Security-Aware Synthesis Keeps Systems from Leaking SecretsFebruary 2016
Topics: Cybersecurity, Computer Security, Electronics (General), Signal Processing
Your personal electronics are leaking secrets. Radio signals seep steadily from their components. Equipped with the latest technology and know-how, an eavesdropper can soak up those signals and then study them for hints to your systems’ secret keys, passwords, and other sensitive information.
To plug those leaks, MITRE's Security-Aware Synthesis research team is designing hardware countermeasures to keep your system quiet and your data confidential. Intercepting the faint radio signals emanating from a hardware system's components is an example of a side-channel attack. "The idea of a side-channel attack is that a hacker uses measurable information about the system—how much power it's consuming or its unintentional electromagnetic emanations—to compromise the security of that system," says Joe Chapman, the lead researcher for MITRE's Security-Aware Synthesis project. "Basically, attackers are exploiting the fact that computation has physical side effects."
Conducting a side-channel attack sounds like the sort of high-tech heist that would require elaborate and extensive equipment. But a team of researchers from Tel Aviv University and the Technion-Israel Institute of Technology recently constructed a hand-held signal-stealing device for than less than $300. And such devices will only grow cheaper and more concealable as technology advances. Security system designers must develop new measures to counter this evolving threat.
Muffling the Tumblers Keeps Hackers at Bay
"In the past 15 years, the security industry has adopted advanced cryptography algorithms that have stymied traditional methods for cracking a system's password," Chapman explains. "So like a safe cracker in the movies, hackers are now putting a stethoscope to your computer and trying to puzzle out its combination by listening to the tumblers."
Security designers can attempt to thwart side-channel attacks by making the sound from the tumblers—the radio signals from hardware components—too garbled or misleading for hackers to get any useful information from their eavesdropping. However, designers only write the code that controls the components. "Security designers don’t map out transistors. They don’t lay out gates," Chapman says.
With Safety Last, Computer Security Suffers
After a hardware system is assembled, security designers write software countermeasures to mask the signal leaks. There are drawbacks, however, to designing the hardware first and then writing software security countermeasures to protect it from side-channel attacks:
- Security software must be specially designed for each system.
- Security software can't be designed for a system until the system is fully constructed.
- Security software can't be tested until the system is fully implemented.
- Any changes in system hardware means the security software must be rebuilt from scratch.
All this makes defending systems against side-channel attacks a slow, cumbersome, and expensive process. But what if instead of assembling hardware components and then crafting a tailor-made software security blanket to drape over it, designers could build security countermeasures right into the components?
Building Security into the Hardware
Chapman has designed Security-Aware Synthesis as a suite of tools that will enable security system designers to build countermeasures into the basic hardware components of a system. These components would come with a selection of security countermeasures. When building a system, designers could activate the most appropriate countermeasure.
"Currently, you must build a custom countermeasure library for each system. In that case, you don't know until you get to the end of the process whether you've actually attained the required level of security," he says. "With Security-Aware Synthesis you check a box that says 'I want countermeasure family A or B or C or D.' It’s just another knob to turn or lever to pull."
Chapman believes that Security-Aware Synthesis will provide security designers with more opportunities to experiment with and improve on the use of countermeasures. "This tool will let you test and evaluate five to 10 different countermeasure families at the push of a button. It will free up designers to evaluate a much larger range of design trade-offs, such as wider security coverage versus more power versus quicker processing."
Building countermeasures into the separate components of a system also makes testing a system's defenses much easier. "Rather than fabricating a chip and bringing it into your lab and measuring it to see that you have a problem, we can simulate side-channel attacks during the design process," Chapman says. "So if we chose a wrong countermeasure for a component, we can find that out much earlier in the design cycle, saving a ton of time and money."
Invite the Whole Family
The Security-Aware Synthesis team continues to build on its early success. "We’ve proven that we can inject side-channel countermeasures using standard electronic design automation methods," Chapman says. "But so far we’ve only done this for a particular family of countermeasure. Our next step is to demonstrate we can do it with multiple families of countermeasures."
The Department of Defense, in order to quicken the acquisition and lower the costs for its new systems, is increasing its use of commercial products. For this reason, they have taken a great interest in Security-Aware Synthesis. "Researchers have demonstrated over and over that commercial systems are vulnerable to side-channel attacks," Chapman says. "The Department of Defense realizes it has to protect itself against these kinds of attacks."
In a world where secrets are increasingly difficult to keep, MITRE is providing our sponsors with tools that can keep a tight seal on sensitive hardware signals. Because as the old saying goes, "Loose chips sink ships."
—by Christopher Lockheardt