Skip to main content

Wait a Minute! A fast, Cross-VM Attack on AES

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8688)

Abstract

In cloud computing, efficiencies are reaped by resource sharing such as co-location of computation and deduplication of data. This work exploits resource sharing in virtualization software to build a powerful cache-based attack on AES. We demonstrate the vulnerability by mounting Cross-VM Flush+Reload cache attacks in VMware VMs to recover the keys of an AES implementation of OpenSSL 1.0.1 running inside the victim VM. Furthermore, the attack works in a realistic setting where different VMs are located on separate cores. The modified flush+reload attack we present, takes only in the order of seconds to minutes to succeed in a cross-VM setting. Therefore long term co-location, as required by other fine grain attacks in the literature, are not needed. The results of this study show that there is a great security risk to OpenSSL AES implementation running on VMware cloud services when the deduplication is not disabled.

Keywords

  • Cross-VM
  • memory deduplication
  • flush+reload
  • cache attacks

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-11379-1_15
  • Chapter length: 21 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-11379-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   84.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CFS Scheduler (April 2014), https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt

  2. Kernel Based Virtual Machine (April 2014), http://www.linux-kvm.org/page/Main_Page

  3. Kernel Samepage Merging (April 2014), http://kernelnewbies.org/Linux_2_6_32#head-d3f32e41df508090810388a57efce73f52660ccb/

  4. Acıiçmez, O.: Yet Another MicroArchitectural Attack: Exploiting I-Cache. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, CSAW 2007, pp. 11–18. ACM, New York (2007)

    Google Scholar 

  5. Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  6. Aly, H., ElGayyar, M.: Attacking AES Using Bernstein’s Attack on Modern Processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 127–139. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  7. Arcangeli, A., Eidus, I., Wright, C.: Increasing memory density by using KSM. In: Proceedings of the Linux Symposium, pp. 19–28 (2009)

    Google Scholar 

  8. Bernstein, D.J.: Cache-timing attacks on AES (2004), http://cr.yp.to/papers.html#cachetiming

  9. Bonneau, J., Mironov, I.: Cache-Collision Timing Attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  10. Brumley, D., Boneh, D.: Remote Timing Attacks are Practical. In: Proceedings of the 12th USENIX Security Symposium, pp. 1–14 (2003)

    Google Scholar 

  11. Daemen, J., Rijmen, V.: The Design of Rijndael. Springer (2002)

    Google Scholar 

  12. Eidus, I., Dickins, H.: How to use the Kernel Samepage Merging feature (November 2009), https://www.kernel.org/doc/Documentation/vm/ksm.txt

  13. Gullasch, D., Bangerter, E., Krenn, S.: Cache Games – Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE Symposium on Security and Privacy, pp. 490–505 (2011)

    Google Scholar 

  14. Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, p. 52. IEEE Computer Society, Washington, DC (1992)

    CrossRef  Google Scholar 

  15. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain Cross-VM Attacks on Xen and VMware are possible, https://eprint.iacr.org/2014/248.pdf

  16. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side Channel Cryptanalysis of Product Ciphers. J. Comput. Secur. 8(2,3), 141–158 (2000)

    Google Scholar 

  17. Neve, M.: Cache-based Vulnerabilities and SPAM analysis. Doctor thesis, UCL (2006)

    Google Scholar 

  18. National Institute of Standards and Technology. Advanced Encryption Standard. NIST FIPS PUB 197 (2001)

    Google Scholar 

  19. Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  20. Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel (2002)

    Google Scholar 

  21. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199–212. ACM, New York (2009)

    Google Scholar 

  22. Suzaki, K., Iijima, K., Toshiki, Y., Artho, C.: Implementation of a Memory Disclosure Attack on Memory Deduplication of Virtual Machines. Communications and Computer Sciences 96(1), 215–224 (2013)

    Google Scholar 

  23. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the Fourth European Workshop on System Security, p. 1. ACM (2011)

    Google Scholar 

  24. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Software side channel attack on memory deduplication. SOSP POSTER (2011)

    Google Scholar 

  25. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication

    Google Scholar 

  26. The OpenSSL Project. OpenSSL: The open source toolkit for SSL/TLS (April 2003), http://www.openssl.org

  27. Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  28. VMware. Understanding Memory Resource Management in VMware vSphere 5.0, http://www.vmware.com/files/pdf/mem_mgmt_perf_vsphere5.pdf

  29. Waldspurger, C.A.: Memory resource management in VMware ESX server. ACM SIGOPS Operating Systems Review 36(SI), 181–194 (2002)

    CrossRef  Google Scholar 

  30. Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 473–482. IEEE (2006)

    Google Scholar 

  31. Weiß, M., Heinz, B., Stumpf, F.: A Cache Timing Attack on AES in Virtualization Environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  32. Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack. Cryptology ePrint Archive, Report 2014/140 (2014), http://eprint.iacr.org/

  33. Yarom, Y., Falkner, K.E.: Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. IACR Cryptology ePrint Archive, 448 (2013)

    Google Scholar 

  34. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM Side Channels and Their Use to Extract Private Keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B. (2014). Wait a Minute! A fast, Cross-VM Attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11379-1_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11378-4

  • Online ISBN: 978-3-319-11379-1

  • eBook Packages: Computer ScienceComputer Science (R0)