Piercing a key selling point of commercial cloud computing services, computer scientists have devised a hack that allows an attacker using Amazon's EC2 platform to steal the secret cryptographic keys of other users.
The proof-of-concept attack is significant because Amazon Web Services and many other cloud service providers already blocked a previous key-recovery attack on co-located virtual machines that was unveiled in 2009. The paper was one of the first to highlight the security risks that come when someone uses the same physical piece of hardware as an advanced attacker. Cloud providers and makers of cryptography and virtual-machine software patched many of the weaknesses that made the attack possible. As a result, many of the techniques that gave the 2009 attack a high degree of accuracy are no longer possible.
Now a separate team of researchers has constructed a new method for recovering the full private key used in a modern implementation of the widely used RSA crypto system. Like the 2009 work, the new research implements a CPU cache attack across two Amazon accounts that happen to be located on the same chip or chipset. They recently used their technique to allow one Amazon instance to recover the entire 2048-bit RSA key used by a separate instance, which they also happened to control. The newer technique works by probing the last level cache of the Intel Xeon processor chipsets used by Amazon computers.