Photo: Pixnio/Bicanski


With Data Science against hacker attacks

Encoding data securely is often not enough: private information can also be hacked by examining the hardware functions of a mobile phone. Yossi Oren from Ben-Gurion University in Israel is investigating how smartphones can be protected against such attacks. For his research, he is looking for reinforcement in the context of a HIDA exchange.
Yossi Oren (center) with some members of his research laboratory at the Ben-Gurion University of the Negev in Israel. Photo: Oren Lab

Have you ever considered that your phone case could be spying on you? Yossi Oren has, and you might want to look into it, too. He researches side-channel attacks – attacks that use your hardware to get to your secrets – as a senior lecturer and member of Ben Gurion University’s Cyber Security Research Center in Israel. 

This year, Yossi Oren’s lab is looking for Helmholtz data scientists to collaborate with as part of the DSRC@BGU : HIDA exchange program. Don’t miss the chance and apply now to take part in the exchange supported by the Helmholtz Information & Data Science Academy. Deadline is June 19, 2020.

Mr. Oren, what are side-channel attacks and how does your lab work to prevent them? Why is this important? 

Side-channel attacks are techniques for getting secrets out of various secure devices using physical “tricks”. For example, if you have a device that encrypts data, a side-channel analyst can try to look at the power consumption of the device, the way it accesses memory, even the sounds it makes, instead of trying to solve the complex mathematical equations behind the cipher. My lab focuses on protecting secrets related to humans - their identities, their browsing habits, their affiliations, etc.
It is very important to protect against side-channel attacks since attackers always go for the weakest part of the system. If a system uses the most powerful cipher known to man, but it can be broken by measuring how long it takes to respond, then this cipher is useless.  Similarly, if a privacy-conscious user uses the most secure web browser in its most paranoid setting, but an attacker is able to analyze the browser’s network traffic, the user’s privacy may be compromised. 

Can you give us a real-life example?

A famous real-life example would be the method the British GCHQ [Government Communications Headquarters, British intelligence and security organization, T.N.] spied on the Egyptians during the Suez Canal Crisis, as described by former MI5 officer Peter Wright. I am not going to elaborate on this method here!

How did you come to this research?

I am an electrical engineer by training, and I am always curious about the boundaries between theory and implementation.  

What is it like to work at your lab?

I have a relatively small research group, so I am relatively more available for hands-on work with students than more established researchers are. The downside of this is that it’s not so easy to “drift along” in my group since there are no huge projects and so the students are responsible for their own success. Since much of my work is experimental, the atmosphere in the lab is somewhat closer to a biology lab than a theoretical computer science lab, with students collaborating with each other and teaching each other.

You’re asking participants in the exchange project to collaborate on this question with you: “Can we use machine learning to implement OS-level defenses from attacks on smartphone sensors?” Why is this question important to answer? Why use machine learning in this case?

We depend on sensors for many important decisions, and it’s actually quite easy to trick them and take control of them. We also know that it’s possible to protect against sensor attacks using machine learning. The problem is how to get this defense into the hands of as many users and apps as possible, and this has to be through the operating system. 

Have you ever spent time in another country for a research project? What was it like?

During my graduate studies, I visited two research groups abroad: TU Graz in Austria, and UC Louvain in Belgium. I highly recommend it! It was very interesting to me to be challenged by how other cultures approach “soft skills" issues such as problem-solving, planning, collaboration, criticism, etc. It’s very different than the way it’s done in Israel! After you see other cultures, you are also able to look at your own behavior and perhaps learn some lessons about yourself.