Researchers Find Side-Channel Vulnerabilities in Analog to Digital Converters — So Design Their Own

Two teams of researchers at the Massachusetts Institute of Technology (MIT) have unveiled techniques for protecting smart devices on the Internet of Things (IoT) from side-channel attacks — by creating a new, more-secure high-throughput analog to digital converter (ADC), in direct response to a vulnerability they themselves discovered.

"Side-channel attacks are always a cat and mouse game," says Hae-Seung Lee, professor and director of the Microsystems Technology Laboratories at MIT. "If we hadn’t done the work, the hackers most likely would have come up with these methods and used them to attack analog-to-digital converters, so we are pre-empting the action of the hackers."

Those methods: An electromagnetic side-channel attack, based on earlier work using the power domain but operating entirely non-invasively — even when the probe was not in contact with the target component. As a potential attack scenario, the team highlighted one particularly worrying possibility: The theft of private data from the internal memories in implantable medical devices.

To protect against the attack, the first team created a new form of analog to digital converter (ADC) that includes a random number generator. This random number generator controls which of the ADC's capacitors switch and when, adding enough noise to the switching process to make it impossible to monitor the process and determine any useful information.

"The idea is to split up what would normally be a binary search process into smaller chunks where it becomes difficult to know what stage in the binary search process you are on," explains Maitreyi Ashok, first author of the paper detailing the approach. "By introducing some randomness into the conversion, the leakage is independent from what the individual operations are."

A related paper, by first author Ruicong Chen and colleagues in MIT's second team, uses a similar approach but concentrates on randomization of the conversion's start point. By effectively splitting an ADC into two halves with two separate thresholds, the team found the resulting ADC was nearly impossible to monitor through side-channel methods yet operates nearly as fast as an insecure ADC.

This isn't the first time a team at MIT has tackled the problem of securing devices against side-channel attacks: Earlier this year Mengjia Yan and colleagues unveiled DAGguise, an approach to protect against unauthorized memory access using a Directed Acyclic Request Graph — and which, it was claimed at the time, was successful in "completely eliminating information leakage."

The paper by Ashok and colleagues on ADC protection against power and electromagnetic side-channel attacks has been published in the Proceedings of the IEEE Custom Integrated Circuits Conference (CICC) 2022 under closed-access terms.