PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES

STUDENT: FATEMAH ALHARBI

PROFESSOR: NAEL ABU-GHAZALEH

EE260 SEMINAR IN ELECTRICAL ENGINEERING

SPRING 2015

4/23/2015

2

INFORMATION ABOUT THE PAPER• Researchers:

• Erman Pattuk• Murat Kantarcioglu• Zhiqiang Lin• Huseyin Ulusoy

• The University of Texas at Dallas

• The 23rd USENIX Security Symposium

3

OUTLINE• Defining the problem

• The proposed solution

• HERMES Stages

• Evaluation

• Conclusion

Defining the Problem

5

INTRODUCTION TO CROSS-VM SIDE CHANNEL ATTACKS

• Environment: Cloud Service Providers (CSPs)

• Advantages:

• Customers are enabled to outsource their information to the CSPs

• Disadvantages:• Security and privacy• Multiple virtual machines (VMs) are placed to the same

physical machine• Virtual Machine Monitors (VMM)• Vulnerable to cross-VM side channel attacks• Solution: Virtual Machine Monitors (VMMs)

6

VMM IS NOT ENOUGH!• Logical isolation among VMs running on the same

physical machine

• Successful attacks:

• An attacker can place its

VMs alongside the victim

VMs.• Extract ElGamal decryption

keys• Many others

The Proposed Solution

8

HERMES• Goal:

• Protect the cryptographic keys in the cloud environment• Based on RSA cryptosystem

• HERMES Stages:

1. Partitioning a private key

2. Bootstrapping the system

3. Establishing connection between a defender VM and a client

4. Renegotiating an inter-VM SSL channel

5. Distributing new shares of the same private keys

9

THREAT MODEL• Entities:

1. A trusted CSP

2. Defender

3. Adversary • Logical isolation:

• VMM is used• Adversary goal:

• Capture the cryptographic keys

10

SETUP• The defender holds a set of private RSA keys

• He/She partitions them over the set of defender’s VMs

• Each VM holds one share of each partitioned private key

• The VMs act together to exponentiate with it

• The defender re-share the keys every t time

• The shares of a private key in any two sessions are independent

• Epoch:

• It is the time window between two consecutive re-sharing moments

11

OVERVIEW OF HERMES LAYOUT

HERMES Stages

13

1- PARTITIONING KEYS: DISTRIBUTED RSA (D-RSA) MODE• Given a private key d

• Additive Secret Sharing:

• d is partitioned into k random shares d1, d2, …, dk

• d = d1 + d2 + … + dk mod φ(n)

• http://en.wikipedia.org/wiki/Euler%27s_totient_function• The adversary needs to capture all k shares

14

1- PETITIONING KEYS: THRESHOLD RSA (T-RSA) MODE

15

2- BOOTSTRAPPING THE SYSTEM• Establish secure SSL channels using the Enhanced SSL

protocol:

16

3- CONNECTING TO A CLIENT• A client wants to consume the services offered by the

defender

• A defender wants to distribute new shares for the private key

17

4- INTER-VM KEY RENEGOTIATION• What will happen if two defender VMs decide to end one

SSL session, and renegotiate keys for the next one?

• Perform a new handshake process using the Enhanced SSL with mutual verification

• One simultaneous key renegotiation at a given time

18

5- KEY RE-SHARING

1. The defender creates new shares for the same private RSA keys:

• The shares are independent from the previous ones

2. It connects to each VMs

3. It hands in the new shares for all partitioned private keys

• When the new share is used?

Evaluation

20

EXPERIMENTS• Case studies:

• Web server • mail server

• The overhead can be as low as 1%

Conclusion

22

CONCLUSION• HERMES is a novel system to protect cryptographic keys

in cloud VMs

• The key idea is to partition a cryptographic key using additive or Shamir secret sharing

• With two different case studies, it has been shown that the overhead can be as low as 1%

Thank you!

Questions?