Security of cloud computing

There is not a lot of doubt that cloud computing is the next frontier. Unfortunately, like for Far West, Cloud Computing will be in its early days a territory where the security may be weak (euphemism :Wink: ).

Already, a lot of effort is placed on analyzing the threats and finding solutions. In this trend, there is an interesting approach proposed by Thomas RISTENPART, Eran TROMER, Hovav SHACHAM and Stefan SAVAGE in their paper “Hey, You, Get off of My Cloud“. They discovered that a same server may run Virtual Machines (VM) for different customers. The goal of their attack was to plant a malicious VM on the same server than the target. Then, by measuring several parameters such as cache usage, or estimated traffic rates, they should be able to infer some information. In other words, a side channel attack.

Obviously the most questionable point is the first one. It has two assumptions:

  • – Being able to co-reside on a server with the target. A complete section (number 7) proposes different strategies to succeed on Amazon’s EC2.
  • – being able to implement a malicious VM for instance through existing vulnerability. This one seems even more questionable.

I am not sure that the disclosed attack is more than a nice theoretical play. Nevertheless, it has the advantage to rise many interesting questions. I’m sure that side channel attacks on cloud computing will become a very thrilling domain of exploration.

The paper was presented at CCS’09. Thomson was sponsor of one the hosted workshop (ACM DRM workshop 09)

Smart cards, Tokens, Security and Applications

This book (Springer 2008), by Keith Mayes and Konstantinos Markantonakis (editors), provides an overview of secure chips and their applications. It mainly focuses on two types of tokens: contact and contactless. Excepted a brief introduction to Trusted Platform Modules (TPM), the book does not detail embedded IC or Hardware Secure Modules (HSM). The book depicts the major operating systems and environments (Java Card, Global Platform, MultOS…) and describes in details the application development environments for Java and SIM toolkit. The book explores different fields of application: mobile, banking, Pay TV and ID cards. A special focus is given to the mobile applications.

In my mind, smart card is strongly associated to security. Security is the absent one from this book. The book never speaks about the hacks. In the contactless field, often the transport cards are cited. Never the recent hacks have been cited. In the ID cards, never the recent problems of passports have been disclosed.

Should you read it? If you are looking for a basic introduction to smart cards, this may be one of the references to read. Thus, it may interest non-security students, people who want to have a first level of understanding, journalists… If you are looking for a good understanding of one of the domains of use of smart cards, then look for a more specialized book. If you are a security expert, definitively this book is not for you.

A more complete review is available on the IACR web site.

SF: Anathem: the book of the year?

Anathem, the last book of Neal Stephenson (september 2008) is a pure marvel. Neal Stephenson already wrote many best sellers. Snow Craft, French title “le samourai virtuel” described some foundations of cyber worlds. The noun metaverse has been created by Neal. The Cryptonomicon kept me in thrill all along the 900 pages. These are great geek books.

In “Anathem”, Neal sends us in another universe. On the planet Arbre, the avouts, some kind of scientists/monks, live isolated from the secular world in convents. The secular world fears the potential of science. The two worlds are carefully isolated. A young avout, Fraa Erasmas is ready to spend his full life of mathematician in his cloister. An event will change his destiny and the future of his planet.

I could not stop reading the 900 pages of the book. I wanted to know the end of this complex philosophical adventure: A mix of science fiction, philosophical treaty and initiatory road movie. As for Cryptonomicon, you’re enchanted. The last book that similarly enthralled me was Dan Simmons’ “Ilium” (and of course “Olympos”).
Bragelonne has purchased the rights for France. Nevertheless, I recommend French readers not to wait the French translation. They will loose many subtleties that only French speaker may find. Many neologisms inherit from French. Neal Stephenson either leaves in France or speaks French.

If you liked Asimov’s foundations, then you have to read Anathem. In any case, you should read it.

Calculators and DMCA

In my old times (end 70s), the first programmable calculators appeared: HP34 with inverted Polish notation (A twisted mindset needed!), and the TI57, TI 58 and overall the mythic TI59. It was the first programmable calculator with 1K RAM! And recordable magnetic strip, printer… The competitor was HP41C.

But one of the most funny part of these calculators was to discover their secrets, i.e., find ways to do things that they were not suppose to do or find hidden features. We exchanged and searched feverishly these tips.

The recent episode of Texas Instruments (TI) reminded me these glory days. (sniff). Hobbyists succeeded to install different OS on TI’s latest graphical calculators. The applications are normally signed. Hobbyists succeeded to reverse engineer the signing keys and published them on blogs. Thus, TI issued letters demanding the bloggers to remove the information due to DMCA violation.

Mid October 2009, Electronic Frontier Foundation (EFF) represented three persons who received such notifications. EFF claimed that DMCA allowed reverse engineering to create interoperable custom software like the program.

End of October, TI has dropped the threats against these persons. Nevertheless, it seems that TI continues to issue such letters to other bloggers.

I believe that some people have the compulsory need to “hack” in the Noble sense a system that they own. It is a intellectual challenge. It is usual in the game console domain and even in the mobile phone. Sometimes they have the blessing of the manufacturer (Sony and the PS3). More often, they do not have it (XBOX, Wii, DS, iPhone, …) The hobbyists are not driven by greed, they are driven by intellectual challenge. Unfortunately, sometimes their work is reused by pirates who are money driven.

Should a manufacturer fight back hobbyists? If their work endangers the business model of the manufacturer, then the answer is yes. Else, the answer is not Manichean. Many other parameters may be analyzed: safety, liability,…

Microsoft’s PIFF

Last month, Microsoft announced an important initiative for DRM interoperability. Within a larger announcement, they disclosed the Protected Interoperable File Format (PIFF). The media focused mainly on smooth streaming and SilverLight. But content protection community should be interested by PIFF.

In an nutshell, PIFF defines a file format with a list of supported codecs but above all (at least for security minded people) two mandatory AES based scrambling modes. The basic idea for interoperability is that the PIFF protected essence can use any system of DRM to protect the license. Provided they both have the scrambling key used to protect “Rambo 28”, merchant A and merchant B can sell it using different DRM. PIFF compliant device A with DRM A can play “Rambo 28” sold by merchant B with DRM B. Device A just needs to get license from merchant A. The essence, ie “Rambo 28”, remains the same.

Is it a new revolutionary approach? No. DVB embraced this approach for many years with simulcrypt. In 2004, Thomson proposed to standardize this layer of protection in the IST Medianet project.

Is it a good thing? YES. According to me, it is clearly the right approach. That a giant like Microsoft takes this path is huge. Furthermore, it is royalty free, which is wise from Microsoft to facilitate the adoption. Now, the condition of success is that there will be ONE unique such format. Would there be more than one, then it would decrease its impact.

Of course, we may expect that next generation of Windows DRM and Play Ready will support PIFF. Which DRM technology provider will be the next one?