Defending hardware and data against malicious cyber attacks

The exposure this year of the Meltdown and Spectre flaws in computer processors has given added urgency to the work of an EU-funded project to protect systems against 'side-channel' attacks.

Countries
Countries
  Algeria
  Argentina
  Australia
  Austria
  Bangladesh
  Belarus
  Belgium
  Benin
  Bolivia
  Bosnia and Herzegovina
  Brazil
  Bulgaria
  Burkina Faso
  Cambodia
  Cameroon
  Canada
  Cape Verde
  Chile
  China
  Colombia
  Costa Rica
  Croatia
  Cyprus
  Czechia
  Denmark
  Ecuador
  Egypt
  Estonia
  Ethiopia
  Faroe Islands
  Finland
  France
  French Polynesia
  Georgia

Countries
Countries
  Algeria
  Argentina
  Australia
  Austria
  Bangladesh
  Belarus
  Belgium
  Benin
  Bolivia
  Bosnia and Herzegovina
  Brazil
  Bulgaria
  Burkina Faso
  Cambodia
  Cameroon
  Canada
  Cape Verde
  Chile
  China
  Colombia
  Costa Rica
  Croatia
  Cyprus
  Czechia
  Denmark
  Ecuador
  Egypt
  Estonia
  Ethiopia
  Faroe Islands
  Finland
  France
  French Polynesia
  Georgia


  Infocentre

Published: 4 December 2018  
Related theme(s) and subtheme(s)
Frontier research (ERC)
Information societyInformation technology
Innovation
SMEs
Security
Countries involved in the project described in the article
Austria
Add to PDF "basket"

Defending hardware and data against malicious cyber attacks

Image

© #168805184 | Author: BillionPhotos.com, 2018 fotolia.com

We like to believe that passwords and security keys provide adequate protection for sensitive data, but there is now growing awareness of how computer security can be foiled by ‘side-channel’ attacks.

These attacks use information gleaned by, for example, analysing patterns of power consumption or timing behaviour to force a processor to disclose secret information such as passwords. The EU-funded SOPHIA project is aiming to address this challenge and work with manufacturers to keep vast amounts of data safe.

‘There has been a lot of research on cryptographic algorithms, but so far the research on how to secure processor systems as a whole against all types of side-channels has been very limited,’ says Stefan Mangard, who leads the project. ‘Our goal is to research how to build processors – and software for processors – that provide security even in the presence of side-channel attacks.

We want to ensure only authorised users can access their data and nobody else.’

Unexpected vulnerability

All kinds of processors are vulnerable, including those in smartphones, desktops, laptops and many other electronic devices as well as in the servers and data-storage centres that make up the internet.

Mangard’s team, at Graz University of Technology, Austria, was one of the groups that uncovered two new and unexpected hardware vulnerabilities in computer processors this year.

As a first step, SOPHIA had been exploring the susceptibility of current processors to side-channel attacks when the researchers stumbled across two vulnerabilities, now called Meltdown and Spectre, which allow a malicious program to steal data such as passwords from other programs running on the same machine.

They soon discovered the same problems had been identified by another team a few months earlier, and the joint discovery was made public in January 2018. The revelation shocked the computing industry and blew away the scepticism that Mangard had encountered in arguing for greater attention to be paid to the danger of side-channel attacks.

Proof of protection

‘We didn’t really expect that a side-effect could have such a huge impact that it can completely bypass the isolation mechanisms between the operating system and the users which are currently in place in all large processors,’ Mangard says. ‘It’s now clear this problem is not going away by itself and that we really need to work on it. It’s huge justification for the research we are doing.’

The team has achieved a second important result: a new method for defending hardware circuits against side-channel attacks that exploit patterns in power consumption. This introduces randomness into computations to prevent exploitable patterns from emerging. They have also devised a tool to formally prove that a circuit is protected from such attacks.

Mangard and his colleagues are in contact with manufacturers to ensure that the findings from SOPHIA are incorporated into the next generation of processors as early as possible.

‘There is still a lot of research ahead,’ he says. ‘Considering the economic impact of cyber-crime, the potential impact of our research is very large. The Meltdown and Spectre attacks that we published so far are additional motivation to dig deeper and find good mechanisms for securing processors and solving the problem. This is our main focus for the next few years.’

 

Project details

  • Project acronym: SOPHIA
  • Participants: Austria (Coordinator)
  • Project N°: 681402
  • Total costs: € 1 964 750
  • EU contribution: € 1 964 750
  • Duration: September 2016 to August 2021

See also

 

Convert article(s) to PDF

No article selected


loading


Search articles

Notes:
To restrict search results to articles in the Information Centre, i.e. this site, use this search box rather than the one at the top of the page.

After searching, you can expand the results to include the whole Research and Innovation web site, or another section of it, or all Europa, afterwards without searching again.

Please note that new content may take a few days to be indexed by the search engine and therefore to appear in the results.

Print Version
Share this article
See also
Project details