How Leaky is Your Device?

Reading time ( words)

A new generation of digital devices that will protect consumers from cyber-attacks could be a step closer thanks to a grant of over £1 million from the Engineering and Physical Sciences Research Council (EPSRC) awarded to the University of Bristol for a research project to protect consumers’ sensitive data.

Digital devices, such as smart banking cards or smart phones, are widely used to store private and sensitive data about peoples’ digital lives. However, securing these devices is a major task for the computing industry.  The research project by the University’s Cryptography Research Group hopes to address the issue of leakage-related attacks.

Information leakage via side channels is a widely recognised threat to cyber security.  In particular small devices are known to leak information through physical channels, i.e. power consumption, electromagnetic radiation, and timing behaviour.  In other words, the power consumed by mobile phones can reveal information about the data stored on the phone and attackers can steal this data by managing to capture the leakage. This can ultimately lead to complete security breaches in the form of data recovery.

At present, accounting for leakage requires access to a fully equipped testing lab, and skilled people to conduct side channel experiments. This makes it virtually impossible for the general developers of devices to test their implementations against leakage attacks as these labs are only available to high-end developers, such as those producing chip-and-pin cards.

The aim of the research project is to bring the skill of a testing lab to the desk of a developer of standard consumer devices, without the need for domain specific knowledge. To ensure the success of the project the research group have partnered with a leading developer of compiler toolchains, Embecosm.

Dr Elisabeth Oswald, Reader in Applied Cryptography in the Cryptography Research Group and who is leading the project, said: “Our previous research has shown that in the case of small embedded devices, the nature of the leakages can be appropriately modelled using statistical tools.

“This project's research hypothesis is that one can make meaningful statements about the leakage behaviour of new implementations on such small devices by utilising a priori derived models.”

The researchers hope the project will lead to a new generation of devices that will provide consumers with high-end security in low-end devices, and also protect consumers’ sensitive information. As the world gets even more digital, and attackers become more sophisticated, this is another important step on the arms race between the good guys and the bad guys.



Suggested Items

CES Press Kickoff Presentation

01/07/2020 | Nolan Johnson, I-Connect007
On January 5, Editor Nolan Johnson attended the CES press kickoff presentation “2020 Trends to Watch,” which was hosted by CES Vice President of Research Steve Koenig and CES Director of Research Lesley Rohrbaugh. Koenig and Rohrbaugh set the stage for the week with their presentation, answering the question, “What’s happening in the industry?”

NASA Sounding Rocket Technology Could Enable Simultaneous, Multi-Point Measurements — First-Ever Capability

10/21/2019 | NASA
NASA engineers plan to test a new avionics technology — distributed payload communications — that would give scientists a never-before-offered capability in sounding rocket-based research.

Worldwide Semiconductor Equipment Billings at $13.3 Billion in 2Q19; Down 20%

09/12/2019 | SEMI
Worldwide semiconductor manufacturing equipment billings reached $13.3 billion in the second quarter of 2019, down 20% from the same quarter of 2018 and 3% from than the previous quarter.

Copyright © 2020 I-Connect007. All rights reserved.