The broader impact/commercial potential of this I-Corps project is the development of a smart phone charging technology that protects the privacy of users who charge their phones at public charging hubs. By virtue of being public, such hubs are a prime target for tampering by malicious actors who could embed illicit meters that perform power analytics to glean information about keys typed, websites visited, multimedia content consumed, etc. The proposed system mitigates these attacks and may be of significant value to frequent travelers given that they often find themselves having to charge their phones at hubs that are within the jurisdiction of entities that might not be trustworthy. Beyond individual frequent travelers, the proposed technology also may be of value to companies seeking to mitigate the security threat posed by employees who connect to the company network using their phones. As smart phones increasingly become central to activities such as communication, banking, storage of sensitive data, etc., the proposed technology has the potential to significantly augment end-user security.
This I-Corps project is based on the development of a defensive charging scheme designed to mitigate power side-channel attacks during the charging process. The hardware form of the proposed technology is a charger or charger add-on that morphs the power drawn by the phone during charging. It consists of a micro-controller and metal–oxide–semiconductor field-effect transistors (MOSFETs) that switch on and off random combinations of resistors while the phone is being charged. The variation in resistance, in turn, produces the effect needed to obfuscate the true footprint of the phone’s power draw. The software form of the solution uses bogus operations (e.g., random image rotations) in the background while the phone is being charged. These operations cause disruptions in computer processing unit (CPU) and memory load needed to obfuscate the phone’s true power draw. The system has been designed to minimize the impact on charging time and the CPU and memory used by the software approach. By virtue of being external to the phone, the hardware option does not consume CPU/memory on the phone. As a software solution, this technology may offer convenience given that it runs automatically during charging and could easily be updated as threats and the defense mechanism evolve.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
