By Jackey Locke

The introduction of smart devices has made our personal information more vulnerable. Personal information stored on smart devices, such as our credit and debit cards, interfaces with smart card readers, which allows the readers to do more intelligent things.

“The flow of info between a smart card and the reader is something you want to protect,” said Dr. Howard Heys, an electrical and computer engineering professor in the Faculty of Engineering and Applied Science. “In fact, we assume that when we put our smart cards into smart card readers that we can trust the reader. It’s quite possible that that reader is trying to get information from the smart card that it’s not allowed to access - information that’s hidden by a cryptographic key.”

Dr. Heys adds that while smart cards are probably smart enough not to give out information it shouldn’t, when it’s plugged into a reader, the reader could be analyzing how much power the smart card is consuming, and from the amount of power the smart card is using it is possible to find out information about the key.

“Your credit card doesn’t have any power, but when it’s inserted into a reader the reader gives it power to do computations or cryptographic algorythms,” he explained.

In a world where our smart cards are inserted into readers several times each day, protecting our personal information is very important, and Dr. Heys’ research in lightweight cryptography is helping us do just that.

Lightweight cryptography refers to the design and implementation of security algorithms that are targeted to digital hardware systems constrained in resources, such as area, power or energy. Such systems are typically embedded, as is the case in smart devices.

“The constrained nature of many embedded systems pose unique challenges for the design of system security,” said Dr. Heys. “My research investigates the design, implementation and application of lightweight cryptographic algorithms targeted to embedded systems, such as smart cards and cell phones, to ensure that information stored on the device is secure.”

Since many embedded systems use multiple cryptographic algorithms, it is important to examine aspects such as resource sharing to improve efficiency. In addition, Dr. Heys is investigating how the designs and implementations allow attacks, such as a smart card reader analyzing how much power a smart card is consuming, and he is exploring methods to mitigate such attacks.

“We are using digital hardware design tools,” said Dr. Heys. “We hope to create new lightweight encryption by analyzing new and existing algorithms to find areas where they are most vulnerable to attacks. We also plan to develop new and more efficient ways to implement algorithms.”