[Cryptography] Determining TLS session keys from the hypervisor

Ángel González angel at crypto.16bits.net
Sun Jun 12 21:55:26 EDT 2016

On 2016-06-12 at 06:34 -0400, Jerry Leichter wrote:
> The attack slows the server a bit, but the additional time per
> connection is a few milliseconds - very hard to detect among network
> overheads.
> Defenses are not clear.  A library could randomize the layout of the
> key block it uses per connection.  It would have to compute and store
> the parameters *before* Server Hello or the attacker would simply
> target that material.  But this strikes me as an expensive defense
> that would only slow the attacker down a bit.
>                                                         -- Jerry

Create a random key before starting the connection. Then, just before
the Client Finished, blind the parameters by encrypting them with the
key (or better yet, have them encrypted all the way round).
Now, your evil hypervisor no longer  the TLS parameters readily
available in the changed set, but it depends on a key which was
committed into memory many cycles ago.

Ultimately, you can't fool your hypervisor. If you can decrypt the
session, so can it. But this simple trick would be enough to avoid a
such naive spy. I would expect that the evil hypervisor would then
start to dig into the running code to apply specific measures to every
crypto library, though.


More information about the cryptography mailing list