[Cryptography] Determining TLS session keys from the hypervisor
hyc at symas.com
Mon Jun 13 19:58:18 EDT 2016
Jerry Leichter wrote:
>> Defenses are not clear.
>> Actually I would have thought the defence was pretty trivial: Don't run your
>> sensitive crypto on hardware controlled by an attacker. On the one hand the
>> work they've done is pretty neat, but the overall result is a "well, duh".
> Well, sure ... but the fact is that a large and probably growing
of Web servers *are* running "in the Cloud" - i.e., on hardware controlled by
someone else. The economics are likely to push ever more stuff "out there".
> Now, you can argue that Amazon or Microsoft or Google - or the smaller
providers of virtual hosting - are not going to attack you; and *in general*,
that's probably true. But they may well be forced to by government order -
without telling you. And when it comes to the smaller providers - just how
much should you trust them?
Doesn't really matter how large or reputable the hosting provider is. All it
takes is 1 employee to go rogue. This has been the pattern at the majority of
Bitcoin exchange heists.
I don't know of many services that are run entirely within their own private
data centers. Most web sites are VPSs or just web virtual hosts.
> It's also worth keeping in mind that bugs allowing attackers to escape
their guest OS instances and gain access to the hypervisor have occurred. So
even if you trust your provider, you do have *some* level of exposure to your
"running mates" on the host you share.
> As will all (properly analyzed) security issues, it's about costs and
By moving out to a Cloud instance, you're generally saving money and you're
mitigating many practical risks - the big data centers are much less
vulnerable to power outages, fires, and all kinds of similar events than you
would likely be able to afford. This paper shows that you're not quite as
secure within your VM as you might think. You now have to go make the
tradeoffs for yourself.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography