Defeating Side-Channel Attacks
There is an ongoing war in the computing world between the hackers and security researchers. The researchers make a new defense and the hackers create a new offense in response. The battle goes back and forth, always creating new and clever ideas. For example, side-channel attacks which indirectly steal information from a system.
While the ultimate goal of a hacker is to compromise the information on someone’s computer, there are built in systems that prevent this. For example, modern operating systems do not allow one program to access the memory storage of another. Side-channel attacks get around that defense though by taking advantage of it. Instead of trying to access the memory reserved for other programs, a side-channel attack constantly loads its own information into memory and records how long it takes. These data allow the hacker to infer what other programs are doing on the machine. Some side-channel attacks actually monitor the power draw of systems to determine the same information.
Researchers at MIT have devised a clever way to obscure what a program is doing by using multiple encryption methods. Instead of having a program just run a computation and output the results, the researchers break the computation up into smaller modules. The data passed to the first module is processed and encrypted, before being sent to the next module. The second module processes its input but does not decrypt the data. It also adds its own layer of encryption, but the final output is actually the unencrypted results of the original computation. Remember, side-channel attacks do not actually view the results of a computation, so the unencrypted output is still safe. The purpose of the encryption is to add a layer of processing which masks what is happening from the side-channel attack.
For the normal computer, this kind of protection is not greatly needed, but with cloud computing growing in popularity, it may be necessary for protection.