Cross-VM Cache Attacks on AES

Berk Gulmezoglu, Mehmet Sinan Inci, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar

Abstract

Cache based attacks can overcome software-level isolation techniques to recover cryptographic keys across VMboundaries. Therefore, cache attacks are believed to pose a serious threat to public clouds. In this work, we investigate the effectiveness of cache attacks in such scenarios. Specifically, we apply the Flush+Reload and Prime+Probe methods to mount cache side-channel attacks on a popular OpenSSL implementation of AES. The attacks work across cores in the cross-VM setting and succeeds to recover the full encryption keys in a short time-suggesting a practical threat to real-life systems. Our results show that there is strong information leakage through cache in virtualized systems and the software implementations of AES must be approached with caution. Indeed, for the first time, we demonstrate the effectiveness of the attack across co-located instances on the Amazon EC2 cloud. We argue that for secure usage of world's most commonly used block cipher such as AES, one should rely on secure, constanttime hardware implementations offered by CPU vendors.
Original languageEnglish
JournalIEEE Transactions on Multi-Scale Computing Systems
Volume2
Issue number3
Pages (from-to)211-222
Number of pages12
ISSN2332-7766
DOIs
Publication statusPublished - 05.04.2016

Fingerprint

Dive into the research topics of 'Cross-VM Cache Attacks on AES'. Together they form a unique fingerprint.

Cite this