Researchers in the US have used power management hardware in a chip for a huge boost in the security of devices in the Internet of Things (IoT)
The team at Rice University's Brown School of Engineering led by Kaiyuan Yang, an assistant professor of electrical and computer engineering, used the power management regulators in the chip to obscure the electromagnetic waves that are generated by the chip and can be used to crack encryption keys.
IoT security is a key area of development as the controllers have limited security capabilities and so can be vulnerable to attack. "Once [hackers have] found a hole, there are so many things they can do," said Yang. "And they don't need to get into a computer system or a cell phone. For instance, a thermostat connected to the network can become an access point to a home, a company, a hospital or a city."
"We are looking at defending against a new type of attack that is specifically for IoT and mobile systems," said Yang. "In power and electromagnetic side-channel attacks, the attackers can figure out a secret key when your device is running without opening up the device," he said. "Once they have your key they can decrypt everything, no matter how good your security software is.
The new IoT security strategy uses the power regulators in the microcontrollers to hide the information leaked by the power consumption of encryption circuits, Yang said. "Every system-on-a-chip has multiple modules powered by the power management circuits, so the interfaces we need are already there. By replacing existing power management circuitry with our unit, we not only provide a much better way to defend against powerful threats, but also provide a much more energy-efficient solution."
Yang said the circuit should take no more room on a chip than current power management units, and as a side benefit will provide state-of-the-art power regulation. "I think it's going to be a