Skip to main content
SpringerLink
Log in

Key Recovery in Public Clouds: A Survey on Cross-VM Side Channel Attacks

  • Conference paper
  • First Online:
Book cover Cloud Computing and Security (ICCCS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10039))

Included in the following conference series:

  • 1491 Accesses

Abstract

Isolation across virtual machines is one of the pillars on which the cloud computing paradigm relies on, allowing efficient use of shared resources among users who experience dedicated services. However side channel attacks have been recently demonstrated possible, showing how an adversary is enabled to recover sensible information by observing the behavior of a VM co-located on the same physical machine. In this paper we survey the current attacks, focusing on the ones targeted to extract private RSA keys, and discuss some possible countermeasures, offering a picture of the security challenges cloud providers need to address in order to provide strong guarantees to their customers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AlBelooshi, B., Salah, K., Martin, T., Damiani, E.: Securing cryptographic keys in the IAAS cloud model. In: Raicu, I., Rana, O.F., Buyya, R. (eds.) 8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015, Limassol, Cyprus, 7–10 December 2015, pp. 397–401. IEEE (2015)

    Google Scholar 

  2. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah\(\ldots \) Just a Little Bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014)

    Google Scholar 

  3. Bernstein, D.J.: Cache-timing attacks on AES (2005)

    Google Scholar 

  4. Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)

    Google Scholar 

  5. Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55, 1116–1120 (2006)

    Article  Google Scholar 

  6. Cimato, S., Mella, S., Susella, R.: New results for partial key exposure on RSA with exponent blinding. In: SECRYPT 2015 - Proceedings of 12th International Conference on Security and Cryptography, Colmar, Alsace, France, 20–22 July 2015, pp. 136–147 (2015)

    Google Scholar 

  7. Cimato, S., Mella, S., Susella, R.: Partial key exposure attacks on RSA with exponent blinding. In: International Conference on E-Business and Telecommunications, pp. 364–385. Springer (2015)

    Google Scholar 

  8. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  10. Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. arXiv e-prints, March 2016

    Google Scholar 

  11. Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Fouque, P.-A., Kunz-Jacques, S., Martinet, G., Muller, F., Valette, F.: Power attack on small RSA public exponent. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 339–353. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Garner, H.L.: The residue number system. Papers presented at 3–5 March 1959, Western Joint Computer Conference, IRE-AIEE-ACM 1959 (Western), pp. 146–153. ACM, New York (1959)

    Google Scholar 

  14. Kiss, Á., Krämer, J., Rauzy, P., Seifert, J.-P.: Algorithmic countermeasures against fault attacks and power analysis for RSA-CRT. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 111–129. Springer, Heidelberg (2016)

    Google Scholar 

  15. Gordon, D.M.: A survey of fast exponentiation methods. J. Algorithms 27, 129–146 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  16. Gruss, D., Maurice, C., Wagner, K.: Flush+flush: a stealthier last-level cache attack. In: 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2016, Proceedings (2016)

    Google Scholar 

  17. Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 897–912 (2015)

    Google Scholar 

  18. Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 490–505. IEEE (2011)

    Google Scholar 

  19. Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud. Technical report, IACR Cryptology ePrint Archive (2015)

    Google Scholar 

  20. Irazoqui, G., Eisenbarth, T., Sunar, B.: S$a: a shared cache attack that works across cores and defies VM sandboxing - and its application to AES. In: 2015 IEEE Symposium on Security and Privacy, pp. 591–604, May 2015

    Google Scholar 

  21. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Heidelberg (2014)

    Google Scholar 

  22. Joye, M., Lepoint, T.: Partial key exposure on RSA with private exponents larger than N. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 369–380. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  24. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, pp. 605–622, May 2015

    Google Scholar 

  25. Liu, F., Ge, Q., Yarom, Y., McKeen, F., Rozas, C.V., Heiser, G., Lee, R.B.: Catalyst: defeating last-level cache side channel attacks in cloud computing. In: HPCA (2016)

    Google Scholar 

  26. Maurice, C., Le Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering Intel last-level cache complex addressing using performance counters. In: 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID) (2015)

    Google Scholar 

  27. Inci, M.S., Gulmezoglu, B., Eisenbarth, T., Sunar, B.: Co-location detection on the cloud. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 19–34. Springer, Heidelberg (2016)

    Chapter  Google Scholar 

  28. Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The spy in the sandbox-practical cache attacks in Javascript (2015). arXiv preprint arXiv: 1502.07373

  29. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Quisquater, J.-J., Couvreur, C.: Fast decipherment algorithm for RSA Public-key cryptosystem. Electron. Lett. 18, 905–907 (1982)

    Article  Google Scholar 

  31. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)

    Google Scholar 

  32. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest os. In: Proceedings of 4th European Workshop on System Security, EUROSEC 2011, pp. 1:1–1:6. ACM, New York (2011)

    Google Scholar 

  33. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Software side channel attack on memory deduplication. In: SOSP POSTER (2011)

    Google Scholar 

  34. Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, l3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 719–732 (2014)

    Google Scholar 

  35. Yarom, Y., Genkin, D., Heninger, N.: Cachebleed: a timing attack on OpenSSL constant time RSA. Technical report, Cryptology ePrint Archive, Report 2016/224 (2016)

    Google Scholar 

  36. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012)

    Google Scholar 

  37. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in paas clouds. In: Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990–1003. ACM (2014)

    Google Scholar 

  38. Zhou, Z., Reiter, M.K., Zhang, Y.: A Software approach to defeating side channels in last-level caches (2016). arXiv preprint arXiv: 1603.05615

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università Degli Studi di Milano, Crema, Italy

    Stelvio Cimato, Ernesto Damiani & Silvia Mella

  2. Department of Electrical and Computer Engineering, Khalifah University, Abu Dhabi, United Arab Emirates

    Ernesto Damiani

  3. Department of Computer Science and Information Engineering, National Dong Hwa University, Hualien, Taiwan

    Ching-Nung Yang

Authors
  1. Stelvio Cimato
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Silvia Mella
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ching-Nung Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stelvio Cimato .

Editor information

Editors and Affiliations

  1. University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Michigan State University , EAST LANSING, Michigan, USA

    Alex Liu

  3. National Dong Hwa University , Shoufeng, Taiwan

    Han-Chieh Chao

  4. Purdue University , West Lafayette, Indiana, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Cimato, S., Damiani, E., Mella, S., Yang, CN. (2016). Key Recovery in Public Clouds: A Survey on Cross-VM Side Channel Attacks. In: Sun, X., Liu, A., Chao, HC., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2016. Lecture Notes in Computer Science(), vol 10039. Springer, Cham. https://doi.org/10.1007/978-3-319-48671-0_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48671-0_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48670-3

  • Online ISBN: 978-3-319-48671-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation