AbstractThe Internet of Things (IoT) has become a reality: small connected devices feature in everyday objects including childrens’ toys, TVs, fridges, heating control units, etc. Supply chains feature sensors throughout, and signiﬁcant investments go into researching next-generation healthcare, where sensors monitor wellbeing. A future in which sensors and other (small) devices interact to create sophisticated applications seems just around the corner. All of these applications have a fundamental need for security and privacy and thus cryptography is deployed as part of an attempt to secure them.
This thesis explores a particular type of security threat against IoT devices, namely side channel attacks (SCA), that has been proven only more powerful over the years. In brief, a side channel attack targets the implementation of security measures and recovers secret data by exploiting execution related information. For instance, secret keys can be recovered by statistically analysing the timing or power consumption of the execution of cryptographic algorithms, or sometimes results of faulty executions; data protected in encrypted packets can be revealed by the length of packets and timing of responses.
Three vulnerabilities in IoT applications have been identiﬁed in this work including a ﬂawed Random Number Generator (RNG) design, an eﬀective application of Diﬀerential Power Analysis (DPA) and the practicability of Traﬃc Analysis (TA). These vulnerabilities commonly exist in many IoT scenarios and thus should be taken into account when designing new applications.
|Date of Award||19 Mar 2019|
|Supervisor||M E Oswald (Supervisor) & Theo Tryfonas (Supervisor)|