Hardware Trick Could Keep Cloud Data Safe

August 5, 2013 Off By David

Grazed from IEEE. Author: Davey Alba.

One thing is certain in this day and age: Somewhere out there, somebody wants your data. So how do you make sure all of it stays protected, especially now that ever more computing is done in the cloud? At MIT, researchers say they’ve designed a chip that solves this problem. They presented it last June at the International Symposium on Computer Architecture, in Tel Aviv. Dubbed Ascend, the component hides the way CPUs request information in cloud servers, making it immensely difficult for attackers to glean information about the data stored there. Such a hardware-reliant scheme is an unusual proposition in the realm of cloud security, which is dominated by software solutions.

The researchers assume that sensitive data on cloud servers is already encrypted—typically the first line of defense when it comes to data security. Ascend goes a step further, its designers say, by dealing with sneak attacks that can happen through various so-called side channels. In a side-channel attack, an observer measures things like computation time, memory traffic, and power consumption to infer the behavior of a program running on that hardware, and from that the watcher can glean some information…

According to Srinivas Devadas, a professor of computer science and electrical engineering at MIT who is part of the Ascend team, an attacker might examine requests made by a computer program to access certain “memory addresses”—specific numbers assigned to each of the bytes in a computer’s main memory that are arranged in a giant indexed array. When a computer is told to perform a process, the memory controller—acting as an intermediary between the main memory and the processor—reads an address and grabs the data corresponding to that memory address for the CPU to use. After the user does this multiple times for different pieces of encrypted data, the attacker is able to guess what the coded information actually holds. “If you’re searching on the Internet and looking at particular websites over and over, an observer can kind of tell what you’re interested in,” says Devadas…

CategoryNews

Securing data with Authentication as a Service in the cloud, mobile era

Cloud Computing 2013: What’s Next for Enterprises and ISVs