Researchers Discover Way to Defend Against Side-channel Attacks
- Researchers attempted to tackle physical-layer vulnerabilities with physical-layer solutions.
- The new technology uses mixed-signal circuits to embed the crypto core within a signature attenuation hardware.
Purdue University researchers have unveiled a technology that is 100 times resilient to electromagnetic and power cosumption-based attacks, that will ultimately curb side-channel attacks against IoT devices. The microarchitectures of processors, their power consumption, and electromagnetic emanation pose a great risk of revealing sensitive information to adversaries.
What is a side-channel attack?
Side-channel attacks are security exploits designed to extract secrets from a chip or a system, through measurement and analysis of physical parameters.
Threat on IoT devices
IoT devices have been the most vulnerable to attacks in these times.
- One of the major reasons is the unmatched growing needs for increased connectivity, which led to the quick development of such devices.
- Now, the security of embedded devices is typically guaranteed mathematically using a secret key to encrypt the private messages.
- But when these computationally secure encryption algorithms are implemented on physical hardware, they tend to leak critical side-channel information in the form through power consumption or electromagnetic radiation.
Outcome of the research
The innovators from Purdue University have reportedly developed technology to tackle the problem right where it begins.
- The team developed a technology to use mixed-signal circuits to embed the crypto core within a signature attenuation hardware with lower-level metal routing.
- The critical signature is suppressed even before it reaches the higher-level metal layers and the supply pin.
- This drastically reduces electromagnetic and power information leakage.
“Our technique basically makes an attack impractical in many situations. Our protection mechanism is generic enough that it can be applied to any cryptographic engine to improve side-channel security,” said one of the researchers.
Thus, the researchers attempted to tackle physical-layer vulnerabilities with physical-layer solutions.
How ready the IoT landscape is?
Various attack tactics have evidenced that side-channel attacks can be performed in just a few minutes from a short distance away. Not so long ago, attackers attempted counterfeiting of e-cigarette batteries by stealing the secret encryption keys from authentic batteries.
The researcher noted, “This leakage is inevitable as it is created due to the accelerating and decelerating electrons, which are at the core of today’s digital circuits performing the encryption operations.” “Such attacks are becoming a significant threat to resource-constrained edge devices that use symmetric key encryption with a relatively static secret key like smart cards,” he added.