By connecting laptops and smartphones to enormous, remote computing banks, cloud computing gives us access to more processing power than could ever fit in any one of those devices, along with access to all our data and documents from anywhere in the world. The Achilles' heel is security: data that live in the cloud are vulnerable to hackers.
Solutions to two of the biggest vulnerabilities may be at hand, however. Researchers at the Massachusetts Institute of Technology say they have devised a way to protect servers against memory-access pattern-analysis hacks and timing attacks. The solution, in brief, is to install a chip they call Ascend that sends out a smokescreen of false information every time a server requests data from a remote source.
Even when data are encrypted, the way in which a computer stores and accesses that data—its memory-access patterns—can reveal unsettling private details. Suppose a person goes to Google Maps and asks it to find a driving route from Boston to Toronto. “By looking at the access pattern, an eavesdropper learns where you are, your route and your final destination,” says M.I.T. computer scientist Christopher Fletcher.
Cloud servers can also reveal secrets based on the amount of time they take to do certain computations. Imagine that a cloud server is asked to compare a surveillance photograph of a criminal suspect with random images on the Web. “The surveillance photo itself would be encrypted and thus secure from prying eyes, but spyware in the cloud could still deduce what public photos it was being compared with,” Fletcher says. The time the comparisons take could reveal something about the image of the criminal suspect. “Photos of obviously different people could be easy to rule out, but photos of very similar people might take longer to distinguish,” he explains.
These two types of attacks are especially dangerous because they are covert. The person on Google Maps and the people analyzing the criminal photograph get the same results that would have arisen if no one had been hacking the transactions. “They don't know that security has been compromised,” Fletcher says.
To protect against memory-access attacks, any time a server requests data from an address, it can request information from every address it knows. It could then throw away all the data except for the information it was seeking in the first place. The problem with this approach is pretty easy to see: it is far too time-consuming to be practical.
Ascend uses a more economical scheme. To start with, it assigns a piece of data it might look up to a random node in a network of data. When the processor requests data from a specific node in the network—for instance, an address in Toronto—it must send requests to all the other nodes in the network that are connected to it: nodes that contain addresses everywhere from Tampa to Timbuktu. An eavesdropper cannot tell which node the computer is looking for on any given path in the network. Ascend keeps this smokescreen robust by moving nodes around, too.
Ascend's method for protecting against timing attacks is simpler: it sends requests to a computer's memory at regular intervals, “even when the processor is busy and requires no new data,” Fletcher says. That way attackers cannot tell how long a computer is spending on any specific piece of data.
This security comes at a cost—Ascend would work at one-sixth the speed of conventional server chips that are running ordinary programs popular among users. “That's the difference between Google getting a response back to you at the speed it does now versus getting a response back several seconds later,” Fletcher says. The bigger drawback, at least for now, is that the chip exists only in theory. Fletcher and his colleagues detailed their chip architecture in June at the International Symposium on Computer Architecture in Tel Aviv, and they are building an Ascend chip now. They expect to finish the prototype in early 2015.