Columbia Technology Ventures

Timing obfuscation to prevent side channel attacks and improve computer security

Exploiting leaks in secondary information from secure computer systems in order to decipher encrypted information, so-called side channel attacks, are an increasingly common means to circumvent conventional computer security. The success of such attacks largely relies on knowledge of the timing of computational events. This technology prevents side channel attacks by obscuring timing information about specific program executions without compromising the performance of the computer system itself. As such, this technology provides a general method to prevent a broad spectrum of side channel attacks that does not impact system performance and does not require preexisting knowledge of vulnerability in the system.

Addressing the core mechanism of side channel attacks efficiently and effectively improves security

Conventional strategies to thwart side channel attacks often only addressed certain sub-types of attacks and required knowledge of a vulnerability in the system in order implement them. Thus, the design and maintenance of a secure system was a time-intensive process involving iterative trial and error testing. This technology addresses the core mechanism of side channel attacks by adding random delays of a few nanoseconds in length to computational processes monitored by attackers. Obfuscation at such a fundamental level prevents attacks based on discovering a pattern in the timing of computational events, streamlining the design of secure systems. Moreover the random delays are short enough that the speed and performance of most functions for authorized users are not negatively impacted. Functions such as browsing the internet, installing and executing programs, or using flash were not impacted by installing this technology on a computer system. Furthermore this technology is compatible with multiple operating systems such as Ubuntu and Windows XP.

Lead Inventor:

Simha Sethumadhavan, Ph.D..

Applications:

  • Security for personal computers.
  • Security for distributed systems such as cloud computing.
  • Protection for consumer data, particularly credit card transactions.

Advantages:

  • Easy to implement over a wide variety of systems
  • Addresses a wide variety of attack types by countering the core mechanism of timing-based attacks
  • Does not effect the speed and performance of the system for authorized users

Patent information:

Patent Issued

Tech Ventures Reference: IR CU12252

Related Publications:

R. Martin, J. Demme, S. Sethumadhavan. TimeWarp: Rethinking Timekeeping and Performance Monitoring Mechanisms to Mitigate Side-Channel Attacks. ACM SIGARCH Computer Architecture News - ISCA '12 Volume 40 Issue 3, June 2012 pp. 118-129