Bristol University, information leakage and sensitive personal data protection
Digital devices, such as smart banking cards or smartphones, are widely used to store private and sensitive data about peoples’ digital lives. However, securing these devices is a major task for the computing industry. A new research project by Bristol University’s Cryptography Research Group hopes to address the problem of leakage-related attacks.
Information leakage via side channels is a widely recognised threat to cyber security. Small devices in particular are known to leak information through physical channels, i.e. power consumption, electromagnetic radiation and timing behaviour. In other words, the power consumed by mobile phones can reveal information about the data stored on the phone and attackers could steal this data by capturing the leakage. This can ultimately lead to complete security breaches in the form of data recovery.
At present, accounting for leakage requires access to a fully-equipped testing lab with skilled people to conduct side channel experiments. This makes it virtually impossible for general cevice developers to test their products against leakage attacks as these labs are only available to high-end developers, such as those producing chip-and-pin cards.
The aim of the data leakage research project is to bring the skill of a testing lab to the desk of a standard consumer devices developer without the need for domain specific knowledge. To ensure the success of the project the research group has partnered with Embecosm, a leading developer of compiler toolchains.
Project leader Dr Elisabeth Oswald, Reader in Applied Cryptography in the Cryptography Research Group, said: “Our previous research has shown that in the case of small embedded devices, the nature of the leakages can be appropriately modelled using statistical tools.
“This project’s research hypothesis is that one can make meaningful statements about the leakage behaviour of new implementations on such small devices by utilising a priori derived models.”
The researchers hope the project will lead to a new generation of devices providing consumers with high-end security in low-end devices, as well as protecting consumers’ sensitive information. This is another important step on the arms race between the good and the bad guys as the world gets even more digital and attackers become more sophisticated.