There’s a lot of research underway to make the Internet of Things more secure, but Rice University engineers have reportedly one-upped their own technique—more than 14,000 times to be exact.
Kaiyuan Yang, an assistant professor of electrical and computer engineering at Rice’s Brown School of Engineering, and graduate student Yan He have introduced a hardware-based technique to make IoT security more than 14,000 times better than current state-of-the-art defenses. The scientists presented a paper describing their research at the International Solid-State Circuits Conference in San Francisco.
“Once they’ve found a hole, there are so many things they can do,” Yang said. “And they don’t need to get into a computer system or a cell phone. For instance, a thermostat connected to the network can become an access point to a home, a company, a hospital or a city.”
Last year, Rice researchers presented a security technique that involves generating paired security keys based on fingerprint-like defects unique to every computer chip. “This year, the story is similar, but we are not generating keys,” Yang said. “We are looking at defending against a new type of attack that is specifically for IoT and mobile systems.
“In power and electromagnetic side-channel attacks, the attackers can figure out a secret key when your device is running without opening up the device,” Yang said. “Once they have your key they can decrypt everything, no matter how good your security software is.”
Rice’s new security strategy leverages the power regulators to obfuscate the information leaked by the power consumption of encryption circuits, Yang said. “Every system-on-a-chip has multiple modules powered by the power management circuits, so the interfaces we need are already there.
“By replacing existing power management circuitry with our unit, we not only provide a much better way to defend against powerful threats, but also provide a much more energy-efficient solution,” he said.
Yang said the circuit should take no more room on a chip than current power management units, and as a side benefit will provide state-of-the-art power regulation. “I think it’s going to be a very promising solution thanks to its minimal performance and design overheads,” he said.
Yang added that Rice’s security solution will take time for manufacturers to design it into their fabrication processes. “There’s all the interface and engineering stuff,” Yang said. “In terms of the concepts and principles, they’re all proven. It’s just going to be a long engineering effort.”