Hacking Encryption Keys Demonstrated

Yuval Yarom from University of Adelaide has just demonstrated reading a RSA public key for SSL encryption being used by one user on a shared computer system, by another user's program. This "generic cache side-channel attack" exploits a security weakness in the Intel's X86 computer architecture (but also applies to other company's designs). There are ways to fix this problem, but this will reduce the performance of applications. There is a full paper available.

FLUSH+RELOAD and the Relaxed Security of Read Operations on the X86 Architecture

Yuval Yarom (University of Adelaide)

COMPUTER SYSTEMS SEMINAR

DATE: 2013-11-06
TIME: 14:00:00 - 15:00:00
LOCATION: CSIT Seminar Room, N101
CONTACT: josh.milthorpe@anu.edu.au

ABSTRACT:
FLUSH+RELOAD is a recently developed generic cache side-channel attack technique. It exploits a security weakness in the popular X86 architecture, which allows a spy program to monitor a victim program read from shared memory regions. Unlike previous cache side-channel attacks, the technique targets the last level cache. Consequently, the spy and the victim programs do not need to execute on the same processing core. The technique is not limited to a traditional OS environment and can be applied in a virtualised environment where it can be used to leak information from programs running in co-located virtual machines. In this talk I present FLUSH+RELOAD and the weakness it exploits. I also describe the spy program behind CERT advisory VU#976534 and Mitre CVE-2013-4242 which uses the technique to attack the GnuPG implementation of the RSA encryption. By snooping a single decryption or signature process, the spy program is able to recover over 98% of the secret key bits, effectively breaking the cryptosystem. Further information on the technique can be found in http://eprint.iacr.org/2013/448