Logo

How leaky is your device?

A new generation of digital devices that will protect consumers from cyber-attacks could be a step closer thanks to a grant of over ?1 million from the Engineering and Physical Sciences Research Council (EPSRC) awarded to the University of Bristol for a research project to protect consumers’ sensitive data.

  • 8 years ago Posted in
Digital devices, such as smart banking cards or smart phones, are widely used to store private and sensitive data about peoples’ digital lives. However, securing these devices is a major task for the computing industry.  The research project by the University’s Cryptography Research Group hopes to address the issue of leakage-related attacks.
 
Information leakage via side channels is a widely recognised threat to cyber security.  In particular small devices are known to leak information through physical channels, i.e. power consumption, electromagnetic radiation, and timing behaviour.  In other words, the power consumed by mobile phones can reveal information about the data stored on the phone and attackers can steal this data by managing to capture the leakage. This can ultimately lead to complete security breaches in the form of data recovery.
 
At present, accounting for leakage requires access to a fully equipped testing lab, and skilled people to conduct side channel experiments. This makes it virtually impossible for the general developers of devices to test their implementations against leakage attacks as these labs are only available to high-end developers, such as those producing chip-and-pin cards.
 
The aim of the research project is to bring the skill of a testing lab to the desk of a developer of standard consumer devices, without the need for domain specific knowledge. To ensure the success of the project the research group have partnered with a leading developer of compiler toolchains, Embecosm. 
 
Dr Elisabeth Oswald, Reader in Applied Cryptography in the Cryptography Research Group and who is leading the project, said: “Our previous research has shown that in the case of small embedded devices, the nature of the leakages can be appropriately modelled using statistical tools. 
 
“This project's research hypothesis is that one can make meaningful statements about the leakage behaviour of new implementations on such small devices by utilising a priori derived models.”
 
The researchers hope the project will lead to a new generation of devices that will provide consumers with high-end security in low-end devices, and also protect consumers’ sensitive information. As the world gets even more digital, and attackers become more sophisticated, this is another important step on the arms race between the good guys and the bad guys.

89% of security leaders think traditional security approaches are failing in the face of modern threats

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...

Lack of automated patch management a remote security risk

73% of organizations lack automated patch management, and 62% experienced incidents involving...

Dell Technologies and AWS collaborate

Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...

Costs, cyberattacks and compliance - cause for concern

Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...

Avast research finds growing security challenges for SMBs

Research from Avast has found that employees in almost a third (31%) of Small and Medium...

Security and governance among top IT needs

This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...

Palo Alto Networks shifts left with Prisma Cloud 3.0

Palo Alto Networks has introduced Prisma® Cloud 3.0, said to be the industry’s first integrated...

Urgent need for new way to discuss business risk

Trend Micro has published new research revealing that 90% of IT decision makers claim their...

© 2024 - Angel Business Communications Limited

Made with by Angels