Secure computers aren't so secure

October 30, 2009 by Larry Hardesty
Secure computers aren't so secure

( -- Even well-defended computers can leak shocking amounts of private data. MIT researchers seek out exotic attacks in order to shut them down.

You may update your antivirus software religiously, immediately download all new Windows security patches, and refuse to click any e-mail links ostensibly sent by your bank, but even if your computer is running exactly the way it’s supposed to, a motivated attacker can still glean a shocking amount of private information from it. The time it takes to store data in memory, fluctuations in , even the sounds your computer makes can betray its secrets. MIT researchers centered at the Computer Science and Lab’s Cryptography and Information Security Group (CIS) study such subtle security holes and how to close them.

In 2005, Eran Tromer, now a postdoc at CIS, and colleagues at the Weizmann Institute in Rehovot, Israel, showed that without any breach of security in the ordinary sense, a seemingly harmless computer program could eavesdrop on other programs and steal the type of secret cryptographic key used by one of the most common Internet encryption schemes. Armed with the key, an attacker could steal a computer user’s credit card number, bank account password — whatever the encryption scheme was invoked to protect.

Computer operating systems are supposed to prevent any given program from looking at the data stored by another. But when two programs are running at the same time, they sometimes end up sharing the same cache — a small allotment of high-speed memory where the operating system stores frequently used information. Tromer and his colleagues showed that simply by measuring how long it took to store data at a number of different cache locations, a could determine how frequently a cryptographic system was using those same locations. “The memory access patterns — that is, which memory addresses are accessed — are heavily influenced by the specific secret key being used in that operation,” Tromer says. “We demonstrated a concise and efficient procedure for learning the secret keys given just this crude information about the memory access patterns.” Complete extraction of the private key, Tromer says, “takes merely seconds, and the measurements that are needed, of the actual cryptographic process being attacked, can be carried out in milliseconds.”

The encryption system that Tromer was attacking, called AES, was particularly vulnerable because it used tables of precalculated values as a computational short cut, so that encoding and decoding messages wouldn’t be prohibitively time consuming. Since Tromer and his colleagues published their results, Intel has added hardware support for AES to its chips, so that Internet encryption software won’t have to rely on such “lookup tables.”

In a statement, Intel told the MIT News Office that its decision “was mainly motivated by the performance/efficiency benefits achieved,” but that “in addition, there is a potential security benefit since these new instructions can mitigate the possibility of software side channel attacks on AES that have been described in research papers, including those discovered by Tromer, Percival, and Bernstein.”

“I think it’s fair to say that it’s a direct response to the cache-timing attacks against AES,” Pankaj Rohatgi, director of hardware security at the data security firm Cryptography Research, says of Intel’s move.

Together with CIS cofounder Ron Rivest and CSAIL’s Saman Amarasinghe, Tromer is trying to develop further techniques for thwarting cache attacks by disrupting the correlations between keys and memory access patterns. A couple weeks ago, at the Association for Computing Machinery’s Symposium on Principles, the researchers announced that they had a “proof-of-concept prototype” of a defense system, but they plan to continue testing and refining it before publishing any papers.

Tromer has also been investigating whether cloud computing — the subcontracting of computational tasks to networked servers maintained by companies like Amazon and Google — is susceptible to cache attacks. Many web sites rely on cloud computing to handle sudden surges in their popularity: renting added server space for a few hours at a time can be much cheaper than maintaining large banks of proprietary servers that frequently stand idle.

The word “cloud” is supposed to suggest that this vast agglomeration of computing power is amorphous and constantly shifting, but Tromer and colleagues at the University of California, San Diego, were able to load their eavesdropping software onto precisely the same servers that were hosting websites they’d targeted in advance. In part, their approach involved spreading their software across a number of servers, then assailing a targeted website with traffic. By spying on the caches of the servers hosting their software, they could determine which were also trying to keep pace with their fake traffic spikes. Once they’d identified the target site’s servers, they could use cache monitoring to try to steal secrets.

“Imagine a stock broker that specializes in a specific company,” Tromer says. “If you observe that his virtual machine is particularly active, that could be valuable information. Or you may want to know how popular your competitors’ website is. We’ve actually demonstrated that we can very robustly estimate web server popularity.”

“This has sparked the imagination of both the research community and industry,” Rohatgi says. “I interact with a lot of people in industry, and when they say, ‘Give me the technical basis for this,’ I point to [Tromer and colleagues’] papers.”

Finally, Tromer is continuing work he began as a graduate student, on the use of a “hundred-dollar commodity microphone” to record the very sounds emitted by a computer and analyze them for information about cryptographic keys. So far, Tromer hasn’t been able to demonstrate complete key extraction, but he believes he’s getting close.

Any information at all about a ’s internal workings “is actually fairly damaging,” Rohatgi says. “In some sense, some of these cryptographic algorithms are fairly brittle, and with a little extra information, you can break them.”

Provided by Massachusetts Institute of Technology (news : web)

Explore further: How to Protect Your Web Server from Attacks

Related Stories

How to Protect Your Web Server from Attacks

October 11, 2007

The National Institute of Standards and Technology has released a new publication that provides detailed tips on how to make web servers more resistant to potential attacks. Called “Guidelines on Securing Public Web Servers,” ...

Security loophole found in Windows operating system

November 12, 2007

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.

New computer architecture aids emergency response

October 31, 2007

Princeton researchers have invented a computer architecture that enables the secure transmission of crucial rescue information to first responders during events such as natural disasters, fires or terrorist attacks.

Researchers devise new method for protecting private data

April 18, 2008

Companies and organizations that keep sensitive personal information on millions of Americans have become attractive targets for hackers in recent years, resulting in billions of dollars in losses for U.S. businesses and ...

Recommended for you

Europe's first 'eTree' puts down roots in central France

May 29, 2017

A solar tree with giant square leaves that convert sunlight into electricity was unveiled in the central French town of Nevers on Monday, allowing passers-by to charge their phones, surf the internet... or just enjoy the ...

Chinese fans trash blackout as Google AI wins again

May 25, 2017

Chinese netizens fumed Thursday over a government ban on live coverage of Google algorithm AlphaGo's battle with the world's top Go player, as the programme clinched their three-match series in the ancient board game.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Oct 30, 2009
Those are some of the most clever attacks I've heard about, however I find it extremely unlikely that one can actually get a cryptographic key just by recording and analyzing the sound of the machine.

Unless what is meant is the sound of the actual typing which includes typing the key, then perhaps it would work as there is a characteristic delay between various pairs of key presses. However a program tasked with it would require lots of data to train and even then it might not be able to get all of the key though possibly enough to brute force the rest.
not rated yet Oct 30, 2009
Fascinating methodology... tho hardly surprising, any well-motivated [funded] attack can circumvent most computer security systems. The only fully secure system is one which is physically very secure, isn't connected to any other systems and only runs certified software. This precludes most ordinary systems used for everyday purposes, from web servers to PC's to PDA's to smart- and bank-cards. Fortunately for those of us with reasonably well-protected ordinary systems, the effort required to compromise the security far exceeds the likely rewards of doing so. In my experience, the majority of successful attacks result from user ignorance (or stupidity) - hard to see how we'll ever successfully control that channel.
not rated yet Oct 31, 2009
As my sister was always fond of saying, the only safe computer is one that's turned off, unplugged, and locked in a safe...... and she wasn't confident even that would do it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.