Post on 19-Dec-2015
PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES
STUDENT: FATEMAH ALHARBI
PROFESSOR: NAEL ABU-GHAZALEH
EE260 SEMINAR IN ELECTRICAL ENGINEERING
SPRING 2015
4/23/2015
2
INFORMATION ABOUT THE PAPER• Researchers:
• Erman Pattuk• Murat Kantarcioglu• Zhiqiang Lin• Huseyin Ulusoy
• The University of Texas at Dallas
• The 23rd USENIX Security Symposium
3
OUTLINE• Defining the problem
• The proposed solution
• HERMES Stages
• Evaluation
• Conclusion
Defining the Problem
5
INTRODUCTION TO CROSS-VM SIDE CHANNEL ATTACKS
• Environment: Cloud Service Providers (CSPs)
• Advantages:
• Customers are enabled to outsource their information to the CSPs
• Disadvantages:• Security and privacy• Multiple virtual machines (VMs) are placed to the same
physical machine• Virtual Machine Monitors (VMM)• Vulnerable to cross-VM side channel attacks• Solution: Virtual Machine Monitors (VMMs)
6
VMM IS NOT ENOUGH!• Logical isolation among VMs running on the same
physical machine
• Successful attacks:
• An attacker can place its
VMs alongside the victim
VMs.• Extract ElGamal decryption
keys• Many others
The Proposed Solution
8
HERMES• Goal:
• Protect the cryptographic keys in the cloud environment• Based on RSA cryptosystem
• HERMES Stages:
1. Partitioning a private key
2. Bootstrapping the system
3. Establishing connection between a defender VM and a client
4. Renegotiating an inter-VM SSL channel
5. Distributing new shares of the same private keys
9
THREAT MODEL• Entities:
1. A trusted CSP
2. Defender
3. Adversary • Logical isolation:
• VMM is used• Adversary goal:
• Capture the cryptographic keys
10
SETUP• The defender holds a set of private RSA keys
• He/She partitions them over the set of defender’s VMs
• Each VM holds one share of each partitioned private key
• The VMs act together to exponentiate with it
• The defender re-share the keys every t time
• The shares of a private key in any two sessions are independent
• Epoch:
• It is the time window between two consecutive re-sharing moments
11
OVERVIEW OF HERMES LAYOUT
HERMES Stages
13
1- PARTITIONING KEYS: DISTRIBUTED RSA (D-RSA) MODE• Given a private key d
• Additive Secret Sharing:
• d is partitioned into k random shares d1, d2, …, dk
• d = d1 + d2 + … + dk mod φ(n)
• http://en.wikipedia.org/wiki/Euler%27s_totient_function• The adversary needs to capture all k shares
14
1- PETITIONING KEYS: THRESHOLD RSA (T-RSA) MODE
15
2- BOOTSTRAPPING THE SYSTEM• Establish secure SSL channels using the Enhanced SSL
protocol:
16
3- CONNECTING TO A CLIENT• A client wants to consume the services offered by the
defender
• A defender wants to distribute new shares for the private key
17
4- INTER-VM KEY RENEGOTIATION• What will happen if two defender VMs decide to end one
SSL session, and renegotiate keys for the next one?
• Perform a new handshake process using the Enhanced SSL with mutual verification
• One simultaneous key renegotiation at a given time
18
5- KEY RE-SHARING
1. The defender creates new shares for the same private RSA keys:
• The shares are independent from the previous ones
2. It connects to each VMs
3. It hands in the new shares for all partitioned private keys
• When the new share is used?
Evaluation
20
EXPERIMENTS• Case studies:
• Web server • mail server
• The overhead can be as low as 1%
Conclusion
22
CONCLUSION• HERMES is a novel system to protect cryptographic keys
in cloud VMs
• The key idea is to partition a cryptographic key using additive or Shamir secret sharing
• With two different case studies, it has been shown that the overhead can be as low as 1%
Thank you!
Questions?