prevent “ Bypass attack ”(side-channel attacks) Most of our efforts have focused on the vulnerabilities of digital processors . for example , Hackers can measure smart watches CPU Current consumed , And use it to reconstruct the secret data being processed , For example, password .
recently , MIT researchers at IEEE A paper was published in the Journal of solid state circuits , The paper shows that , Analog to digital converter in intelligent device ( The real-world signal from the sensor is encoded into a digital value that can be calculated and processed ) Vulnerable to bypass attacks . Hackers can measure the power supply current of analog-to-digital converters , And use machine learning algorithm to accurately reconstruct the output data .
Now? , In two new research papers , Engineers have shown that analog-to-digital converters are also vulnerable to more covert bypass attacks , It also describes the effective techniques to prevent these two attacks . Their technology is more effective and cheaper than other security methods .
Advanced in electrical engineering TV And professor of signal processing 、 Director of microsystem technology laboratory 、 Senior author of the latest research paper Hae-Seung Lee say :“ The lowest power consumption and cost are the key factors of portable intelligent devices ”.
He added :“ Bypass attack is always a game of cat and mouse . If we don't do this work , Hackers are likely to come up with these methods and use them to attack analog-to-digital converters , So we hope to get ahead of the hackers ”.
For power bypass attack , Malicious agents usually solder a resistor on a device's circuit board to measure its power usage . But electromagnetic bypass attack is non-invasive . The agent uses an electromagnetic probe , The current can be monitored without touching the equipment .
Researchers have shown that , Even if the probe is far away from the chip 1 centimeter , The electromagnetic bypass attack is as effective as the power bypass attack on the analog-to-digital converter . Hackers can use this attack to steal private data from implantable medical devices .
MIT researchers have developed two security solutions , Use randomization to protect the ADC (analog-to-digital converters,ADC) Protected from power and electromagnetic bypass attacks . On the left is a ADC Micrographs of , It randomly divides the A / D conversion process into groups of unit increments , And switch them at different times . The right side is ADC Micrographs of , It divides the chip into two halves , Enables it to select two random starting points for the conversion process , At the same time, speed up the conversion .
To stop these attacks , Researchers at ADC Randomization has been added to the conversion process .ADC Get unknown input voltage , Probably from biometric sensors , And convert it to a numeric value .
So , A common type of ADC Set the threshold at the center of its voltage range , A circuit called a comparator is used to compare the input voltage with the threshold . If the comparator determines that the input is large , be ADC Set a new threshold in the upper half of the range and run the comparator again .
ADC A capacitor is usually used to set the threshold , These capacitors absorb different amounts of current when switching . Attackers can monitor power supplies and use them to train machine learning models , The model reconstructs the output data with astonishing accuracy .
To prevent this ,Ashok And her collaborators used a random number generator to determine when each capacitor switched . This randomization makes it more difficult for an attacker to correlate the power supply with the output data . Their technology also enables the comparator to run continuously , This prevents attackers from determining when each phase of the transition starts and ends .
Ashok explains :“ The idea is to divide the usual binary search process into smaller blocks , This makes it difficult to know which stage of the binary search process you are in . By introducing some randomness into the transformation , Leakage is independent of a single operation ”.
Chen And his collaborators developed a ADC, The starting point of the transformation process can be randomized . This method uses two comparators and an algorithm to randomly set two thresholds instead of one , therefore ADC Digital output can be reached in millions of possible ways . This makes it almost impossible for an attacker to correlate the power waveform with the digital output .
Using two thresholds and splitting the chip in half not only allows random starting points , It also eliminates any speed loss , Make it run almost as fast as standard ADC As fast as .
Both methods can resist power and electromagnetic bypass attacks , Without damage ADC Performance of . Ashok Only need to add 14% The chip area of , and Chen The method does not require any additional area . Both are safer than the others ADC Use less power .
Reference papers :
“S2ADC: A 12-bit, 1.25-MS/s Secure SAR ADC WithPower Side-Channel Attack Resistance” by Taehoon Jeong, Anantha P.Chandrakasan and Hae-Seung Lee, 13 October 2020, IEEE Journal of Solid-State Circuits.
DOI: 10.1109/JSSC.2020.3027806
“RandomizedSwitching SAR (RS-SAR) ADC Protections for Power and ElectromagneticSide Channel Security” by Maitreyi Ashok, Edlyn V. Levine and Anantha P.Chandrakasan, 18 May 2022, 2022 IEEE Custom Integrated Circuits Conference (CICC).
DOI: 10.1109/CICC53496.2022.9772837
