Attack of the week: Cross-VM timing attacks (opens in new tab)

(blog.cryptographyengineering.com)

67 pointsstalled13y ago10 comments

10 comments

It may be because I'm cranky this evening but I found the author's sarcastic quips really fun to read.

On the content itself, it sounds like if you're not targeting a specific service, you could code this up and launch a few hundred c1.xlarge spot instances (larger instances => fewer neighbors) and just collect keys. Or am I totally underestimating the amount of manual work required post-processing?

gizmo68613y ago

The nature of this attack does require you to be targeting a specific piece of code (probably a library crypto function), however the manual processing would be no different if that code was running on a different service. The issue is that having a key is useless if you do not know what the key is for. You could probably use the same type of attack to get that information, but it would likely involve a great deal more manual labor because the data is not in a standard format. Also, given how cheep it is to run in parrallel with a target VM, it seems like it is more economical to pick a target anyway.

On an unrelated note, isn't the attack described in the paper not a timing attack because it gets the information by reading the cache instead of reading the clock?

papercruncher13y ago

Apologies if this is a dump question, but isn't it trivial to derive the public key if you have the private key? If so, couldn't an adversary just keep a list of public_key->service mappings and profit by casting a wider net?

1 more reply

jparyani13y ago

Does anyone know if Amazon ec2 instances would actually be vulnerable to this attack? For instances with dedicated cpu being promised (i.e. everything except micro), it seems reasonable that they'd be running Xen with processor affinity turned on, thereby preventing any attack exploiting L1 cache.

ComputerGuru13y ago

I guess the same attack could theoretically work for an L2 cache, though you'd need an exponentially larger amount of data collection to pull it off, with an even bigger margin of error?

jberryman13y ago

Amazingly cool, and nice writing. I tried to check out the paper linked at the bottom re. collocating an instance with a target VM but it's slow for me. Anyone know what the paper is?

What I'm curious about is if it would be possible to use a network of participating VMs on a public cloud to pass around messages untraceably from one party to another. Should certainly be easier to execute than the attack scenario they studied.

mjn13y ago

If you mean the paper linked as "slightly older research" (http://rump2009.cr.yp.to/8d9cebc9ad358331fcde611bf45f735d.pd...), it's slides from a talk entitled "Cross-VM Vulnerabilities in Cloud Computing" by Thomas Ristenpart, Eran Tromer, Stefan Savage, and Hovav Shacham, presented at Crypto'09's "rump session" (a session for short, amusing and/or late-breaking talks). Downloads slowly for me too, but eventually finishes (6mb pdf).

The following paper by the same authors, from a few months later, appears to be the published-paper version of that research, though, which is probably more useful: http://pages.cs.wisc.edu/~rist/papers/cloudsec.html

jberryman13y ago

Thanks a lot!

krickle13y ago

Website cannot be resized in a mobile browser.

j / k navigate · click thread line to collapse

10 comments

papercruncher13y ago

It may be because I'm cranky this evening but I found the author's sarcastic quips really fun to read.

gizmo68613y ago

On an unrelated note, isn't the attack described in the paper not a timing attack because it gets the information by reading the cache instead of reading the clock?

papercruncher13y ago

1 more reply

jparyani13y ago

ComputerGuru13y ago

I guess the same attack could theoretically work for an L2 cache, though you'd need an exponentially larger amount of data collection to pull it off, with an even bigger margin of error?

jberryman13y ago

Amazingly cool, and nice writing. I tried to check out the paper linked at the bottom re. collocating an instance with a target VM but it's slow for me. Anyone know what the paper is?

mjn13y ago

jberryman13y ago

Thanks a lot!

krickle13y ago

Website cannot be resized in a mobile browser.

j / k navigate · click thread line to collapse