[ISN] Virtual machine used to steal crypto keys from other VM on same server

From: InfoSec News <alerts_at_private>
Date: Wed, 7 Nov 2012 01:44:57 -0600 (CST)
http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/

By Dan Goodin
Ars Technica
Nov 6 2012

Piercing a key defense found in cloud environments such as Amazon's EC2 
service, scientists have devised a virtual machine that can extract 
private cryptographic keys stored on a separate virtual machine when it 
resides on the same piece of hardware.

The technique, unveiled in a research paper published by computer 
scientists from the University of North Carolina, the University of 
Wisconsin, and RSA Laboratories, took several hours to recover the 
private key for a 4096-bit ElGamal-generated public key using the 
libgcrypt v.1.5.0 cryptographic library. The attack relied on 
"side-channel analysis," in which attackers crack a private key by 
studying the electromagnetic emanations, data caches, or other 
manifestations of the targeted cryptographic system.

One of the chief selling points of virtual machines is their ability to 
run a variety of tasks on a single computer rather than relying on a 
separate machine to run each one. Adding to the allure, engineers have 
long praised the ability of virtual machines to isolate separate tasks, 
so one can't eavesdrop or tamper with the other. Relying on fine-grained 
access control mechanisms that allow each task to run in its own secure 
environment, virtual machines have long been considered a safer 
alternative for cloud services that cater to the rigorous security 
requirements of multiple customers.

"In this paper, we present the development and application of a cross-VM 
side-channel attack in exactly such an environment," the scientists 
wrote. "Like many attacks before, ours is an access-driven attack in 
which the attacker VM alternates execution with the victim VM and 
leverages processor caches to observe behavior of the victim."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Tue Nov 06 2012 - 23:44:57 PST

This archive was generated by hypermail 2.2.0 : Tue Nov 06 2012 - 23:45:38 PST