Some of the attack vectors are obvious, such as the PCs, servers, and cloud services we increasingly rely on in our personal and professional lives. But we’re also dramatically increasing our use of other, less obvious tools like internet of things (IoT) devices and graphical processing units (GPUs) that we might not even consider when looking at our security footprint.
Today, a deal between Rambus and Nvidia to license the former’s security countermeasures is an example of how companies are working to keep these more hidden vulnerabilities protected, as Tom’s Hardware reports.
Related: DDoS attack on DNS servers causes major Internet blackout
The specific Rambus technology that has been licensed demonstrates just how complicated locking down a system can be. Nvidia GPUs are particularly good at things like artificial intelligence and other technologies where highly-efficient GPUs provide better performance than general purpose CPUs. Their increasing use in these sorts of systems increases the importance of making sure that they’re protected from more than just the obvious software exploits.
For example, electronic devices like GPUs offer up a number of “side-channels,” such as power consumption, that can be exploited by being measured, analyzed, and used to steal encryption keys. In response, Rambus developed Differential Power Analysis Workstations (DPAWS) to enable “an integrated suite of hardware and data visualization software to aid in the identification and understanding of vulnerabilities in cryptographic chips.”
In other words, licensing DPAWS will allow Nvidia to ensure that they can identify where their GPUs are leaking information that can be used to access systems and steal information. DPAWS will therefore serve as part of overall systems aimed at ensuring that Nvidia GPUs can avoid being an unseen vector for attack.
Neither company provided specific details on when the technology would be integrated into Nvidia’s product line. Nevertheless, it’s good news for Nvidia customers that the company is taking steps to avoid the kind of attacks that led to the IoT-led DDoS attack that resulted in a large-scale internet meltdown last week.