Written by James Orme Thu 28 Feb 2019

US researchers claim to have created a system that improves the security of IoT devices

Researchers claim to have developed a new algorithm which can help protect devices such as remote car keys from cyber attacks.

Scientists at two US universities have created a programme that regulates how some small devices emit more power and electromagnetic radiation when encoding or decoding information.

They say these different radiation patterns and signals given off by such devices can be spotted and used by hackers as a way of working out how to gain access to encrypted information.

Their research explains that hackers can use these patterns to reverse engineer a system to understand how it works and therefore any weaknesses that may exist.

‘Alters the design process’

Assistant professor Mike Borowczak, from the University of Wyoming, and University of Cincinnati professor Ranga Vemuri claim their algorithm alters the design process to make such devices more secure.

“You take the design specification and restructure it at an algorithmic level, so that the algorithm, no matter how it is implemented, draws the same amount of power in every cycle,” Professor Vemuri said.

“We’ve basically equalised the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.”

They say devices designed using their algorithm use only around 5 percent more power, which they hope could make the system “commercially viable”.

The researchers also warned that the small size of such devices meant they currently placed little emphasis on security as engineering focus was on speed, power and cost.

Professor Borowczak said it was a common misconception that good cybersecurity was carried out solely using software.

“In general, we believe that because we write secure software, we can secure everything,” he said.

“Regardless of how secure you can make your software, if your hardware leaks information, you can basically bypass all those security mechanisms.”