Despite their name, smart devices make our personal information vulnerable to hackers and criminals — as witnessed in the global ransomware hack.

Personal information stored on our smart devices, such as credit and debit cards, interfaces with smart card readers, which in turn allows the smart card readers to do more intelligent things.

“The flow of information between a smart card and the reader is something you want to protect,” said Dr. Howard Heys, an electrical and computer engineering professor in the Faculty of Engineering and Applied Science.

“In fact, we assume that when we put our smart cards into smart card readers that we can trust the reader. It’s quite possible that that reader is trying to get information from the smart card that it’s not allowed to access — information that’s hidden by a cryptographic key.”

Cryptography research

In a world where our smart cards are inserted into readers several times each day, protecting our personal information is very important. Dr. Heys’ research in lightweight cryptography is helping us do just that.

Lightweight cryptography refers to the design and implementation of security algorithms that are targeted to digital hardware systems constrained in resources, such as area, power or energy.

“My research investigates the design, implementation and application of lightweight cryptographic algorithms targeted to embedded systems, such as smart cards and cellphones.” — Dr. Howard Heys

Such systems are typically embedded, as is the case in smart devices.

“The constrained nature of many embedded systems pose unique challenges for the design of system security,” said Dr. Heys.

“My research investigates the design, implementation and application of lightweight cryptographic algorithms targeted to embedded systems, such as smart cards and cellphones, to ensure that information stored on the device is secure.”

Mitigating attacks

Since many embedded systems use multiple cryptographic algorithms, it is important to examine aspects such as resource sharing to improve efficiency.

Dr. Heys is therefore investigating how the designs and implementations allow attacks — such as a smart card reader analyzing how much power a smart card is consuming — and is exploring methods to mitigate such attacks.

“We hope to create new lightweight encryption by analyzing new and existing algorithms to find areas where they are most vulnerable,” said Dr. Heys.

“We also plan to develop new and more efficient ways to implement algorithms.”

Dr. Heys adds that while a smart card is probably smart enough to not give out information it shouldn’t, the reader could be analyzing how much power the smart card is consuming while it’s plugged it, and from the amount of power the smart card is using, it is possible to find out information about the key.

“Your credit card doesn’t have any power, but when it’s inserted into a reader, the reader gives it power to do computations or cryptographic algorythms.”