Crypto keys can be stolen from neighbours in the cloud

Grazed from NewScientist. Author: Jacob Aaron.

Most people are happy to give their neighbours a spare house key in case of emergencies, but you probably wouldn’t want to give them your digital passwords. Now security researchers have shown that you may not have a choice, at least when it comes to cloud computing.

Cloud servers let users run simulations of an ordinary computer, called virtual machines (VMs), on remote hardware. A VM performs exactly as an ordinary computer would, but because it is entirely software-based, many of them can run on a single hardware base. Yinqian Zhang of the University of North Carolina, Chapel Hill, and colleagues have discovered that it is possible for one VM to steal cryptographic keys – used to keep your data secure – from another running on the same physical hardware, potentially putting cloud-computing users at risk…

The attack exploits the fact that both VMs share the same hardware cache, a memory component that stores data for use by the computer’s processor. The attacking VM fills the cache in such a way that the target VM, which is processing a cryptographic key, is likely to overwrite some of the attacker’s data. By looking at which parts of the cache are changed, the attacking VM can learn something about the key in use…

Read more from the source @ http://www.newscientist.com/blogs/onepercent/2012/11/crypto-keys-cloud.html