{"632920":{"#nid":"632920","#data":{"type":"news","title":"Researchers Find New Security Problem is Hardware Power Systems","body":[{"value":"\u003Cp\u003EPasswords can be stolen just by monitoring unintentional electromagnetic emanations from a computer\u0026rsquo;s power management unit (PMU). Georgia Tech researchers discovered this new side-channel attack that can be used to extract sensitive data even if the attacker is 10 feet away or even separated by a wall.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;In the past five years, researchers are showing a lot of different vulnerabilities in hardware,\u0026rdquo; School of Computer Science Ph.D. student \u003Ca href=\u0022http:\/\/www.prism.gatech.edu\/~nsehatbakhsh3\/\u0022\u003E\u003Cstrong\u003ENader Sehatbakhsh\u003C\/strong\u003E\u003C\/a\u003E said. \u0026ldquo;Power management units are just one of many different hardware components that can leak secrets.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EThe Power Problem\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EWhile computer power used to be a simple on-off switch, new PMUs operate in up to 10 different states to preserve energy. Researchers found that each state emits a different electromagnetic signal that creates spikes in the frequency-domain spectrum, and as the activity increases so does the signal and the spikes.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ETyping characters creates periods of high-state activities in which the distance between state spikes can show the location of keys on a keyboard. With the right monitoring, an attacker can determine the number of characters or how many words are in a password, or even find the exact characters.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThis type of monitoring is called a side-channel attack, in which an attacker can extract sensitive data from physical signals produced by electronic activity within the device. Sound, temperature, power, and electromagnetic waves are common signals.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003E[RELATED: \u003C\/strong\u003E\u003Ca href=\u0022https:\/\/www.news.gatech.edu\/2018\/08\/09\/researchers-help-close-security-hole-popular-encryption-software\u0022\u003E\u003Cstrong\u003EResearchers Help Close Security Hole in Popular Encryption Software\u003C\/strong\u003E\u003C\/a\u003E\u003Cstrong\u003E]\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EPMU side-channel attacks can also be exploited to create a fast and stealthy covert communication. For example, a rogue employee could extract data outside of a secured company\u0026rsquo;s computer, breaking existing security.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EStopping the Side-channel\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESide-channel vulnerabilities are becoming more pervasive because security is not the first priority for hardware designers, according to Sehatbakhsh. Their primary goals are to create something fast and cost-effective, and security often slows down the process and becomes more expensive. Yet with more research like this, things could change, Sehatbakhsh said.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Now people are demanding extra security, so hopefully ignoring these vulnerabilities won\u0026rsquo;t be an option in the future.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAt this point in their work, the researchers are mostly exposing the problem, but there are potential solutions, Sehatbakhsh suggested. Adding randomness to the PMU would unsync power states from the data they provide; however, this solution might consume too much power for developers to implement it.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESehatbakhsh will present the research at the 26th International Symposium on \u003Ca href=\u0022https:\/\/www.hpca-conf.org\/2020\/\u0022\u003EHigh-Performance Computer Architecture\u003C\/a\u003E in San Diego from Feb. 22 to 26. He co-wrote the paper with School of Electrical and Computer Engineering (ECE) Ph.D. student \u003Ca href=\u0022https:\/\/www.linkedin.com\/in\/bakiberkayyilmaz\/\u0022\u003E\u003Cstrong\u003EBaki Berkay Yilmaz\u003C\/strong\u003E\u003C\/a\u003E, ECE Associate Professor \u003Ca href=\u0022https:\/\/alenka.ece.gatech.edu\/\u0022\u003E\u003Cstrong\u003EAlenka Zajic\u003C\/strong\u003E\u003C\/a\u003E, and SCS Professor \u003Ca href=\u0022https:\/\/www.scs.gatech.edu\/people\/11067\/milos-prvulovics\u0022\u003E\u003Cstrong\u003EMilos Prvulovic\u003C\/strong\u003E\u003C\/a\u003E.\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Passwords can be stolen just by monitoring unintentional electromagnetic emanations from a computer\u2019s power management unit (PMU)."}],"uid":"34541","created_gmt":"2020-02-25 15:52:50","changed_gmt":"2020-02-25 15:56:26","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2020-02-25T00:00:00-05:00","iso_date":"2020-02-25T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"632922":{"id":"632922","type":"image","title":"PMY set-up","body":null,"created":"1582646158","gmt_created":"2020-02-25 15:55:58","changed":"1582646158","gmt_changed":"2020-02-25 15:55:58","alt":"PMU set-up","file":{"fid":"240825","name":"near.JPG","image_path":"\/sites\/default\/files\/images\/near.JPG","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/near.JPG","mime":"image\/jpeg","size":876807,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/near.JPG?itok=3PXQznJc"}}},"media_ids":["632922"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}