Thwarting attacks on the Internet of Things

Friday, February 10, 2017

In one corner of Professor Catherine Gebotys’s lab, a laser beam is strategically aimed to disrupt circuit board operations. Nearby, electromagnetic pulses bombard an uncapped chip while a couple of graduate students track the results on an oscilloscope screen.

By probing for vulnerabilities that hackers could exploit, her team at the University of Waterloo’s Faculty of Engineering is making the Internet of Things more secure.

They’ve got their work cut out for them. Embedded chips — the kind you find in credit cards, Fitbits, smartphones and a host of other devices — are frequent targets for tech-focused crime.

Take the example of side-channel attacks. When the hardware on a device is encrypting data, Gebotys explains, it gives off electromagnetic waves that can be parsed to reveal the confidential information. Meanwhile, directing laser beams or electromagnetic waves at a device — a so-called fault-injection attack — produces information that hackers can use to infer the encryption key.

Catherine Gebotys and students

Professor Catherine Gebotys (center) poses with PhD student Karim Amin (left) and research associate Mustafa Faraj (right) from her research group working on improving security for the Internet of Things.