7 October 2015 – Thousands of cloud fanatics have descended on Las Vegas this week for Amazon Web Service’s re:Invent conference. One item that grabbed our attention was the announcement of a group of researchers from Massachussets who published a concept test which uses a failure in the AWS virtual machines to steal their RSA cryptographic passes. Nowadays the failure is already patched, but according to the researchers we really need to think more seriously about the security on the cloud.
The group of professors … at Worcester Polytechnic Institute … demonstrated in a recently published paper named “Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud,” a proof of concept hack of secret cryptography keys used in an AWS virtual machine. The now-patched flaw – which was not specific to AWS — showed that a hacker could theoretically gain a user’s secret keys that are used to encrypt sensitive data.
Security experts say the risk of this specific attack being used is quite low because the vulnerable encryption library has been patched. But, they say it does call into question security best practices in multi-tenant cloud environments. WPI researchers used what it commonly referred to as a “side-channel attack,” which allows a hacker to glean information from other users who share virtual machines on the same physical server.
Executing the attack is no simple matter however. It includes spinning up a virtual machine in AWS’s cloud (although this vulnerability could work in any virtualized environment) and running a test to see if other VMs using the same physical host are running a certain library – named Libgcrypt – for their RSA encryption (RSA the open source encryption algorithm, not the commercial product). Once researchers were able to identify a vulnerable library, they were able to use a cross-VM “Prime and Probe” technique to analyze the cache left on the Intel processor to collect a vast amount of information. The researchers were able to deduce the secret encryption key from the plethora of “noisy” information that comes along with the cache.
You can read the entire description of the attack methods and vulnerability via the link above. The impacted Libgcrypt library has been patched since February, preventing this specific attack from being executed again.
Yehuda Lindell, chief scientist and co-founder of security firm Dyadic – which has a product for protecting secret cryptography keys – says the vulnerability is extraordinarily sophisticated – on the verge of being “magic.” But he says but it proves the shortcomings, from a security perspective, of shared environments such as the cloud.
No comments yet... Be the first to leave a reply!