Software and hardware security is an ongoing game of cat and mouse: As security technologies improve, hackers eventually find ways around these barriers. Hardware security is further complicated as the Internet of Things continues to expand.
Additional hardware security in the form of an algorithm has just been developed by researchers at Wyoming and Cincinnati universities. The paper regarding this research by University of Wyoming’s Mike Borowczak and University of Cincinnati’s Ranga Vermuri outlines a way to prevent hardware leaks resulting from the power variations and electromagnetic radiation that create patterns unique to cable boxes, DVRs, card keys, and credit card chips.
Those hardware leaks allow hackers to monitor power variations and radiation that create unique patterns and then exploit the patterns by detecting frequencies and break into cars from more than 100 yards away. By restructuring the design specifications to equalize consumption across all cycles, power measurements will no longer be of any use to hackers.
“Regardless of how secure you can make your software, if your hardware leaks information, you can basically bypass all those security mechanisms,” said Borowczak.
How they did it
To secure the hardware in these devices, Vemuri and Borowczak went back to these devices’ designs.
Borowczak and Vemuri wanted to restructure the design and code devices in a way that doesn’t leak any information. To do this, they developed an algorithm that provides more secure hardware.
“You take the design specification and restructure it at an algorithmic level, so that the algorithm, no matter how it is implemented, draws the same amount of power in every cycle,” said Vemuri. “We’ve basically equalized the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.”
What’s left is a more secure device with a more automated design. Rather than manually securing each hardware component, the algorithm automates the process. In addition, a device created using this algorithm only uses about 5% more power than an insecure device, making the work commercially viable.
This form of innovative research can provide users with an extra layer of safety and security in a world of connected devices.
Story via University of Cincinnati