informa
4 min read
article

Researchers Devise Attack for Stealing Data During Homomorphic Encryption

A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.

Researchers at North Carolina State University have developed what they claim is the first successful side-channel attack on an emerging security technology called homomorphic encryption, which allows operations to be performed on encrypted data.

The technique will be presented on March 23 at the virtual DATE22 conference and involves a way to steal data even while it is in the process of being homomorphically encrypted. The lead author on the paper is Furkan Aydin, a doctoral student at NC State, and it was co-authored by three other researchers at the university.

Aydin Aysu, assistant professor at NC State's electrical and computer engineering department, likens the attack to lock-pickers in movies who listen to a safe to crack it. "We do the same on computer hardware," Aysu says. "We listen to the power consumption of a device as it computes some cryptographic operations. ... Thereby, we can infer the actual computations going on."

Homomorphic encryption is an approach that was developed several years ago to, among other things, make it easier for organizations to store, use, and manage data securely in cloud environments. Unlike typical encryption methods, such as AES, homomorphic encryption allows for computing operations to be performed directly on encrypted data without the use of a secret key, according to an open consortium focused on developing standards around the technology.

It would allow an organization to store data securely in the cloud and perform analytics on the data without having to provide the cloud operator with access to the secret encryption key, or without having to download and operate on the data locally. "The cloud can directly operate on the encrypted data, and return only the encrypted result to the owner of the data," according to the consortium's description of the technology. "More complex application scenarios can involve multiple parties with private data that a third party can operate on, and return the result to one or more of the participants to be decrypted."

"Mostly in the Research Phase"

Despite the plethora of use cases for homomorphic encryption — including in areas such as data privacy and regulatory compliance — the technology is still some distance away from wide adoption, mainly because the algorithms are still relatively slow and have immense storage requirements. Homomorphic encryption is "not widely [used] compared to conventional systems," Aysu says. "It is mostly in the research phase and gearing toward practical implementations."

The attack technique that the researchers at NC State developed involves a vulnerability in a Microsoft implementation of fully homomorphic encryption called Microsoft Simple Encrypted Arithmetic Library (SEAL). Microsoft SEAL is a collection of encryption libraries for performing computing operations on encrypted data. The vulnerability, which the researchers have described as a "power-based side-channel leakage" is present in the SEAL homomorphic encryption library through version 3.6 of the technology, according to the researchers. It enables attackers to use a single power measurement from the device doing the encryption operations to extract data in plaintext while the data is being homomorphically encrypted.

The vulnerability allows attackers to listen to the machine doing the encryption and infer if a 0 bit is being processed or a 1 bit, Aysu says. "It's a few lines in the software code that give out the data being executed on the device," he says. "This information allows us to use some fancy equations and figure out the secret messages being encrypted in a homomorphic encryption scheme."

To pull off the attack, an adversary would need to be able to measure power consumption of the device. The means the attacker would either need to be co-located or have to ability to remotely monitor power consumption on the device, he says. 

An attacker wouldn't need to spend a whole lot of money or time to execute an attack via the vulnerability. The researchers at NC State, for instance, required equipment costing less than $1,000 and about an hour at most to execute the attacks in practice, Aysu says. But the attacks are well beyond the capabilities of the average script kiddies, he says. "These are hard attacks to execute [that] need Ph.D.-level knowledge," to execute.

Aysu says that Microsoft is aware of the issue and has claimed newer versions of Microsoft SEAL are not affected.