MIT engineers demonstrated that analog-to-digital converters in smart devices are vulnerable to power and electromagnetic side-channel attacks that hackers use to “eavesdrop” on devices and steal secret information. They developed two security strategies that effectively and efficiently block both types of attacks. Credit: MIT News
Engineers demonstrate two security methods that efficiently protect analog-to-digital converters from powerful attacks that aim to steal user data.
Researchers are racing against hackers to develop stronger protections that keep data safe from malicious agents who would steal information by eavesdropping on smart devices.
Much of the effort into preventing these “side-channel attacks” has focused on the vulnerability of digital processors. Hackers, for example, can measure the electric current drawn by a smartwatch’s CPU and use it to reconstruct secret data being processed, such as a password.
Joining Lee on the paper is first-author and graduate student Ruicong Chen; graduate student Hanrui Wang; and Anantha Chandrakasan, dean of the MIT School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science. The research will be presented at the IEEE Symposium on VLSI Circuits. A related paper, written by first-author and graduate student Maitreyi Ashok; Edlyn Levine, formerly with MITRE and now chief science officer at America’s Frontier Fund; and senior author Chandrakasan, was recently presented at the IEEE Custom Integrated Circuits Conference.
The authors of the IEEE Journal of Solid-State Circuits paper are lead-author Taehoon Jeong, who was a graduate student at MIT and is now with Apple, Inc, Chandrakasan, and Lee, a senior author.
MIT researchers developed two security schemes that protect analog-to-digital converters (ADC) from power and electromagnetic side-channel attacks using randomization. On the left is a micrograph of an ADC that randomly splits the analog-to-digital conversion process into groups of unit increments and switches them at different times. On the right is a micrograph of an ADC that splits the chip into two halves, enabling it to select two random starting points for the conversion process while speeding up the conversion. Credit: Courtesy of the researchers
A noninvasive attack
To conduct a power side-channel attack, a malicious agent typically solders a resistor onto the device’s circuit board to measure its power usage. But an electromagnetic side-channel attack is noninvasive; the agent uses an electromagnetic probe that can monitor electric current without touching the device.
The researchers showed that an electromagnetic side-channel attack was just as effective as a power side-channel attack on an analog-to-digital converter, even when the probe was held 1 centimeter away from the chip. A hacker could use this attack to steal private data from an implantable medical device.
To thwart these attacks, the researchers added randomization to the ADC conversion process.
An ADC takes an unknown input voltage, perhaps from a biometric sensor, and converts it to a digital value. To do this, a common type of ADC sets a threshold in the center of its voltage range and uses a circuit called a comparator to compare the input voltage to the threshold. If the comparator decides the input is larger, the ADC sets a new threshold in the top half of the range and runs the comparator again.
This process continues until the unknown range becomes so small it can assign a digital value to the input.
The ADC typically sets thresholds using capacitors, which draw different amounts of electric current when they switch. An attacker can monitor the power supplies and use them to train a machine-learning model that reconstructs output data with surprising
