Understanding and Countermeasures against IoT Physical Side Channel Leakage
With the proliferation of cheap bulk SSD storage and better batteries in the last few years we are experiencing an explosion in the number of Internet of Things (IoT) devices flooding the market, smartphone connected point-of-sale devices (e.g Square), home monitoring devices (e.g. NEST), fitness monitoring devices (e.g Fitbit), and smart-watches. With new IoT devices come new security threats that have yet to be properly evaluated.
We propose μLeech, a new embedded trusted platform module for next generation power scavenging devices. Such power scavenging devices are already widely deployed. For instance, the Square point-of-sale reader uses the microphone/speaker interface of a smartphone for communications and as power supply. While such devices are used as trusted devices in security critical applications, they have not been properly evaluated yet. μLeech can securely store keys and provide cryptographic services to any connected smart phone. Our design also facilitates physical side channel security analysis by providing interfaces to facilitate acquisition of power traces and clock manipulation attacks. Thus μLeech empowers security researchers to analyze leakage in next generation embedded and IoT devices and to evaluate countermeasures before deployment.
Even the most secure systems reveal their secrets through secret-dependent computation. Secret-dependent computation is detectable by monitoring a system’s time, power, or outputs. Common defenses to side channel emanations include adding noise to the channel or making algorithmic changes to mitigate specific side channels. Unfortunately, existing solutions are not automatic, not comprehensive, or not practical.
We propose an isolation-based approach for eliminating power and timing side-channels that is automatic, comprehensive, and practical. Our approach eliminates side channels by leveraging integrated decoupling capacitors to electrically isolate trusted computation from the adversary. Software has the ability to request a fixed-power/time quantum of isolated computation. By discretizing power and time, our approach controls the granularity of side channel leakage; the only burden on programmers is to ensure that all secret-dependent execution differences converge within a power/time quantum.
We design and implement three approaches to power/time-based quantization and isolation: a wholly-digital version, a hybrid version that uses capacitors for time tracking, and a full-custom version. We evaluate the overheads of our proposed controllers with respect to software implementations of AES and RSA running on an ARM-based microcontroller and hardware implementations AES and RSA using a 22nm process technology. We also validate the effectiveness and real-world efficiency of our approach by building a prototype consisting of an ARM microcontroller, an FPGA, and discrete circuit components.
Lastly, we examine the root cause of Electromagnetic (EM) side channel attacks on integrated Circuits (ICs) to augment the Quantized Computing design to mitigate EM leakage. By leveraging the isolation nature of our Quantized Computing design we can effectively reduce the length and power of the unintended EM antennas created by the wire layers in an IC.
Affiliate Assoc. Professor, ECE, WPI and Professor, University of Lübeck
Assistant Professor, CS Dept., Virginia Tech