Dr. Osnat Keren: Secure Hardware – Fighting Side Channel Attacks

Dr. Osnat Keren: Secure Hardware – Fighting Side Channel Attacks (Enlarge)

Dr. Osnat Keren’s interest in secure hardware began when she was studying codes for enhancing the reliability of hardware systems. She earned two degrees in Electrical Engineering from the Technion, pursued her PhD in coding theory at Tel Aviv University, and she worked as an algorithms developer in hi-tech companies. About twelve years ago she returned to academia, where she focused on spectral methods for logic design. Her research interests then turned to secure hardware.

Now a lecturer at BIU's Alexander Kofkin Faculty of Engineering, she remembers: “I became interested in this field due to an increasing need to mitigate malicious attacks on hardware system,” explains Dr. Keren. “Apparently, all existing methods of protecting these systems aimed to enhance their reliability and fail to provide security. I began searching for codes to detect attacks that may change the flow of the data and cause leakage of secrete or private information. In other words, I needed codes that can detect malicious attacks on hardware systems.”  

A few years ago, Dr. Keren joined forces with Prof. Alex Fish, of the Faculty of Engineering’s Nano-Electronic study track, and the two begin developing circuit level countermeasures against non-invasive power analysis attacks. “Such attack enables the attacker to detect    a cryptographic secret key quite easily,” explains Dr. Keren.  This collaboration produced a unique approach to reduce the information leakage by reducing the correlation between the computed data and the profile of the consumed current. “This solution is unique in that it protects the system in the circuit level, and not in high abstraction levels such as the system’s architecture, algorithms, etc. It is this method’s main strength. If someone attempts to neutralize circuit level countermeasures, the chip will malfunction, and that will immediately annul the attack.” 

Keren and Fish’s research group, which also includes a lab engineer and several graduate students, works in the (forming) Impact Research Center - EnICS Labs. The center, joined by several Engineering Faculty members, conducts studies on nanometric chips and leads dozens of collaborative projects with the local and international industry bodies and research groups.

Dr. Keren’s other research group, which also includes three graduate students, has recently listed in impressive accomplishment in detecting fault injection attacks. “Linear codes are widely used in the industry, thanks to the simplicity of their structure. As far as malicious attackers are concerned, these codes are ideal for side channel attacks since they can inject errors into the system, using lasers, voltage variations, etc., without being detected. Once injected, the system simply shifts from one legal state to another, in a way invisible to the user,” explains Dr. Keren. “One solution is to use nonlinear codes – unfortunately, those too, were vulnerable to certain error patterns and a strong attacker can tamper with the system without being noticed. So our objective was to find a way to build a nonlinear, robust code, which will detect any attack.

We constructed a class of optimal or nearly optimal robust codes. That means that given constraints on the size and length of the code, the code we constructed is of maximal effectiveness. It provides the maximal possible error detection probability.”

“Moreover, to date, no robust codes can correct errors. They can detect the attack, but cannot correct natural errors. Once those codes detect that the system is under attack, they would simply shut the system down. Our breakthrough is in that we design a coding scheme that enables the detection of malicious errors, while at the same time can correct natural ones (those damaging a small number of symbols in the code word). This innovative method enables the chip to work impeccably when not under attack, and should it fall into malicious hands or be tempered with, we will most probably be able to identify it and enable the upper layers to decide whether to burn the chip or manipulate the attacker. But that’s a whole different story.”

**Article originally published in the March 2018 Newsletter of the Faculty of Engineering