New program could foil hackers in the cloud
This year’s Black Hat Briefings get underway in Las Vegas in a few days, and GCN’s Bill Jackson will be there to chronicle the latest trends in hacking and cyber defense. In the meantime, here is a little hacking nightmare to wet your whistle.
Apparently, hackers have started to experiment with ways to exploit the cloud as a platform for their nefarious deeds. The MIT News explains how this works:
Imagine there are 100 computers attached to a cloud server. Each computer may be running normal programs such as word processors, data analysis tools or almost anything else common to office tasks. But one computer could be simply executing programs that allows it to spy on the other 99. Each time one of the 99 target computers does something, it gives the rogue system more of a chance to capture personal data. It's like a fly on the wall of the cloud. Given how many government agencies are jumping into the cloud, which is often outside their direct control, this is a troubling trend. You may simply not know who your neighbors are in the cloud, and they could be up to no good.
Some cloud providers have begun to encrypt their data, so that everything in transit and within the cloud is protected. So that makes it all safe, right? Not so fast, says MIT once again, as the pattern and timing of save and transmit functions can reveal a lot of personal information even with encrypted data. So long as your system is performing normally, a lot can be inferred by programs that know what patterns to search. And systems connected to the cloud tend to transmit a lot because programs aren't stored locally. A fly in the cloud ointment can again ruin everything in terms of security.
Keeping snoopers from figuring out what their government neighbors are up to requires that computers in the cloud mix in random functions along with all the real data they are processing and sending. MIT graduate students Ling Ren, Xiangyao Yu and Christopher Fletcher, and research scientist Marten van Dijk came up with a program called Ascend that does just that.
Ascend basically randomizes every address and node within a cloud. When data is sent to a node, it is also randomly sent to at least one other node, as sort of a cloud-based decoy. Someone trying to snoop the entire cloud would have a nearly impossible task trying to connect the dots between in-cloud connections and real-world systems commanding the data.
Timing attacks are also an increasing concern. The MIT scientists explain that a timing attack works when, in their example, the police are comparing a surveillance photo of a suspect to random photos on the Web. The surveillance photo is likely going to be encrypted, but the Web photos aren’t protected. By seeing how long it takes the cloud to compute each public photo, inferences about the encrypted data can be guessed. If the cloud computer takes a longer time with certain photos, then it's likely that they are similar to the encrypted on one and require more time to check out. Ascend compensates for this by sending random requests to memory even if nothing is needed. Apparently, all these dummy requests are optimized so that the entire cloud isn't bogged down by fake data.
Ascend is still being worked on, but the dangers in the cloud are likely real. If researchers at MIT can figure out ways to protect the cloud, you can bet quite a few bad guys also know of the vulnerabilities, and may already be spying right now. I'm sure we’ll hear of other nightmare scenarios from Black Hat, but stuff like this should already be keeping agency security folks from sleeping too soundly.
Posted on Jul 26, 2013 at 7:50 AM