Researchers devise algorithm to protect hardware from side-channel attacks
Algorithm equalises power-draw making side-channel attacks harder to execute
A joint team of researchers have developed an algorithm that, they claim, can safeguard hardware against attacks based on detecting variations in power and electromagnetic radiation - so-called side-channel attacks.
According to the researchers, from the University of Cincinnati and the University of Wyoming, hackers can use those variation measurements to compromise devices, such as cable television boxes, cracking the encryption intended to protect those devices.
When a cable box is switched on, it starts encoding/decoding manufacturer information, which is hardwired to provide security against attack. But, to complete the encoding/decoding process, the device consumes more power and also emits more electromagnetic radiation.
Over time, a unique variation pattern is created for the cable box, which may be used to crack the encryption and to steal data from the device. To do this, hackers don't necessarily need to be physically close to the device - they can steal encrypted data even from a distance of more than 90 metres.
"If you could steal information from something like a DVR [digital video recorder] early on, you could basically use it to reverse engineer and figure out how the decryption was happening," says University of Wyoming assistant professor Mike Borowczak, who led the project, along with his advisor, University of Cincinnati professor Ranga Vemuri.
In the current study, the researchers focused on restructuring the design of devises through an algorithm in order to protect them from cyber-attacks.
The algorithm they developed doesn't allow hardware to leak information to attackers. This algorithm, when implemented, consumes the same amount of power in each cycle. It equalises the power drawn across all cycles, so even if hackers are able to track power and radiation measurements of the device, they can't use it to steal information.
The algorithm also automates the safety process as there is no need to manually secure each hardware component of the device. Moreover, a device secured with the algorithm consumes only five per cent more power than an unprotected device, according to the research team.
The detailed findings of the study are published in the Institute of Engineering and Technology Journal.