Smart research: Engineering prof researching ways to keep personal information safe
Despite their name, smart devices make our personal information vulnerable to hackers and criminals – as witnessed in the global ransomware hack.
Personal information stored on our smart devices, such as credit and debit cards, interfaces with smart card readers, which in turn allows the smart card readers to do more intelligent things.
“The flow of info between a smart card and the reader is something you want to protect,” said Dr. Howard Heys, an electrical and computer engineering professor in the Faculty of Engineering and Applied Science.
“In fact, we assume that when we put our smart cards into smart card readers that we can trust the reader. It’s quite possible that that reader is trying to get information from the smart card that it’s not allowed to access - information that’s hidden by a cryptographic key.”
In a world where our smart cards are inserted into readers several times each day, protecting our personal information is very important. Dr. Heys’ research in lightweight cryptography is helping us do just that.
Lightweight cryptography refers to the design and implementation of security algorithms that are targeted to digital hardware systems constrained in resources, such as area, power or energy.
Such systems are typically embedded, as is the case in smart devices.
“The constrained nature of many embedded systems pose unique challenges for the design of system security,” said Dr. Heys.
“My research investigates the design, implementation and application of lightweight cryptographic algorithms targeted to embedded systems, such as smart cards and cell phones, to ensure that information stored on the device is secure.”
Since many embedded systems use multiple cryptographic algorithms, it is important to examine aspects such as resource sharing to improve efficiency.
Dr. Heys is therefore investigating how the designs and implementations allow attacks – such as a smart card reader analyzing how much power a smart card is consuming – and is exploring methods to mitigate such attacks.
“We hope to create new lightweight encryption by analyzing new and existing algorithms to find areas where they are most vulnerable,” said Dr. Heys.
“We also plan to develop new and more efficient ways to implement algorithms.”
Dr. Heys adds that while smart cards are probably smart enough not to give out information it shouldn’t, the reader could be analyzing how much power the smart card is consuming while it’s plugged in, and from the amount of power the smart card is using it is possible to find out information about the key.
“Your credit card doesn’t have any power, but when it’s inserted into a reader the reader gives it power to do computations or cryptographic algorythms.”