[Cryptography] Determining TLS session keys from the hypervisor
Howard Chu
hyc at symas.com
Mon Jun 13 13:39:01 EDT 2016
On Mon, Jun 13, 2016 at 10:45:06AM +0000, Michael Kjörling wrote:
> On 12 Jun 2016 06:34 -0400, from leichter at lrw.com (Jerry Leichter):
> > Very elegant and powerful attack in which code running in a
> > hypervisor can extract the keying material for any TLS session a
> > guest establishes. The basic ideas:
>
> One thing I was thinking about when hearing about this attack is SSH.
> It seems to me that the same kind of attack could apply to virtually
> every kind of key negotiation similar to TLS, and SSH certainly would
> seem to fall into that family. What's more, taking over a SSH session
> seems more likely to be able to get a toehold into a system because of
> how often SSH is used for remote administration.
>
> I guess it's the old adage again: if an untrusted party has
> unrestricted physical access, then it's not possible to fully secure
> the system.
I think something like AMD's Secure Memory Encryption could help foil
this sort of attack. Assuming of course that the hypervisor actually
enabled it.
(Discussion http://semiaccurate.com/forums/showthread.php?t=9151
Whitepaper http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf )
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list