| Details |
Computer programmers like to think of computers as abstract, idealized machines that only obey the laws of logic. Making computers secure is already difficult enough under this assumption because of ubiquitous and subtle bugs and the difficulties of user interface.
But at least a dozen papers in the last five years have pointed to another kind of problem: computers are actually physical objects with complicated and sometimes surprising physical properties. Their processors, monitors, and keyboards make noise; they emit light; they transmit radio waves; their circuits produce side effects and undocumented behavior. These effects are not random, but actively leak communications. Data physically persists in storage media when users think it has been erased. Simply photographing objects -- from house keys to blank paper -- captures sensitive information.
Studying computers and communications media as physical objects produces a range of surprising attacks on security, particularly unexpected because of the ways they break familiar abstractions about how computers are supposed to work. Just as natural science finds clever methods and instruments to make nature give up its secrets, security research is discovering unanticipated ways that information technology leaks confidential information. Militaries have worried about this for decades; now, even in openly published research, information security is discovering physics. I will survey interesting recent results, including the cold boot attacks I worked on last year, and consider where security is going.
Experience:
Seth Schoen has worked at the Electronic Frontier Foundation for seven years, helping other technologists understand the civil liberties implications of their work, EFF staff better understand the underlying technology related to EFF's legal work, and the public understand what the technology products they use really do. He previously worked at Linuxcare and AtreNet and interned at the National Energy Research Scientific Computing Center and Toronto Dominion Bank. He helped create the LNX-BBC live CD and has researched phenomena including laser printer forensic tracking codes, ISP packet spoofing, and key recovery from computer RAM after a computer has been turned off. |
