Worcester Polytechnic Institute

RAIN

nsf

Supported by NSF-CNS

Award number:#1318919.

RSA key recovery in Amazon EC2.

Cloud computing services are gaining popularity due to their reduced maintance cost, but they also imply resource sharing among many different users. This can pose security concerns when sensitive data is stored and used inside a VM. Among others, hardware covert channels are particularly dangerous, specially those who are shared by all the cores in the system. This is the case of the Last Level Cache, which can be exploited to recover private information.

 

2

Our work shows how to extract cryptographic keys across Virtual Machines that belong to different users. Utilizing the LLC as a covert channel we deduce whether two VMs are co-residing in the same server. Furthermore, we demonstrate the ability of stealing private information from a co-located vm by exploiting the same covert channel to recover a 2048 bit private RSA key. This implies that an unauthorized user can decrypt any information that has been sent to the victim that the key belongs to.

More information can be found in our publication accepted at CHES 2016.

Press Reactions:

http://arstechnica.com/security/2015/09/storing-secret-crypto-keys-in-the-amazon-cloud-new-attack-can-steal-them/

https://thestack.com/cloud/2015/10/02/aws-customer-crypto-keys-exposed-in-new-vulnerability/

http://www.networkworld.com/article/2989757/cloud-security/researchers-steal-secret-rsa-encryption-keys-in-amazon-s-cloud.html

http://www.darkreading.com/cloud/amazon-downplays-new-hack-for-stealing-crypto-keys-in-cloud/d/d-id/1322469

http://www.scmagazineuk.com/vulnerability-could-have-led-to-rsa-keys-being-stolen-in-aws/article/442689/

AES ATTACK USING LLC PRIME&PROBE.

The popular Prime & Probe cache attack was largely believed not to be applicable in the LLC due to its bigger size and the limitation on the information of the physical address. Thus, it was only applied in the L1 cache, implying the need of core co-location between attacker and victim. Prior attacks in the LLC further require deduplication, a feature usu
ally not enabled in public clouds.

huge_page

 

In this work we demonstrate the ability of implementing a Prime&Probe attack in the LLC without the need of memory deduplication. In particular, we show how can recover an AES cryptographic key from the LLC without sharing the data with the victim by making use of huge size pages. Huge size pages overcome the challenges presented by the virtual to physical memory translation. The new attack is applicable in any hypervisor, including those utilized in public clouds.

Presentation video:

 

For more information please see the accepted S&P2015 publication.

Cross Processor Cache Attacks.

LLC cache attacks have shown to be a powerful covert channel to retrieve information from within users co-located across cores using shared data. This is possible because the LLC is shared across cores and because it is inclusive, i.e., any data that resides in the upper level caches has also to reside in the LLC.

amd

We show that the inclusiveness is not the only fact that can make cache attacks work. In fact, we rely on the coherency protocol implemented by most of the processors to be able to handle shared data across cores and processors. We demonstrate the viability of implementing cache attacks utilizing knowledge of the cache coherency protocols. We show that these attacks are applicable in processors that had not been considered before, such as those featuring exclusive caches. Further, we show for the first time to be able to implement attacks across processors by recovering both AES and RSA keys.

For more information please see the accepted AsiaCCS2016 paper.

Fast Attack on AES Using Flush and Reload.

Many microarchitectural attacks on AES have been introduced by the community utilizing core private resources like the L1 cache. Although effective, these attacks require core co-residency with the victim and thus their applicability is limited. They also require the collection of many traces due to their poor resistance to noise.

dedup

This work presents the first cross core cache attack on AES utilizing the LLC as a covert channel. We present a novel attack approach utilizing the Flush and Reload cache attack with deduplication activated across attacker and victim. This is a popular feature in Operating Systems as Ubuntu and in hypervisors as KVM and VMware. We demonstrate the feasibility of our attack both in the same OS and across VMs. Thus, we not only present the most realistic but also the fastest microarchitectural attack recovering a 128 bit AES key.

After our attack, VMware decided to disable deduplication as a default feature. The explanation can be found here.

Presentation video:

 

More information can be found in our publication.

Publications


You can access our publications from here.

Grants/Awards