[Cryptography] Determining TLS session keys from the hypervisor

John Ioannidis ji at tla.org
Mon Jun 13 18:44:27 EDT 2016

On Sun, Jun 12, 2016 at 6:34 AM, Jerry Leichter <leichter at lrw.com> wrote:
> Very elegant and powerful attack in which code running in a hypervisor can extract the keying material for any TLS session a guest establishes.  The basic ideas:

It took someone *this* long to do this? If you are running under a
hypervisor, or in any sort of virtualized environment, the hosting
side is god. Just like you don't run stuff on the bare metal if you
are in a colo facility and don't trust the security of your cage. Or
try to hide from the superuser in a timeshared machine (you are old
enough to know what that is :) ).  And so on.

An interesting question is what the hypervisor *provider* can do to
assure you that they are not messing with your memory. IOW, what
hypervisor-software/processor-architecture can provide that guarantee.
Simply doing remote attestation on the hypervisor would not work, as
you can't to trust the boot code if you can't trust the hv.

FWIW, AWS provides VMs with HSMs. They cost a pretty penny, and they
are guaranteed to run on non-multi-tenant hardware.


More information about the cryptography mailing list