How Scientists Plan to Stop Nasty Side-Channel Attacks

Shafi Goldwasser at MIT and Guy Rothblum at Microsoft Research are proposing a technique that could alleviate the threat of such attacks, which often rely on an attacker being able to listen to the "noise" of computer processes. Side-channel attacks are frequently timing storage transactions and are measuring the power use of a systems to make conclusions of a system's activity and ultimately open a door to critical data.

According to Goldwasser and Rothblum, such an attack would only require a piece of code loaded on a cloud server, which could eavesdrop on the activity of applications. A side-channel attack is still a very sophisticated attack in secure server environments, as it would require a hacker to send code to the server's memory and back and use the measured time to draw conclusions when other programs are active. The researchers say that such an attack can reveal such data with "remarkable accuracy".

To mitigate the threat, the researchers suggest to obscure the activity of a program in which it writes and retrieves data from the memory. In a paper published by the Electronic Colloquium on Computational Complexity, they describe a method in which a computation is sliced into modules to create a computation sequence. Data that is transferred will be encrypted in stages and multiple ways using different encryption methods, but deliver decrypted output at the end of the chain that "is exactly the output of the original computation."

As a result, an attacker would be able to listen to each computational module, but he would not be able to draw conclusions of what the sequence looks like as whole or what it actually does.

“The adversary can take measurements of each module,” Goldwasser said, “but they can’t learn anything more than they could from a black box.”

The entire approach is based on the thought to make leaking data more secure. If found effective, the method could be implemented fairly easily as it does not require any changes to "secure" hardware components, the researchers said.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
13 comments
    Your comment
    Top Comments
  • memadmax
    Or, just avoid "cloud" like the plague....
    Too many tech noobs falling for this crap....

    If you are concerned with storage, get a 1TB hard drive and a stack of DVD's.... If you have that much crap, you might want to think about cleaning out your junk.....
    On the plus side, you don't have to pay monthly fees, your data will always be there, and it will be faster, no download wait times.........
    10
  • theconsolegamer
    PHUCK THE CLOUD. WHY WOULD I PAY SOMEBODY ELSE TO STORAGE MY SH!T? THAT'S RETARDED.
    10
  • Other Comments
  • dreadlokz
    I just like when it grows!
    Can't wait to get my personal cloud computer home server and my super fast devices =)
    -3
  • memadmax
    Or, just avoid "cloud" like the plague....
    Too many tech noobs falling for this crap....

    If you are concerned with storage, get a 1TB hard drive and a stack of DVD's.... If you have that much crap, you might want to think about cleaning out your junk.....
    On the plus side, you don't have to pay monthly fees, your data will always be there, and it will be faster, no download wait times.........
    10
  • theconsolegamer
    PHUCK THE CLOUD. WHY WOULD I PAY SOMEBODY ELSE TO STORAGE MY SH!T? THAT'S RETARDED.
    10