To protect our data and communication we must be doubly focused: one eye on emerging vulnerabilities, another on new, more secure forms and channels. On both fronts, the University of Adelaide’s vision is clear.
Sounding the alarm on Spectre, Meltdown and Foreshadow
Crisis averted. These two sobering words succinctly describe computer-chip manufacturers’ year in 2018. Three critical vulnerabilities were discovered in recent Intel processors’ architecture—two of which were echoed in other vendors’ technology—enabling them to be “patched” before any attacks could take place. “Spectre” and “Meltdown” were announced in January, followed by “Foreshadow” in August.
All had the potential to allow catastrophic data theft from millions of modern PCs, mobile phones and cloud servers; and all were uncovered by small groups of independent computer science researchers from just a handful of leading institutions and organisations around the world. On each occasion, the University of Adelaide was among them.
Dr Yuval Yarom, who leads security research in the University’s Centre for Distributed and Intelligent Technologies, co-authored all three papers announcing the flaws. The dangers, he says, were significant.
“Any one of them could’ve enabled unauthorised access to passwords, personal photos, emails, instant messages and other sensitive documents. But in the case of Foreshadow—and a variant called Foreshadow-NG, uncovered by Intel’s subsequent investigation into Foreshadow’s causes—there were even broader implications.”
Foreshadow attacks specifically undermine Intel processors’ SGX (Software Guard Extensions) feature, explains Yarom. Designed to be the chips’ most secure element, SGX allows programs to establish “secure enclaves”—regions sectioned off to run code that the computer’s operating system can’t access or change. This is intended to create a data “safe haven” that stays secure even if the rest of the computer’s compromised. Consequently, it’s used to house some extremely sensitive information.
“SGX can be used by developers to protect fingerprints used in biometric authentication, for example. It also contains the secret cryptographic ‘attestation keys’ that enable SGX’s internal integrity checks and prevent digital identity theft.”
Magnifying the Foreshadow threat, he adds, some other critical processor systems were also at risk.
“Foreshadow could also potentially break down the separation between virtual machines—distinct computing environments that share the same hardware, such as widely offered by cloud-computing companies.”
The best advice for consumers remains installing legitimate software updates in a timely manner. But Yarom’s hopeful his research, and that of his peers, will lead to fundamental industry advance. “Ultimately, I think our discoveries will lead to improved processor design and help prevent cybersecurity concerns like these resurfacing.”
Enabling “unhackable” long-distance quantum communication
Beyond the world of computer-chip microarchitecture, another important information security advance is being pursued at the University of Adelaide: absolutely secure long-distance communication.
Surprisingly, achieving the absolute-security part of the equation isn’t the challenge. Scientists have known for decades that when information is carried on photons, single particles of light, the laws of quantum mechanics ensure those photons cannot be observed without altering their states. So any “eavesdropping” presence can be immediately detected, and transmission aborted. They’ve also known how to send encrypted quantum messages, a process known as quantum key distribution, since the mid-1980s.
The hard part has been sending those messages any further than around 300km. Beyond that point, photons are highly susceptible to losing their information. Some success was achieved in China recently using satellite links, extending the range to around 1200km, but this method is vulnerable to atmospheric effects interfering with the signal.
To establish a rugged, ground-based quantum network, a “quantum internet”, a specialised repeater is needed to boost signals—and a research team in the University’s Institute for Photonics and Advanced Sensing is getting very close to creating one that could be integrated into existing fibre-based telecommunications networks.
“We’re combining novel atom-filled hollow-core fibres with state-of-the-art quantum information storage protocols to create a compact, robust and modular ‘quantum node’,” says lead researcher Dr Ben Sparkes. “It’s the core element required for an efficient quantum repeater.”
The use of atoms, taken from the metal rubidium, is critical. The atoms are able to absorb and localise incoming photons without losing their information. If managed correctly, they can then hold that quantum information intact for some time—longer if laser-cooled—before it continues its journey.
“Our team is one of only a handful in the world to have successfully loaded laser-cooled atoms into hollow-core fibre,” enthuses Sparkes. “Of those, we’ve loaded the most atoms in one fibre by around a factor of 10.”
Not surprisingly, there’s great interest in the field within the global defence sector. But as Sparkes points out, the benefits could be far more widespread than many realise. “It’s commonly accepted that high-powered quantum computers are on the horizon. And when they arrive they’re going to be able to effortlessly decipher the encryption systems we currently use to send our personal data around the world.
“An encryption code that might take current computers thousands of years to crack could easily be unravelled by an advanced quantum computer in less than half a day. It’s in all our interests to be prepared.”
Co-drafting world’s first legal framework for security in space
The law has historically responded slowly to issues surrounding digital information. Many believe we’re still yet to strike an acceptable balance between protecting individual privacy and supporting state security. But when it comes to information security in space, the University of Adelaide is working to put the world ahead of the curve.
Two senior University researchers are among five founding leaders in an international team drafting what will be the definitive document on military and security law as it applies to space: the “Woomera Manual on the International Law of Military Space Operations”.
Professor Dale Stephens, formerly of the Royal Australian Navy, directs the University’s Research Unit on Military Law and Ethics. Professor Melissa de Zwart is that unit’s deputy and Dean of the Adelaide Law School. Having recently collaborated to create an online course dealing with the law surrounding cyberwar and surveillance, the pair is relishing the opportunity to apply their deep interest and knowledge in the area to this globally significant project.
“We’re dependent on space-based communications and information systems for many day-to-day activities,” says de Zwart, “such as GPS navigation and Internet access. They also play critical defence roles. It’s imperative we have an agreed legal framework for these assets’ use and protection.”
The Woomera Manual team is consulting with governments worldwide, and organisations such as the UN, NATO and International Committee for the Red Cross. The document is expected to be completed in 2020.