Side Channel Attacks
PrivateCore helps mitigate some side channel attacks in virtualized environments. Below is a listing of some of the current literature and research describing side channel attacks, particularly in cloud or hosted environments.
Fine grain Cross-VM Attacks on Xen and VMware are possible!
A research paper exposing vulnerabilities in virtualized cloud servers by mounting Cross-VM cache attacks in Xen and VMware VMs targeting AES running in the target VM.
Tags: Side channel, VM, AES, cloud
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
A research paper discussing how to to place a hostile virtual machine (VM) adjacent to a target VM in infrastructure-as-a-service (IaaS) environments and use such placement to attempt cross-VM side channel attacks to extract information from a target VM on the same machine.
Tags: Side channel, VM, cloud
Cross-VM Side Channels and Their Use to Extract Private Keys
This research paper describes an access-driven side channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern virtual machine manager (Xen).
Tags: Side channel, VM, cloud
“Ooh Aah… Just a Little Bit” : A small amount of side channel can go a long
way
This paper describes a cache timing attack to extract information from the OpenSSL ECDSA implementation. The authors demonstrate that with as little as 200 signatures they are able to recover a 256-bit secp256k1 elliptic curve key. This is notably the same curve used in the Bitcoin protocol.
Tags: Side channel, VM, cloud
Cache-timing attacks on AES
This research paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer.
Tags: Side channel, ECDSA, OpenSSL
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud
This presentation from a University and Microsoft research describes System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud.
Tags: Side channel, countermeasures
Cache Missing for Fun and Profit
A research paper highlighting that shared access to memory caches provides an easily used high bandwidth covert channel between threads as well as permitting a malicious thread to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys.
Tags: Side channel, RSA
Software mitigations to hedge AES against cache-based software side channel vulnerabilities
An Intel Corporation research paper investigates mitigations to protect AES-software against side channel vulnerabilities.
Tags: Side channel, countermeasures, AES