Breaking Libgcrypt RSA via a side channel
Breaking Libgcrypt RSA via a side channel
Posted Jul 6, 2017 0:55 UTC (Thu) by vomlehn (guest, #45588)Parent article: Breaking Libgcrypt RSA via a side channel
...the practical implications, at least for those not running on virtual machines alongside those of attackers, would seem to be fairly small.
But...there are a bazillion VMs out there in data centers sharing servers with any number of other VMs. This would seem to be a huge deal. I don't understand how information would leak from one VM to another in this case, though. Maybe a bit more info?
Posted Jul 6, 2017 1:05 UTC (Thu)
by sfeam (subscriber, #2841)
[Link] (2 responses)
Posted Jul 6, 2017 3:51 UTC (Thu)
by wahern (subscriber, #37304)
[Link] (1 responses)
Posted Jul 6, 2017 19:52 UTC (Thu)
by cplaplante (subscriber, #107196)
[Link]
Posted Jul 6, 2017 6:30 UTC (Thu)
by matthias (subscriber, #94967)
[Link]
Such an attack is described in the paper "Wait a Minute! A fast, Cross-VM Attack on AES" (DOI: 10.1007/978-3-319-11379-1_15) that is referenced from the RSA attack paper.
If the VMs use different copies of the encryption algorithm, the attacker should not get any information. At least the flush+reload attack can only observe whether some code that the attacker has access to is in the cache (by timing analysis).
If there is any other attack vector, I would really appreciate some clarification.
According to the article, the side channel attack monitors the hardware L3 cache. So I guess the only information that needs to leak from the VM is that a decryption is in progress.
Breaking Libgcrypt RSA via a side channel
Breaking Libgcrypt RSA via a side channel
Breaking Libgcrypt RSA via a side channel
Breaking Libgcrypt RSA via a side channel