Cache based Side Channel Attack on AES in Cloud Computing Environment

As Cloud services become more pervasive, works in the recent past have uncovered vulnerabilities unique to such systems. The use of virtualization to isolate computational tasks from ones carried out by adversaries that co-reside with it is growing rapidly. This trend has been precipitated by the failure of today’s operating systems to provide adequate isolation due to the growth of cloud facilities. Unlike mainstream computing, the infrastructure supporting a Cloud environment allows mutually distrusting customers to simultaneously access an underlying cache thus promoting a risk of information leakage across virtual machines via side channels. This paper attempts to set up a private cloud environment, demonstrates a cache based side channel attack and explores solutions to counterattack the same. An intense cache access pattern analysis is carried out, thus gathering information about the table lookup indices during one AES encryption to finally recover 128-bit full AES key.

[1]  Miroslav Zivkovic,et al.  Models and Guidelines for Dimensioning Private Clouds , 2013, 2013 IEEE Sixth International Conference on Cloud Computing.

[2]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[3]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[4]  F. Fakhar,et al.  Management of Symmetric Cryptographic Keys in cloud based environment , 2013, 2013 15th International Conference on Advanced Communications Technology (ICACT).

[5]  Mohammad Zulkernine,et al.  A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud , 2013, 2013 IEEE Sixth International Conference on Cloud Computing.

[6]  M. Bist,et al.  Comparing delta, open stack and Xen Cloud Platforms: A survey on open source IaaS , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[7]  Natarajan Meghanathan,et al.  Setting Up of a Cloud Cyber Infrastructure Using Xen Hypervisor , 2013, 2013 10th International Conference on Information Technology: New Generations.

[8]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[9]  Bernard L. Menezes,et al.  Challenges in Implementing Cache-Based Side Channel Attacks on Modern Processors , 2014, 2014 27th International Conference on VLSI Design and 2014 13th International Conference on Embedded Systems.

[10]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[11]  Jing Han,et al.  The Design of a Private Cloud Infrastructure Based on XEN , 2011, 2011 10th International Symposium on Distributed Computing and Applications to Business, Engineering and Science.