AWS users could have their cryptographic keys stolen thanks to new vulnerability
Researchers used one instance of Amazon EC2 to recover a whole 2048-bit RSA key used by a separate instance
A team of researchers claim attackers can exploit a vulnerability on Amazon's EC2 cloud storage platform in order to steal the cryptographic keys of other users.
The researchers from Worcester Polytechnic Institute in New England published a paper, entitled "Seriously, Get Off My Cloud! Cross-VM RSA Key Recovery in a Public Cloud", which demonstrated how they used one instance of Amazon EC2 to recover a whole 2048-bit RSA key used by a separate instance.
The findings will alarm end users that are using Amazon Web Services (AWS), particularly those who store cryptographic keys in their Amazon cloud instances, as it shows that there may be vulnerabilities that can be exploited by sophisticated cyber criminals.
However, the researchers claim that they alerted AWS to the issues back in June and that the issues should have been fixed.
"The cross-VM leakage is present in public clouds and can become a practical attack vector for both co-location detection and data theft," the researchers warned.
"Users have a responsibility to use latest improved software for their critical cryptographic operations. Additionally, placement policies for public cloud must be revised to diminish attackers' ability to co-locate with a targeted user.
"Even further, we believe that smarter cache management policies are needed both at the hardware and software levels to prevent side-channel leakages and future exploits," they wrote.
In the paper, the researchers offered some methods of prevention.
"Placing multiple instances of a user on the same physical machine prevents co-location with a malicious attacker. Most cloud service providers, including Amazon EC2, offer single-tenant instances albeit as an expensive option. This option offers a number of benefits, including isolation from other users."
Researchers had uncovered a method for attackers to steal keys on virtual machines back in 2009, but the co-location techniques that worked back then no longer work.
And cloud users shouldn't be completely alarmed, as Worcester Polytechnic Institute researchers said that cloud security has improved significantly.
"While the attack is still possible, our results show that, through combined efforts of all involved parties, the bar for performing successful attacks in the cloud is quickly rising," the researchers said.
"Specifically, we show that many co-location techniques that gave high accuracy in 2009 no longer work. Similarly, increased hardware complexity and better protected crypto- graphic libraries increase the cost and required sophistication of attacks to succeed," they added.
Amazon Web Services told Computing that the issue had been fixed, and was only a problem in older versions of its software. It also suggested that a willing co-conspirator from within the organisation would have been necessary in order to help grant certain accesses an outside hacker wouldn't have.
"This research shows that Amazon EC2 continues to strengthen its built-in, base-level security measures, even when researchers perform complex attacks with extremely rare, unlikely pre-existing conditions and outdated 3rd party software.
AWS customers using current software and following security best practices are not impacted by this situation," an AWS spokesperson said.
Join us at Computing's Enterprise Security & Risk Management Summit on 26 November.