Amazon EC2 Attack

Until 2015, the cache attacks have been demonstrated in the lab server environments. It was not clear whether the cache attacks are applicable in public cloud servers. To investigate the applicability of cache attacks in the wild, we demonstrated a cache attack on Amazon EC2 public cloud. There are 3 steps to conduct a successful attack on Amazon EC2:

  1. Finding co-location with a victim
  2. Request RSA decryptions and collect cache traces
  3. Extract the RSA bits from noisy measurements

1) Co-location Detection

Co-location means two or more Virtual Machines (VMs) share the same physical hardware and their resources. To find a co-location in Amazon public cloud, we created 80 VMs. Then, the same cache sets are filled with data from each VM at the same time. If the number of cache misses increases then, these VMs are hold as candidates. Then, the candidates are matched with each other to find out the co-located VMs. The number of co-located VM pairs is 8 which is 10% accuracy.

2) Cache Trace Collection

The RSA decryption request and cache profiling started at the same time. Therefore, we were able to collect thousands of cache traces for same key RSA decryptions. Libgcrypt RSA implementation uses a sliding window technique and for each exponentiation a look table is used. For each look-up table in average 3,200 traces collected. Since Intel architecture applies slice-core mechanism, it is not certain which cache set will be used by the look-up table. Therefore, we profile the same cache set for each measurement. The probability of monitoring the correct cache set is 1/320 (32 sets and 10 slices) in our scenario.

3) Extracting the RSA Keys

Firstly, we need to distinguish which cache traces belong to the RSA decryption process. Therefore, we look at the measurement and analyzes the pattern. Finally, we observe the difference between noisy and actual RSA decryption processes as illustrated in the figure:

We observed that the public cloud environment is much more noisy than the lab environment. Therefore, we used a correlation based technique to automate the processing of RSA key bits. The noisy measurements are shifted one-by-one, and then, the correct locations of the window multiplications are found in the figure:

Then, all the common multiplications are stored and the remaining peaks are discarded. Finally, all the window multiplications are combined to recover the full 2048 bit RSA decryption key. The details of the paper can be read from here.

The press coverage of the paper: