As the world embraces the Internet of Things (IoT), more and more everyday appliances are being connected to the Internet so that people can monitor those appliances remotely. While this makes our lives more convenient, there is a looming threat of cybercriminals using these devices to gain access to sensitive data.
Now, scientists from the National University of Singapore’s School of Computing (NUS Computing) have made it easier to guard against that. They have developed a software tool that can simulate hacker attacks, and which provide an automated way to protect the design. This helps designers create more secure computer chips.
Securing chips against hardware attacks
The software works by simulating a physical hardware attack known as laser fault injection. To accomplish this on a real device, the cyber-criminal would first partially disassemble the hardware to gain access to its silicon chip without interrupting its operation. Then, they use a laser to generate a processor error. This throws the gates open, allowing them to extract data and security information.
Previously, it was expensive to protect chips against this kind of attack because they had to be tested manually. If the chip fails the test, the design must start over.
The NUS software, called the Laser fault Attack Benchmark Suite or LABS, can now simulate attacks in a wide variety of situations and demonstrate how the chip reacts. All this can be done without having to manufacture a single chip. This helps chip designers figure out how to repel the attack, and even trick the attackers into thinking they have succeeded. With this software, chip manufacturers will be able to simulate any device, and results are available within minutes.
The NUS scientists, led by Assistant Professor Trevor E. Carlson and Professor Peh Li Shiuan, have made the software open source so researchers and the chip design community can use it, or help make it better.
“This methodology is useful for anyone interested in replicating an attack and mitigating those attacks. In the world, there are a variety of techniques for retrieving private data, and we try to stay ahead of the attackers,” Asst Prof Carlson shared.
“In this cat-and-mouse game, making the software open source allows people to protect against these known bugs, but hackers can also easily see how to perform these fault injection attacks. These techniques are already in the public domain, so we are not releasing any information that was not already known,” he added.
The security threats to IoT devices is real. In 2017, cybercriminals breached a casino’s server in North America—through its fish tank. The tank was connected to the Internet to remotely monitor things like temperature and salinity. The cybercriminals stole 10 GB of data on the casino’s high rollers.
The challenge here is to understand the mathematical principles of the attack and to translate that into a protected design. Asst Prof Carlson shared, “We wanted to make sure that we could simulate what a real hacker would do. To implement these mathematical models, you have to really understand how flipping this bit on a chip modifies an AI algorithm, how to recover private keys to gain access to the chip, how to confuse a neural network so that it’s mislabelling an intruder as an innocuous animal, for example.” Much of the work, from this algorithmic analysis to the implementation of LABS, was completed by doctoral student Burin Amornpaisannon.
This project was first presented at the 2020 International Conference on Computer-Aided Design on 3 November 2020. It is part of a research programme under the National Research Foundation and is supported by the Ministry of Education as well as leading industry partners.
Designing chips for security
“Security needs to be a first-class citizen, taken into account during the hardware design phase. You want to make sure it’s secure without having to manufacture the chip. You don’t want to build your IoT device and then realise you’ve messed up,” explained Asst Prof Carlson.
To improve the software, the NUS team is equipping it with the ability to counter new attacks and more specific mitigation techniques. They are also exploring to extend its application beyond laser attacks, such as to those caused by electromagnetic pulses and voltage spikes.