‘Thinking Like Hackers’ Can Secure Chips

Thursday, October 28, 2010 @ 08:10 AM gHale

Thinking like hackers, good guys acted like the enemy and developed an innovative way of extracting information from chip technology.
By combining modern cryptology methods with constraint programming, Professor Avishai Wool and his Ph.D. student Yossi Oren of Tel Aviv University’s School of Electrical Engineering were able to extract more information from secure chips. Their research could lead to important new advances in computer security.
Wool said cryptologists like himself try to stay one step ahead of attackers by thinking the way they do.
“Companies need to know how secure their chip is, and how it can be cracked,” he said. “They need to know what they’re up against.”
The Achilles-heel of contemporary secure chips is usually in the chip’s power supply, the researchers said. When a chip is in use, it employs a miniscule amount of power, Wool said. But the amount of this power, and how it fluctuates, depends on the kind of information the chip contains. By measuring the power fluctuations with an oscilloscope, a standard piece of lab equipment, and analyzing the data using appropriate algorithms, a potential hacker could decipher the information the chip contains.
But extracting information in this way, through what the researchers call a “side channel,” can be complex. When you do a power trace there is a lot of “noise” — inaccuracies that result from the different activities the chip is doing at the time, Wool said. He and Oren identified a method for blocking out the “noise” that is more effective than previous methods.
When applied to information gathered from a power source, a computer program like the one Wool and Oren created can sort through this “noise” to deliver a more accurate analysis of a chip’s secret contents.
They base their program on “constraint programming” — the same computer programming used for complex scheduling programs like those used in the travel industry.
No chip can be 100% secure, Wool said. But he said it is important to explore the boundaries of how a hacker can pull secure information from these chips. An attacker could have access to a variety of computer technologies and equipment — so researchers need to know the type of resources required to break a code, Wool said. He has provided information to U.S. passport authorities on how to make the chips in passports more secure.
“We need to think like the attackers,” he said, “in order to raise the bar against them.”

Leave a Reply

You must be logged in to post a comment.