May 3, 2012
How To Thwart Hackers
Lee Rannals for RedOrbit.com
Researchers have developed a new technique that will be able to keep hackers from stealing a computer's secrets.
Hackers have become an increasing problem for keeping personal information secure from cybertheft, but Shafi Goldwasser, the RSA Professor of Electrical Engineering and Computer Science at MIT, and her former student Guy Rothblum believe they have a solution for the growing threat.
Goldwasser says the technique could protect devices that use propriety algorithms, so hackers will be unable to reverse-engineer the machines.
The researchers´ technique obscures the computational details of a program, whether it is running on a personal computer or a server. The system converts a given computation into a sequence of smaller computational models, according to an MIT statement.
Data that is fed into the first module is encrypted, and at no point during the module's execution is it decrypted. The encrypted output of the first module is fed into the second model, which encrypts in a different way.
The encryption schemes and modules are devised so that the output of the final module is the same as the output of the original computation.
The researchers said a side-channel attacker is able to extract information about how the data in any given module is encrypted, but that would not allow him to determine what the sequence of modules do.
“The adversary can take measurements of each module,” Goldwasser said, “but they can´t learn anything more than they could from a black box.”
The team described in a report about the technique posted on the website Electronic Colloquium on Computational Complexity, a type of program that takes code written in a form that can be read by humans, and converts it into the low-level instruction that can be read by a computer.
They said the computational modules are an abstraction, as in the instruction that inaugurates a new module does not look differently than the instruction that resorted from the last one.
Nigel Smart, a professor of cryptology in the computer science department at the University of Bristol, said in the press release that the danger of the side-channel attacks has been known for 20 years.
“There´s a lot of engineering that was done to try to prevent this from being a problem,” Smart said in a press release, “a huge amount of engineering work. This is a megabucks industry.” Much of that work, however, has relied on trial and error, Smart says. Goldwasser and Rothblum´s study, on the other hand, “is a much more foundational study, looking at really foundational, deep questions about what is possible.”
He said previous work on side-channel attacks focused on the threat posed to handheld devices like smartphones.
“It would seem to me that the stuff that is more likely to take off in the long run is the stuff that´s talking about servers,” Smart said in a press release. “I don´t know anyone else outside MIT who´s looking at that.”
Smart said the work of the MIT researchers is not likely to yield practical applications in the near future though.
“In security, and especially cryptography, it takes a long time to go from an academic idea to something that´s actually used in the real world,” Smart said in the release. “They´re looking at what could be possible in 10, 20 years´ time.”