from something like a DVR early on, you could basically use it to reverse engineer and figure out how the decryption was happening,” Borowczak said.
And hackers don’t need physical access to a device to take this information. Attackers can remotely detect frequencies in car keys and break into a car from more than 100 yards away.
We’ve basically equalized the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.
Ranga Vemuri,UC professor
To secure the hardware in these devices, Vemuri and Borowczak went back to square one: the device’s design.
Borowczak and Vemuri aim to restructure their design and code them in a way that doesn’t leak information. To do this, they developed an algorithm to design more secure hardware.
“You take the design specification and restructure it at an algorithmic level, so that the algorithm, no matter how it is implemented, draws the same amount of power in every cycle,” Vemuri said. “We’ve basically equalized the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.”
What’s left is a more secure device with a more automated design. Rather than manually securing each hardware component, the algorithm automates the process. On top of that, a device created using this algorithm only uses about 5 percent more power than an insecure device, making the work commercially viable.
Software and hardware security is an ongoing game of cat and mouse: As security technologies improve, hackers eventually find ways around these barriers. Hardware security is further complicated by the expanding network of devices and their interactivity, also known as the Internet of Things.
Innovative research, like the work by Vemuri and Borowczak, can give people an extra layer of safety and security in this future of connected devices.
The Latest on: Hardware security
[google_news title=”” keyword=”hardware security” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Hardware security
- Security hardware keys evolve for new passwordless authentication optionson May 7, 2024 at 3:40 pm
The passwordless authentication tools for large and mid-sized enterprises protect against phishing and credential-based authentication attacks.
- Computer scientists discover vulnerability in cloud server hardware used by AMD and Intel chipson May 7, 2024 at 10:12 am
Public cloud services employ special security technologies. Computer scientists at ETH Zurich have now discovered a gap in the latest security mechanisms used by AMD and Intel chips. This affects ...
- Kudelski IoT Selected as One of Zoom’s Authorized Hardware Certification Testing Labson May 7, 2024 at 9:45 am
Kudelski IoT will rigorously test and certify hardware against Zoom's stringent security requirements to help safeguard the security of video and audio collaboration. Cheseaux-sur ...
- Yubico bolsters authentication security with updated YubiKey 5 series deviceson May 7, 2024 at 3:25 am
Yubico is getting ready to launch refreshed versions of its YubiKey 5, Security Key, and Security Key Enterprise Edition series authentication hardware that aim to help organizations move away from ...
- Yubico's Key Product Innovations Empower Enterprise Security and Phishing-Resistant Passwordless Authentication at Scaleon May 6, 2024 at 6:19 am
Yubico (NASDAQ: YUBICO), the leading provider of hardware authentication security keys, announced the upcoming release of YubiKey 5.7 firmware for the YubiKey 5 Series, Security Key Series and ...
- Postdoctoral Fellow in Hardware Security and Reverse Engineering in Embedded Systemson May 2, 2024 at 8:46 pm
You will report to the Head of the Department. Hardware components are crucial for ensuring computing systems' security, integrity, and reliability, especially in industrial control systems (ICS), as ...
- 4 fast, easy ways to strengthen your security on World Password Dayon May 2, 2024 at 3:30 am
Many arbitrary holidays litter our calendars (ahem, Tin Can Day ), but World Password Day is one fully supported by the PCWorld staff. We’re all for ditching weak passwords — especially when ...
- Vitalik Buterin Affirms Multi-Signature Wallets Are Safer Than Hardware Walletson May 1, 2024 at 9:28 am
Ethereum co-founder Vitalik Buterin highlights the superiority of multi-signature wallets over hardware wallets for crypto security.
- Embedded security made easy using Microchip’s PIC32CK MCU with hardware security moduleon April 29, 2024 at 6:00 am
New legislation, which takes effect in 2024, mandates much stricter requirements on cybersecurity on everything from consumer IoT devices to critical infrastructure.
- Easily Incorporate Embedded Security Using Microchip’s PIC32CK 32-bit Microcontrollers with Hardware Security Moduleon April 29, 2024 at 5:00 am
The new family of mid-range MCUs provides designers with a higher level of security and flexibilityCHANDLER, Ariz., April 29, 2024 (GLOBE NEWSWIRE) -- New legislation takes effect in 2024, mandating ...
via Bing News