‘Side-channel’ attacks, new cyberdefense techniques focus of Montana State U. research
The Idaho National Laboratory announced Monday it awarded two grants to researchers at Montana State University to advance their efforts in making the country’s critical infrastructure safer from cyberattacks.
With the grants, awarded last month, professors from the university’s Department of Electrical and Computer Engineering and the Gianforte School of Computing will research “side-channel attacks,” which bad actors use to passively monitor the power consumption of computer systems. Attackers can use that information to determine when a system is most vulnerable to attack.
The researchers’ work seeks to protect electrical power grids, water treatment plants and health care networks from those attacks by obfuscating comptuers’ power signatures.
“There are foreign adversaries that would like to cause chaos by potentially weakening our defense,” Brock LaMeres, an electrical and computer engineering professor at the university, said in a press release. “There are also domestic attackers who wish to make money off ransomware attacks and bad actors who simply want to see whether they can bring something down.”
LaMeres is working with Montana State University computer science professor Clemente Izurieta to eliminate power signatures through the use of a field-programmable gate array, a type of integrated circuit that can be customized after manufacture, allowing computers to create random signals to help defend against attacks.
“Think of it as randomizing a sentence’s letters by scrambling them,” Izurieta said in a release. “And only we–not the hackers–know how to unscramble that. So, an attacker won’t be able to do nefarious things with these computers. We can borrow from these scrambling technologies to create random signatures that hackers will not be able to understand when performing side-channel attacks.”
The other grant will support MSU electrical and computer engineering professor Bradley Whitaker’s research that focuses on identifying and monitoring potentially malicious incoming instructions from bad actors.
“My aim is to automatically detect and interpret how computers talk to each other,” Whitaker said in a release. “From a security perspective, you can insert yourself into a communication pipeline without disturbing the incoming message in a way that neither the sender nor the receiver would know that the communication was intercepted. As some people say, the best cyber defense is a good cyber offense.”
