New system developed by UC3M and CSIC
This platform, whose objective is to improve smartphone security and that of other electronic devices, was recently presented in Canada in an international conference on security and privacy on the Internet of Things (Workshop on Security and Privacy on Internet of Things).
This research focuses on "lateral movement attacks", which happen when "someone tries to take advantage of a circumstance (in this case, any electric current producing a magnetic field) for illicit purposes (in this case, the attacker tries to extract the private password from the encryption, to which he theoretically should not have access)", explained one of the researchers, José María de Fuentes, UC3M Computer Security Lab (COSEC).
Traditionally, they tried to attack the encrypted algorithm, that is, the process to protect data, which normally has a complicated mathematical base. Later, this type of lateral movement attacks have been developed to seek other ways of breaching security without having to "break" the math upon which it is based. "When the devices are on, they use energy and generate electromagnetic fields. We try to capture their traces to obtain the encryption key and at the same time, decipher the data," explained another of the researchers, Lorena González, who is also from the UC3M COSEC.
"We want to make it known that these type of devices have vulnerabilities, because if an adversary attacks them, that is, if someone calculates the password that you are using on your cell phone, it will make you vulnerable, and your data will no longer be private," affirmed one of the other researchers, Luis Hernández Encinas. Hernández Encinas is from CSIC's Instituto de Tecnologías Físicas y de la Información - ITEFI (Institute for Physical and Information Technologies).
The basic aim of this research is to detect and make known the vulnerabilities of electronic devices and that of their chips, so that software and hardware developers can implement appropriate countermeasures to protect user security. "Our work then will be to verify is this has been carried out correctly and try to attack again to check it there is any other type of vulnerabilities," added Hernández Encinas.
The most relevant aspect of the project, according to the researchers, is that an architecture and work environment is being develop in which this type of lateral movement attacks can continue to be explored. In fact, it is possible to extract encrypted information from other data, such as variations in temperature of the device, the power consumption, and the time it takes a chip to process a calculation.
This research has been carried out in the framework of CIBERDINE (Cybersecurity: Data, Information, Risks), a R+D+i program funded by the Consejería de Educación, Cultura y Deporte (Board of Education, Culture and Sport) of the Madrid Autonomous Region and by Structural Funds from the European Union.. Its main objective is to develop technological tools aimed at making cyberspace a safe, secure and trustworthy environment for public administrations, citizens and companies. For that purpose, this research pursues three broad areas: massive analysis of data networks, cooperative cybersecurity and support systems for decision making in this area.
Bibliographic references: A Framework for Acquiring and Analyzing Traces from Cryptographic Devices. A. Blanco Blanco, J.M. de Fuentes, L. González Manzano, L. Hernández Encinas, A. Martín Muñoz, J.L. Rodrigo Oliva, I. Sánchez García. Workshop on Security and Privacy on Internet of Things (SePrIoT) 2017. 13th EAI International Conference on Security and Privacy in Communication Networks. 25th October 2017, Niagara Falls, Canada. http://www.
Further information: CIBERDINE program: http://www.
Video: Researchers interview https:/
Javier Alonso Flores | EurekAlert!
New Foldable Drone Flies through Narrow Holes in Rescue Missions
12.12.2018 | Universität Zürich
NIST's antenna evaluation method could help boost 5G network capacity and cut costs
11.12.2018 | National Institute of Standards and Technology (NIST)
The more objects we make "smart," from watches to entire buildings, the greater the need for these devices to store and retrieve massive amounts of data quickly without consuming too much power.
Millions of new memory cells could be part of a computer chip and provide that speed and energy savings, thanks to the discovery of a previously unobserved...
What if, instead of turning up the thermostat, you could warm up with high-tech, flexible patches sewn into your clothes - while significantly reducing your...
A widely used diabetes medication combined with an antihypertensive drug specifically inhibits tumor growth – this was discovered by researchers from the University of Basel’s Biozentrum two years ago. In a follow-up study, recently published in “Cell Reports”, the scientists report that this drug cocktail induces cancer cell death by switching off their energy supply.
The widely used anti-diabetes drug metformin not only reduces blood sugar but also has an anti-cancer effect. However, the metformin dose commonly used in the...
A research team from the University of Zurich has developed a new drone that can retract its propeller arms in flight and make itself small to fit through narrow gaps and holes. This is particularly useful when searching for victims of natural disasters.
Inspecting a damaged building after an earthquake or during a fire is exactly the kind of job that human rescuers would like drones to do for them. A flying...
Over the last decade, there has been much excitement about the discovery, recognised by the Nobel Prize in Physics only two years ago, that there are two types...
12.12.2018 | Event News
10.12.2018 | Event News
06.12.2018 | Event News
14.12.2018 | Power and Electrical Engineering
14.12.2018 | Physics and Astronomy
14.12.2018 | Physics and Astronomy