Microprocessor designers realize security must be a primary concern

A dedicated observer could, for instance, notice that your home’s lights go on and off at a particular times each workday and infer your family’s work schedules. This sort of indirect approach, using an apparently harmless type of data to infer a useful conclusion, is often called a “side-channel attack.” These vulnerabilities are particularly significant because they exploit weaknesses designers didn’t think to secure – and may not have thought of at all. Also, attacks like this are hardware problems, so they cannot be easily patched with a software update.

Security researchers have found that certain types of internet traffic, temperature changes, radio emissions or electricity usage can provide similar clues to what electronic components are doing. These are external clues revealing information the home’s residents – or the device’s users – never intended to share. Even a little information can be enough to reveal important secrets such as users’ passwords.

Many – perhaps even most – of these information leaks are the accidental results of chip designers’ efforts to speed up processing. One example was the nearly universal practice of letting a piece of software read data from the computer’s memory before checking whether that program had permission to do so. As other commentators have pointed out, this is much like a security guard letting someone into a building while still checking their credentials.

Innovation as the solution
These are serious problems with no clear – or simple – answers, but I’m confident they’ll be solved. About fifteen years ago, the microprocessor architecture research community faced another seemingly insurmountable challenge and found solutions within a few years – just a few product generations.

At that time, the challenge was that the amount of power microchips consumed was climbing rapidly as components got ever smaller. That made cooling incredibly difficult. Dire charts were presented at major professional conferences comparing the problem of cooling microprocessors to the challenges of preventing nuclear reactors from overheating.

The industry responded by focusing on power consumption. It’s true that early designs that were more power efficient did computations more slowly than their power-hungry predecessors. But that was only because the initial focus was on redesigning basic functions to save power. It wasn’t long before researchers developed various processing shortcuts and tricks that accelerated performance even beyond what had been possible before.

Security principles
I anticipate a similar response to this newly understood security concern: A rapid response that temporarily degrades performance, followed by a return to normal processing speeds. However, the improvement in security may be harder to express clearly than, say, the amount of energy a system uses.

Security is based on a set of principles the designers must follow reliably. One principle could be, for instance, that software cannot read data from memory without permission. This is very hard to implement because at every level of the microprocessor and every place that data could reside, the architects would need to build in permissions checks. Just one mistake in just one circuit could leave the entire system vulnerable.

As the research community shifts its priority to security, there are several potential lines of inquiry already developing. One method could involve, as Princeton microchip engineer Ruby Lee suggests, inserting randomness into processing, offering observers timing, power and temperature values that – like setting a timer to turn your house lights on and off at random intervals while you’re away. But adding randomness would likely degrade a processor’s performance – unless researchers can find a way to avoid doing so.

Identifying and securing these newly identified hardware vulnerabilities and side-channels will be challenging, but the work is important – and a reminder that designers and architects must always think about other ways attackers might try to compromise computer systems.

Mark Hempstead is Associate Professor of Electrical and Computer Engineering, Tufts University. This article is published courtesy of The Conversation.