A Worcester Polytechnic Institute research team has confirmed that it managed to successfully extract cryptographic keys from the Cloud. According to a recently published paper, the team built upon previous work by Ristenpart, who demonstrated the viability of co-location and provided the first concrete evidence of sensitive information leakage on a commercial cloud.
“We show that co-location can be achieved and detected by monitoring the last level cache in public clouds,” the Worcester team explained in an article extract. “More significantly, we present a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a collocated instance.”
To be sure, the researchers targeted a recently patched Libgcrypt RSA implementation by mounting Cross-VM Prime and Probe cache attacks in combination with other tests to detect co-location in a cloud-based service. As a preparatory step, the team reversed engineered the unpublished nonlinear slice selection function for a leading server processor powering the cloud service, which significantly helped accelerate the attack.
After co-location was detected and verified, the researchers performed the Prime and Probe attack to recover noisy keys from a carefully monitored cloud service VM running the vulnerable libgcrypt library. The noisy data was subsequently processed, allowing the team to obtain the complete 2048-bit RSA key used during encryption.
This work, says the Worcester team, reaffirms privacy concerns and underlines the need for deploying stronger isolation techniques in public clouds. Chris Gori, a Technical Director at Rambus Cryptography Research concurred.
“Physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys,” Gori told Rambus Press. “This is true for enterprise servers and data centers, as well as mobile devices, PCs and SIM cards.”
As we’ve previously discussed, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.
Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.