Fine Grain Cross-VM Attacks on Xen and VMware

This work exposes vulnerabilities in virtualized cloud servers by mounting Cross-VM cache attacks in Xen and VMware VMs. We show for the first time that AES implementations in a number popular cryptographic libraries including Open SSL, Polar SSL and Libgcrypt have non-constant execution times and are vulnerable to Bernstein's correlation attack when run in Xen and VMware (bare metal version) VMs. We show that the vulnerability persists even if the VMs are running on different cores in the same machine. Experiments on Amazon EC2 and Google Compute Engine highlight the practical implications of the found vulnerability. The results of this study show that there remains a security risk to AES implementations of popular libraries and data encrypted under AES on popular cloud services.

[1]  Joseph Bonneau,et al.  Robust Final-Round Cache-Trace Attacks Against AES , 2006, IACR Cryptol. ePrint Arch..

[2]  Hovav Shacham,et al.  Are AES x86 cache timing attacks still feasible? , 2012, CCSW '12.

[3]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[4]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[6]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[7]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[8]  Cyrille Artho,et al.  Software Side Channel Attack on Memory Deduplication , 2011, SOSP 2011.

[9]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[10]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[11]  Benedikt Heinz,et al.  A Cache Timing Attack on AES in Virtualization Environments , 2012, Financial Cryptography.

[12]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[13]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[14]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[15]  Cyrille Artho,et al.  Memory deduplication as a threat to the guest OS , 2011, EUROSEC '11.

[16]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[17]  Le Xu Securing the Enterprise with Intel ® AES-NI , 2010 .

[18]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[19]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[20]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[21]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[22]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[23]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[24]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[25]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[26]  Cemal Yilmaz,et al.  An Approach for Isolating the Sources of Information Leakage Exploited in Cache-Based Side-Channel Attacks , 2013, 2013 IEEE Seventh International Conference on Software Security and Reliability Companion.