
In the Vernam Group’s computer security lab, a venerable piece of electronic test equipment is at work protecting today’s modern flood of information. The device is an oscilloscope, hooked up to a computer chip running some software routines. As the transistors on the chip quietly do their work, the oscilloscope measures tiny fluctuations in the amount of electrical power they consume.
A transistor uses a slightly different amount of power performing an operation that generates a 1, than one that produces a 0, explains Thomas Eisenbarth, PhD, assistant professor of electrical and computer engineering. By measuring the fluctuations, he can eventually figure out what the chip is doing. “If you look at hundreds or thousands of operations, you can see quite a bit,” he says.
By carefully observing similar changes in a computer’s performance, Eisenbarth and Vernam Group director Berk Sunar, PhD, professor of electrical and computer engineering, were able to decipher cryptographic keys (known as RSA keys) from virtual machines running on Amazon Web Services (AWS) servers. In doing so, they got their hands on what is supposed to be one of the most tightly guarded secrets on the Internet — a sequence of numbers that protects data from prying eyes as it’s transmitted over unsecured communications channels. “Our attack was really the first that successfully recovered an RSA decryption key from a neighboring instance in the cloud,” Sunar says.