Saurav Maji and Utsav Bannerjee, two Indian researchers working at the Massachusetts Institute of Technology (MIT), have built a low-power security chip designed to prevent side-channel attacks (SCAs) on IoT (Internet of Things) devices. ). SCAs take advantage of security exploits where information can be gathered from the indirect effects of operating system hardware rather than directly attacking a program or software.
“Traditionally, SCAs have been used in cryptography. If some data is being processed and a secret key is used to encrypt or decrypt it, SCAs can be used in some cases to recover that key. It can be applied to any data you want to keep secret. For example, it can be used on your smartwatch to extract your ECG signal and heart rate,” Maji, a graduate student at MIT and lead author of the paper, told indianexpress.com.
Side-Channel Attacks and Their Growing Viability
Typically, these attacks aim to extract sensitive information such as cryptographic keys, proprietary machine learning models and parameters by measuring things like timing information, power consumption and electromagnetic leakage from a system.
To illustrate, imagine that you want to know if your neighbor has watered his garden. Using traditional attack methods, you try to follow your neighbor to see if and when he waters the plants in his garden.
But if you were to use the logic of an SCA, you would determine the same thing by measuring other ancillary information like how well their plants are doing, how much water they use in the household, and whether they have the hose watering. Here you use information from performing an act to determine what is going on rather than looking at the act itself.
Even though SCAs are difficult to perform on most modern systems, the increasing sophistication of machine learning algorithms, greater computing power of devices, and measuring devices with increasing sensitivities are making SCAs a reality.
Prior to developing the new security chip, Maji and Bannerjee had published an attack article titled “Leaky Nets: Recovering Embedded Neural Network Models and Inputs through Simple Power and Timing Side-Channels — Attacks and Defenses” in the IEEE Internet of Things Journal, edited by Anantha Chandrakasan, Dean of MIT’s Faculty of Engineering and Vannevar Bush Professor of Electrical Engineering and Computer Science.
In the paper, they demonstrated the effectiveness of SCAs by retrieving machine learning model parameters and even inputs from the operation of a commercial embedded microprocessor, similar to those used in commercial IoT devices.
How the new architecture could help
Since SCAs are difficult to detect and combat, countermeasures against them have notoriously been computationally and energy intensive. This is where the new chip architecture comes in.
The MIT researchers presented their design in a paper titled, “A Threshold-Implementation-Based Neural-Network Accelerator Securing Model Parameters and Inputs Against Power SCAs,” published as part of the 2022 International Solid State Circuits Conference.
Although Chandrakasan is the main author of the article, other people have worked on it. Banerjee, an MIT graduate and now an assistant professor at the Indian Institute of Science, and Sam Fuller, a visiting scholar at MIT.
The chip built by Maji and his collaborators is smaller than the size of a thumbnail and uses far less power than traditional security measures against SCAs. It was designed to be easily integrated into smartwatches, tablets, and a variety of other devices.
“It can be used in any sensor node that logs user data. For example, it can be used in oil and gas industry monitoring sensors, it can be used in self-driving cars, in fingerprint recognition devices and in many other applications,” Maji said.
The chip uses near-threshold computation, a computational method in which the data to be processed is first divided into separate, unique, and random components. The chip then performs operations on each component separately in random order before aggregating the results for a final result.
Because of this method, information leaking from the device via power consumption measurements is random and would reveal nothing but gibberish in an SCA. However, this method is power and computationally intensive while also requiring more system memory to store information.
Maji and others found a way to optimize this process to reduce some of the computational overhead. The researchers claim to have reduced the required computational overhead by three orders of magnitude with their chip architecture.
But at the same time, implementing this chip architecture in a system would require at least a fivefold increase in power consumption 1.6 times the silicon area of an unsecured implementation. Additionally, the architecture only protects against power consumption-based SCAs and does not protect against electromagnetic SCAs.