How can we maintain efficiency from resource sharing while keeping side channels secure?
In this InTechnology video, Camille talks with episode co-host Anders Fogh, a Fellow & Security Researcher at Intel, and guest Daniel Gruss, Associate Professor at Graz University of Technology. They get into side-channel attacks, challenges, key ways to manage them, and the impact of evolving landscapes like AI.
Managing the Intricate Balance Between Resource Sharing and Side-Channel Exploitation
The relationship between resource sharing and side-channel attacks presents a complex challenge. To begin, Anders emphasizes that sharing resources opens up the risk of data exposure and attacks through side channels. Stopping the use of shared resources may seem like an obvious answer. However, it is impractical and Daniel points out why. For one, he explains that some resources can be abstract but can have unforeseen interactions. To illustrate, Daniel recounts side shows where two computers in a room can infer that sensitive information has been sent out from the other computer by analyzing room temperature fluctuations caused by computational activities. Also, with computing demands projected to consume 20- 25% more energy by 2030, he explains that resource sharing will become even more critical, bringing up new side channels and security concerns. Thus, Anders and Daniel agree that side-channels cannot be completely cut off, but can be managed.
In managing side-channel attacks, Anders shares that restricting access is vital. The less control an attacker has, the less capable they are of figuring out what you’re doing. He also recommends other measures such as access control mechanisms, randomization, and noise disruption tactics. Daniel supplements this by discussing cryptographic techniques such as masking and hiding. Hiding involves increasing noise relative to the signal or reusing the signal relative to the noise floor to complicate attackers’ data extraction efforts. Conversely, masking divides the secret into multiple parts, rendering the information useless to attackers even if some data is leaked. Daniel notes that these measures cannot completely prevent attacks but can increase the difficulty and cost of side-channel attacks.
Securing for AI and Critical Infrastructure in Space
Further into the conversation, Camille explores what side channels mean for AI usage and the critical infrastructure in space. Daniel starts by highlighting past mistakes we are still making today. This includes the recurring pattern of mixing code and data within AI systems, particularly in cases where the user controls the commands and the data. On the other hand, Anders raises concerns about the dual-edged nature of AI’s enhanced bug detection capabilities which empowers not just the defender but also attackers. However, both Anders and Daniel agree that risks from AI systems are not significant as these systems are limited to identifying variations of vulnerabilities rather than completely new ones based on input fed into them. Citing Fuzzers as an example, Daniel points out that initially, the software works by changing the inputs or test cases of a program to uncover new vulnerabilities. However, over time, Fuzzers may not find as many bugs because they’ve already explored most of the possible areas for vulnerabilities.
For securing critical off-world infrastructure, Anders outlines two primary challenges. The first is safeguarding links to these systems to prevent unauthorized access. The second is addressing the adverse effects of space environments such as radiation on computing hardware. Daniel complements this by advocating for how reliability mechanisms in computers, like error-correcting codes, can also be used for security purposes. By approaching security with a mindset of assuming the worst-case scenario and calculating the probability of success for potential attacks, he believes that reliability mechanisms can be enhanced to better protect against both intentional attacks and unintentional errors.
Daniel Gruss, Associate Professor at the Graz University of Technology
Daniel Gruss is an Associate Professor at the Graz University of Technology. He is world-renowned for having implemented the first remote fault attack running on a website known as Rowhammer.js. In 2018, Daniel’s research team was one of the teams that found Spectre and Meltdown, known as some of the worst CPU loopholes ever found and exist in the vast majority of CPU architecture. His team also designed the software patch against meltdown, which is now integrated into virtually every operating system that exists. Daniel holds a Ph.D. in Computer Science from the Graz University of Technology.
Anders Fogh, Fellow & Security Researcher at Intel
Anders Fogh has been a Fellow and Security Researcher at Intel since 2021. He has been into software development since 1992 and is known for his innovation and development in information security, optical media including DVDs, and reverse engineering. Anders was the first to suggest a software-only solution to the infamous Row hammer hardware exploit. Other notable contributions include the first open-source packer, co-authoring the first public generic unpacker for executables in the Windows environment, and inventing the first copy protection for DVD video that can be applied to recordable media and was instrumental in the development of patented video encoding technology.
Check it out. For more information, previous podcasts, and full versions, visit our homepage.
To read more about cybersecurity topics, visit our blog.
#sidechannels #sidechannelattack #cybersecurity
The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.
—–
If you are interested in emerging threats, new technologies, or best tips and practices in cybersecurity, please follow the InTechnology podcast on your favorite podcast platforms: Apple Podcast and Spotify.
Follow our host Camille @morhardt.
Learn more about Intel Cybersecurity and Intel Compute Life Cycle (CLA).