Sign in with
Sign up | Sign in

How Scientists Plan to Stop Nasty Side-Channel Attacks

By - Source: ECCC | B 13 comments

Side-channel attacks are considered by many computer security experts as one of the greatest security risks in cloud computing.

Shafi Goldwasser at MIT and Guy Rothblum at Microsoft Research are proposing a technique that could alleviate the threat of such attacks, which often rely on an attacker being able to listen to the "noise" of computer processes. Side-channel attacks are frequently timing storage transactions and are measuring the power use of a systems to make conclusions of a system's activity and ultimately open a door to critical data.

According to Goldwasser and Rothblum, such an attack would only require a piece of code loaded on a cloud server, which could eavesdrop on the activity of applications. A side-channel attack is still a very sophisticated attack in secure server environments, as it would require a hacker to send code to the server's memory and back and use the measured time to draw conclusions when other programs are active. The researchers say that such an attack can reveal such data with "remarkable accuracy".

To mitigate the threat, the researchers suggest to obscure the activity of a program in which it writes and retrieves data from the memory. In a paper published by the Electronic Colloquium on Computational Complexity, they describe a method in which a computation is sliced into modules to create a computation sequence. Data that is transferred will be encrypted in stages and multiple ways using different encryption methods, but deliver decrypted output at the end of the chain that "is exactly the output of the original computation."

As a result, an attacker would be able to listen to each computational module, but he would not be able to draw conclusions of what the sequence looks like as whole or what it actually does.

“The adversary can take measurements of each module,” Goldwasser said, “but they can’t learn anything more than they could from a black box.”

The entire approach is based on the thought to make leaking data more secure. If found effective, the method could be implemented fairly easily as it does not require any changes to "secure" hardware components, the researchers said.

Display 13 Comments.
This thread is closed for comments
Top Comments
  • 10 Hide
    memadmax , May 4, 2012 7:50 AM
    Or, just avoid "cloud" like the plague....
    Too many tech noobs falling for this crap....

    If you are concerned with storage, get a 1TB hard drive and a stack of DVD's.... If you have that much crap, you might want to think about cleaning out your junk.....
    On the plus side, you don't have to pay monthly fees, your data will always be there, and it will be faster, no download wait times.........
  • 10 Hide
    theconsolegamer , May 4, 2012 9:00 AM
    PHUCK THE CLOUD. WHY WOULD I PAY SOMEBODY ELSE TO STORAGE MY SH!T? THAT'S RETARDED.
Other Comments
  • -3 Hide
    dreadlokz , May 4, 2012 7:35 AM
    I just like when it grows!
    Can't wait to get my personal cloud computer home server and my super fast devices =)
  • 10 Hide
    memadmax , May 4, 2012 7:50 AM
    Or, just avoid "cloud" like the plague....
    Too many tech noobs falling for this crap....

    If you are concerned with storage, get a 1TB hard drive and a stack of DVD's.... If you have that much crap, you might want to think about cleaning out your junk.....
    On the plus side, you don't have to pay monthly fees, your data will always be there, and it will be faster, no download wait times.........
  • 10 Hide
    theconsolegamer , May 4, 2012 9:00 AM
    PHUCK THE CLOUD. WHY WOULD I PAY SOMEBODY ELSE TO STORAGE MY SH!T? THAT'S RETARDED.
  • -3 Hide
    frostmachine , May 4, 2012 9:01 AM
    E
    memadmaxOr, just avoid "cloud" like the plague....Too many tech noobs falling for this crap....If you are concerned with storage, get a 1TB hard drive and a stack of DVD's.... If you have that much crap, you might want to think about cleaning out your junk.....On the plus side, you don't have to pay monthly fees, your data will always be there, and it will be faster, no download wait times.........


    Except when there's a fire, flood, earthquake, lightning strike or maybe a tornado. Admit it, most people store their backups in the same room as their computer. If anything happens to that room, well so much for monthly scheduled backups.

    If you are really unlucky, a burglar or a well-aimed drunk driver can really ruin Aunt May's wedding pics.
  • 1 Hide
    Anonymous , May 4, 2012 9:24 AM
    Link to Paper?
  • 1 Hide
    Anonymous , May 4, 2012 10:01 AM
    "Side-channel attacks are frequently timing storage transactions and are measuring the power use of a systems to make conclusions of a system's activity and ultimately open a door to critical data."

    This sentence makes no sense.
  • 5 Hide
    Onus , May 4, 2012 10:19 AM
    Perhaps the cloud has its place. Perhaps. Handling mission critical and/or sensitive data is definitely not among them.
  • 7 Hide
    drwho1 , May 4, 2012 11:48 AM
    I have said many times, I will never use the "cloud".
    I prefer to have MY files on MY own computer

    Sharing between my other computers?
    that's what home networks are for.

    Sharing on the road?
    That's why my notebook is for, simply copy/transfer anything that I need on the go.

    Is secure and Free.
  • 0 Hide
    g00fysmiley , May 4, 2012 12:32 PM
    I'm surprised at the numebr of people here on a tech site not embracing new tech. I plan on storing my own data on my own drives to, but I have some photos and pdf's saved in my email accounts as backups. I have a usb 1tb drive used for some file backups but in case those fail some pictures of family and things I've written that I dont' want to lose I see no reason not to keep it stored on a third soarce esp when it is free. I don't really have much sensative data but I will agree that I wouldn't keep like my tax retun info on a cloud but for some nonsensative data I like the extra level of redundancy
  • 3 Hide
    velocityg4 , May 4, 2012 2:02 PM
    g00fysmileyI'm surprised at the numebr of people here on a tech site not embracing new tech. I plan on storing my own data on my own drives to, but I have some photos and pdf's saved in my email accounts as backups. I have a usb 1tb drive used for some file backups but in case those fail some pictures of family and things I've written that I dont' want to lose I see no reason not to keep it stored on a third soarce esp when it is free. I don't really have much sensative data but I will agree that I wouldn't keep like my tax retun info on a cloud but for some nonsensative data I like the extra level of redundancy


    New tech does not mean good tech. The only way I'd consider cloud storage would be my own NAS also setup for cloud features. It's not like I worry about a company loosing my files.

    What I worry about is that those companies provide great big targets worth hundreds of millions of dollars or more in personal data. With legions of hackers salivating at the prospect of getting at that data. Those data centers are constantly under attack. With all the high profile security breaches by hackers in the news. You know it is only a matter of time until a single hacker or a dedicated group slips by undetected. Then they can just sift through the data gorging on the personal information of millions upon millions of people. Such as that data kept by Turbotax, Quicken and Quickbooks.

    While some small home NAS offering private cloud storage is more secure. Sure it doesn't provide the massive levels of security that cloud providers too. It also isn't a target. It is too small and insignificant to look for, track down, and spend time defeating its security.
  • 3 Hide
    willard , May 4, 2012 7:37 PM
    Being a paranoid freak, I still don't trust cloud services. I prefer to have my data in my hands, not in the hands of some company that may or may not be following security best practices and keeping their systems patched.

    I'd love to see somebody hack my stack of encrypted drives sitting in my fire safe. I know they should be off site, but I'm pretty confident that, barring the total destruction of my apartment building or some really, really determined thieves, those disks are safe.
  • 2 Hide
    f-14 , May 5, 2012 12:58 AM
    Quote:
    Side-channel attacks are considered by many computer security experts as one of the greatest security risks in cloud computing.

    guess they do not consider take down orders a threat or an attack. cloud computing will be the end all to MPAA/RIAA claims as millions will break the law every day or it will mark the end of the cloud as it's not worthy of anything when the MPAA/RIAA pressure the FBI into taking down every 'megaupload' cloud.
  • 0 Hide
    hoofhearted , May 8, 2012 2:10 PM
    As long as I have access to my own power switch and my own RJ45 cables (and the ability to pull them), I will feel secure.