July 3, 2013
New Design Aims To Boost Cloud Computing Security And Encryption
redOrbit Staff & Wire Reports - Your Universe Online
Researchers at Massachusetts Institute of Technology (MIT) have come up with a new hardware design that improves data security in the cloud by disguising the cloud servers' memory-access patterns in a way that offers better data encryption.
Cloud computing offers users unprecedented processing power, but this comes with additional privacy concerns. For instance, a collection of cloud servers could be running applications for 1,000 customers simultaneously, but one of those applications might have no purpose other than spying on the other 999 - entirely unbeknownst to the hosting service.
Encryption could help solve such a problem, since data would only be decrypted when it is actually being processed, and the results of any computations would be re-encrypted before being sent off-chip.
However, in recent years it has become clear that even when a computer is handling encrypted data, its memory-access patterns - the frequency with which it stores and accesses data at different memory addresses - can reveal an alarming amount of private information.
The MIT researchers devised a new type of secure hardware component they named "Ascend," which disguises a server's memory-access patterns, making it impossible for a hacker to infer anything about the data being stored. The system also prevents timing attacks, which attempt to infer information based on the amount of time a computation takes to complete.
Similar designs to Ascend have been proposed in the past, but have typically involved too much computational overhead for security.
"This is the first time that any hardware design has been proposed - it hasn't been built yet - that would give you this level of security while only having about a factor of three or four overhead in performance," said Srini Devadas, Professor of Electrical Engineering and Computer Science at MIT, whose group developed the new system.
"People would have thought it would be a factor of 100," he said in an interview with MIT News.
Devadas said the "trivial way" of obscuring memory-access patterns would be to request data from every address in the memory - whether a memory chip or a hard drive - and discard everything except the data stored at the one address of interest. However, that would take too long to be practical.
Instead, Devadas and his team arranged memory addresses in a data structure known as a "tree." A family tree is a familiar example of a tree, in which each "node" (in this example, a person's name) is attached to only one node above it (the node representing the person's parents) but may connect to several nodes below it (the person's children).
With Ascend, addresses are randomly assigned to nodes. Every node lies along some "path," or route through the tree, that starts at the top and passes from node to node, without backtracking, until arriving at a node with no further connections. When the processor requires data from a particular address, it sends requests to all the addresses in a path that includes the one it's really after.
To prevent a hacker from inferring anything from sequences of memory access, every time Ascend accesses a particular memory address, it randomly swaps that address with one stored somewhere else in the tree. This means accessing a single address multiple times will very rarely require traversing the same path.
By confining the dummy requests to a single path, rather than sending them to every address in memory, Ascend exponentially reduces the amount of computation required to camouflage an address.
In a separate paper, the researchers prove that querying paths provide just as much security as querying every address in memory.
Ascend also protects against timing attacks. Take, for example, a computation outsourced to the cloud that includes the colossal task of comparing a surveillance photo of a criminal suspect to random photos on the Web. While the surveillance photo itself would be encrypted, spyware in the cloud could still infer the public photos to which the surveillance image was being compared. The length of time the comparisons took could also indicate something about the source photos, since images of obviously different people could be easy to rule out, while photos of similar people would likely longer to distinguish.
To address this issue, Ascend's memory-access scheme sends requests to memory at regular intervals, even when the processor is busy and requires no new data, so attackers can't tell how long any given computation is taking.
The researchers presented their design last month during the International Symposium on Computer Architecture in Israel.