cache timing

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Install your Windows Updates. Update your antivirus software. Scan your
system regularly. Keep religious backups. It's all good advice -- and
it's advice that I give to readers on a near-daily basis.

And maybe it's all meaningless.

MIT researchers are warning that it doesn't matter much what security
measures you take with your computer. If someone wants in, they're
getting in.

The latest concern/attack involves data "leakage," the idea that no
matter how secure your data might be in storage (even if it's
encrypted), once it's in actual use, it's fair game. One area of
research involves cached data: Say you decrypt your secret spreadsheet
outlining your plans for world domination and have it open on your
desktop. Other programs running in the background uses that same
working area (the cache) on the machine... and, coded properly, one
such program could relatively easily "steal" what else is going on in
the cache at that time.

A variation on such an attack has been used to break otherwise
rock-solid AES encryption keys. Called "cache timing," the attack
determines which specific portions of a computer's memory are used
during a decryption process, and can rebuild the key -- in seconds --
just by looking at the pattern of those memory accesses.

Up next: Researchers are investigating whether these attacks can be
applied to so-called cloud computing situations. It's one thing to get
a piece of malicious software installed on your personal computer
(where you might find it easily), but what if you're sharing time on a
server on the net? Attackers could run programs on shared servers that
watch the cache on that server for other people's data. Just watch for
busy servers and run your app when something good is going on, and
you're none the wiser... Kind of scary stuff. Read all the details on
MIT's news site.

How you feeling about your spyware security system now?


http://tech.yahoo.com/blogs/null/154264/all-your-computer-security-precautions-are-worthless /;_ylc=X3oDMTI1a210M2RpBFJfYWlkAwRSX2RtbgN5YWhvby5jb20EUl9maWQDYzZmMGRmYTY3ZWU3NzE5MjA4M2MyODIzMDViNDRmODIEUl9sdHADMQ--

--
“The more things change, the more they remain the same.” ~ Alphonse Karr

Re: cache timing



<snip>
Quoted text here. Click to load it

To work this does require that your machine has already been compromised.

<snip>

Quoted text here. Click to load it

Reasonably confident, but you should never be complacent.
--
Brian Cryer
www.cryer.co.uk/brian


Site Timeline