How to stop savvy hackers from stealing computer's secretsMay 2, 10:22 am
Washington, May 2 (ANI): In the last decade, cryptography researchers have shown that even the most secure-seeming computer is shockingly susceptible to attack. The time it takes a computer to store data in memory, fluctuations in its power consumption and even the noises it emits can betray information to a savvy assailant. Attacks that use such indirect sources of information are called side-channel attacks, and the increasing popularity of cloud computing makes them an even greater threat. An attacker would have to be pretty motivated to install a device in your wall to measure your computer's power consumption. But it's comparatively easy to load a bit of code on a server in the cloud and eavesdrop on other applications it's running.Fortunately, even as they've been researching side-channel attacks, cryptographers have also been investigating ways of stopping them. Shafi Goldwasser, the RSA Professor of Electrical Engineering and Computer Science at MIT, and her former student Guy Rothblum, who's now a researcher at Microsoft Research, recently posted a long report, describing a general approach to mitigating side-channel attacks. In addition to preventing attacks on private information, Goldwasser said, the technique could also protect devices that use proprietary algorithms so that they can't be reverse-engineered by pirates or market competitors.Today, when a personal computer is in use, it's usually running multiple programs - say, a word processor, a browser, a PDF viewer, maybe an email program or a spreadsheet program. All the programs are storing data in memory, but the laptop's operating system won't let any program look at the data stored by any other. The operating systems running on servers in the cloud are no different, but a malicious program could launch a side-channel attack simply by sending its own data to memory over and over again. From the time the data storage and retrieval takes, it can infer what the other programs are doing with remarkable accuracy.Goldwasser and Rothblum's technique obscures the computational details of a program, whether it's running on a laptop or a server. Their system converts a given computation into a sequence of smaller computational modules. Data fed into the first module is encrypted, and at no point during the module's execution is it decrypted. The still-encrypted output of the first module is fed into the second module, which encrypts it in yet a different way, and so on. The encryption schemes and the modules are devised so that the output of the final module is exactly the output of the original computation. But the operations performed by the individual modules are entirely different. A side-channel attacker could extract information about how the data in any given module is encrypted, but that won't let him deduce what the sequence of modules do as a whole. "The adversary can take measurements of each module," Goldwasser said, "but they can't learn anything more than they could from a black box."The report by Goldwasser and Rothblum describes a type of compiler, a program that takes code written in a form intelligible to humans and converts it into the low-level instruction intelligible to a computer. There, the computational modules are an abstraction: The instruction that inaugurates a new module looks no different from the instruction that concluded the last one. But in the recent paper, the modules are executed on different servers on a network.Goldwasser and Rothblum's study, "is a much more foundational study, looking at really foundational, deep questions about what is possible," Nigel Smart, a professor of cryptology in the computer science department at the University of Bristol in England said.Smart also said that previous work on side-channel attacks tended to focus on the threat posed to handheld devices, such as cellphones and smart cards. "It would seem to me that the stuff that is more likely to take off in the long run is the stuff that's talking about servers," Smart said. "I don't know anyone else outside MIT who's looking at that."Smart cautioned, however, that the work of Goldwasser and her colleagues is unlikely to yield practical applications in the near future. "In security, and especially cryptography, it takes a long time to go from an academic idea to something that's actually used in the real world," Smart said. "They're looking at what could be possible in 10, 20 years' time," Smart added.The report has been published on the website of the Electronic Colloquium on Computational Complexity. (ANI)
Turning off technology hours before bedtime promotes sound sleep May 24, 3:53 pm
New York, May 24 (ANI): Using your tablet or smartphone before bed can suppress quality sleep, thus putting you at risk for health problems, a new study suggests.Full Story »
Now, a radio that can change scripts depending on where you are May 24, 3:46 pm
London, May 24 (ANI): A concept device has been created by BBC where the script can get altered depending on factors like weather.Full Story »
Google to add Galapagos Islands to Street View May 24, 3:29 pm
Washington, May 24 (ANI): Google has gathered images of the beauty and biological diversity of the Galapagos Islands for use on its Street View.Full Story »
Information security firm and Manipal come together to bolster India's e-defence May 24, 1:37 pm
New Delhi, May 24 (ANI): In today's networked world, to bolster India's e-defence, a leading information technology firm has tied up with one of the leading universities of India to train young minds about different kinds of security solutions, and strengthen the nation in a different manner.Full Story »
- Google boss warns students against 'censorship of net' and 'digital ethnic cleansing'
- 3D printed object created using brain waves
- Flexible solar cells and displays may be possible with transparent electrode
- US officials say hypersonic weapons likely to hit battlefield by 2025
- Samsung creates furore after portraying men as 'stupid, dirty slobs'
- Majority of teenagers now flocking to Twitter as Facebook enthusiasm wanes: Study
- Baby's life saved with new 3-D printed device that restored his breathing
- Twitter beefs up security following recent hacking spate
- Facebook to revise violent content 'at all levels'
- New antivirus, desktop security software to check future cyber attacks
TOP VIDEO STORIES