Researchers have devised a new attack they say makes it possible for hackers to recover RSA decryption keys from Amazon Web Services elastic compute cloud (EC2) virtual machines.
A team of researchers at the Worcester Polytechnic Institute in Massachusetts, United States, focused on the central processing unit with a last-level cache (LLC) attack, and succeeded in obtaining the complete 2048-bit RSA key from an EC2 virtual machine [pdf].
This, the researchers believe, amounts to "the first work in literature to succeed in a full-blown key recovery attack on a recent cryptographic implementation in a commercial IaaS cloud".
A recently patched libgcrypt - an open source general-purpose crypto library - RSA implementation was targeted by the researchers with a cross-virtual machine prime and probe cache attack.
This takes advantage of certain limitations in protection for the fast memory caches used by modern processors, to glean what is being retrieved by victim systems.
"... last level caches are shared across [processor] cores and are a suitable covert channel for cross-core attacks," the researchers wrote.
Using novel methods such as instance clock decay, the researchers were able to overcome Amazon EC2 lines of defence such as hypervisor hardware obfuscation to detect co-located virtual machine instances.
They also worked out a hitherto undocumented non-linear slice selection algorithm in the Intel Xeon ES-2670 version two processors that Amazon mainly uses for its cloud infrastructure, and used it to adapt their spying process to accelerate the attack.
The researchers noted that cloud providers, hardware designers and software developers working together to improve protection against information leakage means the bar for such attacks "is quickly rising".
Libgcrypt, for instance, was patched in version 1.6.3, plugging one of the techniques the researchers used to leak information. Isolation last-level caches would also mitigate against co-location detection and cache side-channel attacks in the cloud, the researchers wrote.
Not being on the same physical machine as potential attackers - so called single-tenant instances - is also a valid counter measure against virtual machine information leakage.
Even as providers and developers continually improve security through advanced isolation techniques, the researchers said their work shows that resource sharing still poses a risk to public cloud customers if they do not follow best security practices.
"The cross-VM leakage is present in public clouds and can become a practical attack vector for both co-location detection and data theft," the researchers said.
Cloud customers have a responsibility to use the latest, improved software for cryptography, they stated. Providers should also revise tenant placement policies to prevent attackers from to co-locating with targeted users.
Update 29.9.15: Amazon provided a statement on the research:
"This research shows Amazon EC2 continues to strengthen its built-in, base level security measures, even when researchers perform complex attacks with extremely rare, unlikely pre-existing conditions and outdated 3rd party software. AWS customers using current software and following security best practices are not impacted by this situation," a spokesperson said.
"Further, a patched version of the open source software targeted by this research (Libgcrypt) is publicly available for Amazon EC2 customers via their operating systems' standard software update mechanisms or direct download from the Libgcrypt project page AWS encourages the reporting of any AWS security concerns to AWS Security."
.png&h=140&w=231&c=1&s=0)
