As thousands of cloud fanatics descend on Las Vegas this week for Amazon Web Service’s re:Invent conference, researchers in Massachusetts are raising new questions about the security of all multi-tenant cloud environments.
A group of professors at Worcester Polytechnic Institute demonstrated in a recently published paper named “Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud,” a proof of concept hack of secret cryptography keys used in an AWS virtual machine. The now-patched flaw – which was not specific to AWS -- showed that a hacker could theoretically gain a user’s secret keys that are used to encrypt sensitive data.
+MORE AT NETWORK WORLD: Gartner: Simplify IT security to fight inescapable hackers | Hottest products at AWS re:Invent 2015 +
Security experts say the risk of this specific attack being used is quite low because the vulnerable encryption library has been patched. But, they say it does call into question security best practices in multi-tenant cloud environments.
WPI researchers used what it commonly referred to as a “side-channel attack,” which allows a hacker to glean information from other users who share virtual machines on the same physical server.
Executing the attack is no simple matter however. It includes spinning up a virtual machine in AWS’s cloud (although this vulnerability could work in any virtualized environment) and running a test to see if other VMs using the same physical host are running a certain library - named Libgcrypt - for their RSA encryption (RSA the open source encryption algorithm, not the commercial product). Once researchers were able to identify a vulnerable library, they were able to use a cross-VM “Prime and Probe” technique to analyze the cache left on the Intel processor to collect a vast amount of information. The researchers were able to deduce the secret encryption key from the plethora of “noisy” information that comes along with the cache.
You can read the entire description of the attack methods and vulnerability here. The impacted Libgcrypt library has been patched since February, preventing this specific attack from being executed again.
Yehuda Lindell, chief scientist and co-founder of security firm Dyadic – which has a product for protecting secret cryptography keys – says the vulnerability is extraordinarily sophisticated – on the verge of being “magic.” He says but it proves the shortcomings, from a security perspective, of shared environments such as the cloud.
"Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualized environments where you have less direct control. This specific attack may be prevented by appropriate patching, as its 2009 predecessor was. However, the type of attack is almost impossible to completely prevent,” Lindell says.
There are a series of steps users can take to protect themselves from potential side-channel vulnerabilities like this. First and foremost, it’s imperative that customers use the most up to date software and install any and all patches of open source software as soon as they’re available. This specific library was patched soon after researchers found the vulnerability.
The biggest concern related to this attack is perhaps the viability of multi-tenant clouds for very sensitive workloads. If users are concerned about that but want to stay within AWS’s cloud, they could pay extra to use Dedicated Instances, which AWS says run on “hardware that’s dedicated to a single customer” and are “physically isolated at the host level.” That’s compared to traditional Elastic Compute Cloud (EC2) instances, which share hardware in a virtual environment.
AWS also offers customers a Hardware Security Module (HSM), which is a device customers place in their own data centers that stores keys. There are other options for customers too, including using collocation or managed hosting providers which could provide customers with access to entire physical servers, instead of virtualized ones.
Then of course there are a variety of security products on the market as well targeting this issue. Dyadic, where Lindell is chief scientist, has developed a way to spread encrypted keys out across multiple hosts, so that essentially no one single VM has all of the keys.
Note: After this story was published, an AWS spokesperson issued the following statement
This research does not demonstrate a real-world vulnerability in Amazon EC2. AWS customer RSA keys are not at risk of exposure using the techniques described in the report, which represents an academic exercise on Amazon EC2 that required attacker and victim pre-coordination, the use of outdated, vulnerable third party software, and the repeated unrealistic execution of a specific routine in order to be successful. Still, we can appreciate how this research highlights the topic of possible information extraction from shared caches in commercial off-the-shelf processors, so that this subject can be addressed through collaborative efforts with industry partners. We regularly assess even the most unlikely of scenarios to advance AWS security and, in turn, the security of AWS customers, and we welcome independent input to help in that effort. We recommend that customers continue to follow security best practices and encourage the reporting of any AWS security concerns to AWS Security via email@example.com.