In order to hack a system and intercept critical information, attackers do not necessarily have to enter a system digitally. Technical devices, such as smartphones, computers or an electronic key cards, consist of computer chips that can be attacked from the outside despite their cryptographic encryption. For example, hackers can record physical signals such as current fluctuations and use them to gain information about the system. Or they fire a device with electromagnetic impulses which trigger errors in the encryption and thus provides information about the secret key.
While digital encryption offers a high level of security through complex mathematical processes, data protection at the physical level requires different, often complex approaches. For instance, information can be hidden in tables wth randomly changing masks or encryptions in the computer chip can change their location by themselves. In order to develop and research such methods, the DFKI Cyber-Physical Systems research department led by Prof. Dr. Rolf Drechsler has been working on the project "Security by Reconfiguration" (SecRec) for three years. The novel procedures have now been presented to the German Federal Ministry of Education and Research (BMBF).
Encryption components that change location by themselves
As the Internet of Things (IoT) becomes more widespread, computer chips and cyber-physical systems have an increasing influence on everyday objects and give them new advantages. One example are digital key cards in hotels, which are programmed to open certain doors and lose this function as soon as they are stolen. The key itself therefore only exist digitally - which is a disadvantage for normal thieves but an invitation for experienced hackers. Using a so-called fault injection analysis, the functionality of the key card can be analyzed and then cracked. In other systems, the voltage fluctuations can make information readable and therefore represent a risk to security.
In order to develop methods to fix these vulnerabilities, the researchers of the DFKI use so called field-programmable gate arrays (FPGA). These are computer chips whose interconnection can be flexibly configured at hardware level. The flexibility of the chip enables the approach of partial reconfiguration: The researchers have succeeded in installing an encryption unit on an FPGA that changes its location by itself and configures itself in different places. This property makes attacks from outside more difficult, because the information received about the system has to be combined and thus becomes worthless as soon as the encryption moves to a new location.
To verify the method, a probe was positioned over an FPGA in an experimental setup which records the electromagnetic signals of the encryption unit and presents them on an oscilloscope. By the varying strength of the signal it could be proven that the “moving target”, the cryptographic encryption, actually configures itself at different locations and thereby makes an attack from the outside considerably more difficult.
Tests with attacks based on Machine Learning
In the project "Security by Reconfiguration - Physical Security through Dynamic Hardware Reconfiguration" (SecRec), which started in 2017, the DFKI and various partners created the basis for a future-oriented security technology that will become relevant for more and more areas with the increasing use of Internet of Things. The SecRec project consortium consists of the FZI Research Center for Information Technology, Mixed Mode GmbH, Friedrich-Alexander-Universität Erlangen-Nürnberg and Robert Bosch GmbH, which – after the completion of the project – will test the new procedure by attacks with machine learning methods.
The consortium presented the results to the Federal Ministry of Education and Research (BMBF), which funded the project over a period of three years with 2.9 million euros. While the DFKI is planning to continue the research internally, the FZI Research Center for Information Technology is looking into the application of the methods: their development and scalability on other systems.