Hackers on top of their game can steal a computer’s secrets by timing its data storage transactions or measuring its power use.
Attacks that use these indirect sources of information are side-channel attacks, and the increasing popularity of cloud computing makes them an even greater threat. An attacker would have to be pretty motivated to install a device in your wall to measure your computer’s power consumption. But it’s comparatively easy to load a bit of code on a server in the cloud and eavesdrop on other applications running.
While hackers are eavesdropping, cryptographers are investigating ways of stopping them.
Shafi Goldwasser, the RSA Professor of Electrical Engineering and Computer Science at MIT, and her former student Guy Rothblum, who’s now a researcher at Microsoft Research, posted a report describing a general approach to mitigating side-channel attacks.
In addition to preventing attacks on private information, the technique could also protect devices that use proprietary algorithms so pirates or competitors can not reverse-engineer them, Goldwasser said.
Today, when a personal computer is in use, it’s usually running multiple programs — say, a word processor, a browser, a PDF viewer, maybe an email program or a spreadsheet program. All the programs are storing data in memory, but the laptop’s operating system won’t let any program look at the data stored by any other. The operating systems running on servers in the cloud are no different, but a malicious program could launch a side-channel attack simply by sending its own data to memory over and over again. From the time the data storage and retrieval takes, it can infer what the other programs are doing with remarkable accuracy.
Goldwasser and Rothblum’s technique obscures the computational details of a program, whether it’s running on a laptop or a server. Their system converts a given computation into a sequence of smaller computational modules. Data fed into the first module encrypts, and at no point during the module’s execution does it decrypt. The still-encrypted output of the first module feeds into the second module, which encrypts it in yet a different way, and so on.
The encryption schemes and the modules arrange so the output of the final module is exactly the output of the original computation. But the operations performed by the individual modules are entirely different. A side-channel attacker could extract information about how the data in any given module ends up encrypted, but that won’t let him deduce what the sequence of modules do as a whole.
“The adversary can take measurements of each module, but they can’t learn anything more than they could from a black box,” Goldwasser said.
The report describes a type of compiler, a program that takes code written in a form intelligible to humans and converts it into the low-level instruction intelligible to a computer. There, the computational modules are an abstraction: The instruction that inaugurates a new module looks no different from the instruction that concluded the last one. But report said the modules end up executed on different servers on a network.
The danger of side-channel attacks “has been known since the late ’90s,” said Nigel Smart, a professor of cryptology in the computer science department at the University of Bristol in England,
“There’s a lot of engineering that was done to try to prevent this from being a problem,” Smart says, “a huge amount of engineering work. This is a megabucks industry.” Much of that work, however, has relied on trial and error, Smart said. This study “is a much more foundational study, looking at really foundational, deep questions about what is possible.”