Recently, researchers from MIT were able to demonstrate a security chip that can utilise threshold computing to hide the power signature of specific computations that attackers can use to extract private information. What challenges do side-channel attacks present, what did the researchers do, and how does this demonstrate a new era of security?

What challenges do side-channel attacks present?

When it comes to security, a great deal of effort goes into protecting devices against direct attacks. For example, data stored in memory may be encrypted to prevent unauthorised access from reading its contents. Data in transmission will be encrypted to prevent man-in-the-middle attacks. The use of random number generators avoids attackers’ ability to correctly calculate keys and passwords.

But while these methods are extremely effective, there are other types of attack that are extremely challenging to solve, and one of these is known as a side-channel attack. Simply put, a side-channel attack allows an attacker to obtain private information without actually attacking the private information directly. Instead, the attacker looks for a side-channel vulnerability that may not be protected but whose value or state can indicate what the private data is.

A good analogy for a side-channel attack example would be an individual who wants to spy on their neighbour to find out when they water their plants. A direct observation (a direct attack) would simply have the individual watch the neighbour all day and write down the times when they see the neighbour with a hose pipe. But the neighbour can protect themselves by installing a tall fence or hedge, which makes it impossible for the individual to view.

Thus, an indirect observation (side-channel attack) would instead look at other data that may not be protected but indicate times that the plants are being watered. For example, having access to the neighbour’s water meter could show peak use. The observation (side-channel analysis) of outside drains showing runoff could indicate water use, and hearing activity in the back garden can also suggest garden use.

In the case of electronics, side-channel attacks can be made in a range of different ways, from recording power usage to studying electrical noise on I/O connectors. This type of attack is significantly improved if a neural net is used to study the supposedly random signals from power lines and I/O connectors.

MIT researchers develop a security chip that can resist side-channel attacks

Recently, researchers from MIT have developed a security chip that can resist side-channel attacks that observe power consumption to extract data. To demonstrate the new device’s capabilities, the researchers first demonstrated their ability to extract medical data (such as heart rate and oxygen) from a medical device only by reading the power signature of the device and feeding this signature into a neural net.

The researchers then deployed their new chip to process sensor readings in a secure manner that prevents side-channel attacks on power signatures from inferring the data. To achieve this, the researchers deploy a method of computing called “threshold computing”, which takes breaks down a computation into random chunks that are executed in random order. All of these random chunks are then brought together to create the final result, which makes it virtually impossible for outside attackers to understand how the data fits together. This type of security is not far from homomorphic encryption, whereby encrypted data can be processed without the processor knowing what that data says.

As the leaked data from the device is random every single time, the resultant power signature is also random. The researchers could not obtain any data even after having over 2 million power waveforms. While the chip is still in development (and consumes far too much silicon space and power), it demonstrates the possibility of future electronics using random processors that don’t use a specific order of calculation to keep data safe.

How does this new chip demonstrate a new era of security?

Security has always been an important aspect of computing, but the increased sophistication of attacks combined with the many billions of devices worldwide now sees security as the number one priority in new designs. Classical methods for protecting devices has been perfectly adequate for the past several decades. Still, the advent of AI and the wider accessibility to advanced electronics is seeing a need for new security measures.

While still in its infancy, homomorphic encryption could be one of the major players in the next generation of electronic devices looking to secure their data. As processors do not need to decrypt the data to process it, private data can easily be sent to remote cloud services (or even an attacker’s own private server) for further processing with little risk of exposed data. Thus, we are seeing a new era of technology where security is the first and most important foundation of any device.