Meltdown and Spectre – divide and conquer

Security experts recently revealed two computer flaws called Meltdown and Spectre, serious vulnerabilities that threaten data by targeting modern microprocessors. This blog post discusses cryptographic protection called Multi-Party Computation (MPC), a way of mitigating the attack vectors by distributing vulnerable data onto different servers, a so-called "divide and conquer" strategy.

One drawback of cloud computing is that multi-tenant systems offered by cloud service providers often expose crypto operations and keys in memory. The Meltdown vulnerability allows an unauthorized process to read data from any address that is mapped to the current process's memory space, allowing unwanted access to higher privileged parts of a computer's memory. Spectre, on the other hand, can steal data from the memory of other applications running on a machine. Both vulnerabilities allow attackers to snoop on application data. An attack might be launched by code executed in a browser or from a co-tenant on a cloud platform (IaaS/PaaS), allowing the attacker to gain access to confidential information. While such breaches can be catastrophic, at least these types of attacks will not allow attackers to compromise the integrity of the program under attack. In other words, these attacks are "read-only".

Multi-Party Computation (MPC) is a technology which allows users to compute on encrypted values. With MPC, cloud computing platforms can perform difficult computations on encrypted data without ever having access to the unencrypted data. A number of cloud servers can jointly compute any function without learning the inputs to the function. In this context the important point is that a single server does not have access to any private information. This means that attackers cannot execute a Meltdown or Spectre-based attack against an MPC system without successfully breaching multiple independent servers.

To understand how this works, consider that a fundamental property of MPC protocols is the built-in assumption that one or more of the servers in the joint computation may be unavailable or corrupt. This is the opposite of classical systems where all primary or secondary servers must be available and trusted in order for the computation to be correct. This is why MPC based systems can be more immune to specific Meltdown or Spectre attacks on one or more arbitrary servers. As long as the pre-determined number of servers (sometimes called the "threshold") are available and honest, the computation is (provably) still correct.

MPC protocols come in two main flavors: passive and active. Passive MPC protocols assume that the integrity of the program running on each server is upheld, even if confidentiality is compromised. On the other hand, active protocols, allow the attacker to change the program on subverted servers without compromising the integrity of the running program. In short, active protocols offer better security, but they do so at the cost of speed.

Essentially this means that even equipped only with the weaker passive protocols, an MPC-based system offers protection against Meltdown and Spectre-based attacks through a divide and conquer strategy. In terms of MPC, Spectre and Meltdown are just passive attacks as they do not afford the attacker any way to change the behavior of the application under attack.

Of course, the mere knowledge of these attacks is likely to lead to derivatives which may also compromise integrity and availability. The good news is that many MPC systems come with active security, which means that they are also more likely to be future-proof for this kind of attack vector.