Abstract
In cloud computing, efficiencies are reaped by resource sharing such as co-location of computation and deduplication of data. This work exploits resource sharing in virtualization software to build a powerful cache-based attack on AES. We demonstrate the vulnerability by mounting Cross-VM Flush+Reload cache attacks in VMware VMs to recover the keys of an AES implementation of OpenSSL 1.0.1 running inside the victim VM. Furthermore, the attack works in a realistic setting where different VMs are located on separate cores. The modified flush+reload attack we present, takes only in the order of seconds to minutes to succeed in a cross-VM setting. Therefore long term co-location, as required by other fine grain attacks in the literature, are not needed. The results of this study show that there is a great security risk to OpenSSL AES implementation running on VMware cloud services when the deduplication is not disabled.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CFS Scheduler (April 2014), https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt
Kernel Based Virtual Machine (April 2014), http://www.linux-kvm.org/page/Main_Page
Kernel Samepage Merging (April 2014), http://kernelnewbies.org/Linux_2_6_32#head-d3f32e41df508090810388a57efce73f52660ccb/
Acıiçmez, O.: Yet Another MicroArchitectural Attack: Exploiting I-Cache. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, CSAW 2007, pp. 11–18. ACM, New York (2007)
Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006)
Aly, H., ElGayyar, M.: Attacking AES Using Bernstein’s Attack on Modern Processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 127–139. Springer, Heidelberg (2013)
Arcangeli, A., Eidus, I., Wright, C.: Increasing memory density by using KSM. In: Proceedings of the Linux Symposium, pp. 19–28 (2009)
Bernstein, D.J.: Cache-timing attacks on AES (2004), http://cr.yp.to/papers.html#cachetiming
Bonneau, J., Mironov, I.: Cache-Collision Timing Attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)
Brumley, D., Boneh, D.: Remote Timing Attacks are Practical. In: Proceedings of the 12th USENIX Security Symposium, pp. 1–14 (2003)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer (2002)
Eidus, I., Dickins, H.: How to use the Kernel Samepage Merging feature (November 2009), https://www.kernel.org/doc/Documentation/vm/ksm.txt
Gullasch, D., Bangerter, E., Krenn, S.: Cache Games – Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE Symposium on Security and Privacy, pp. 490–505 (2011)
Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, p. 52. IEEE Computer Society, Washington, DC (1992)
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain Cross-VM Attacks on Xen and VMware are possible, https://eprint.iacr.org/2014/248.pdf
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side Channel Cryptanalysis of Product Ciphers. J. Comput. Secur. 8(2,3), 141–158 (2000)
Neve, M.: Cache-based Vulnerabilities and SPAM analysis. Doctor thesis, UCL (2006)
National Institute of Standards and Technology. Advanced Encryption Standard. NIST FIPS PUB 197 (2001)
Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel (2002)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199–212. ACM, New York (2009)
Suzaki, K., Iijima, K., Toshiki, Y., Artho, C.: Implementation of a Memory Disclosure Attack on Memory Deduplication of Virtual Machines. Communications and Computer Sciences 96(1), 215–224 (2013)
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the Fourth European Workshop on System Security, p. 1. ACM (2011)
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Software side channel attack on memory deduplication. SOSP POSTER (2011)
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication
The OpenSSL Project. OpenSSL: The open source toolkit for SSL/TLS (April 2003), http://www.openssl.org
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
VMware. Understanding Memory Resource Management in VMware vSphere 5.0, http://www.vmware.com/files/pdf/mem_mgmt_perf_vsphere5.pdf
Waldspurger, C.A.: Memory resource management in VMware ESX server. ACM SIGOPS Operating Systems Review 36(SI), 181–194 (2002)
Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 473–482. IEEE (2006)
Weiß, M., Heinz, B., Stumpf, F.: A Cache Timing Attack on AES in Virtualization Environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)
Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack. Cryptology ePrint Archive, Report 2014/140 (2014), http://eprint.iacr.org/
Yarom, Y., Falkner, K.E.: Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. IACR Cryptology ePrint Archive, 448 (2013)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM Side Channels and Their Use to Extract Private Keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B. (2014). Wait a Minute! A fast, Cross-VM Attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-11379-1_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11378-4
Online ISBN: 978-3-319-11379-1
eBook Packages: Computer ScienceComputer Science (R0)