The team set about seeing exactly what hackers are capable of by creating a virtual machine on the same server as the target system. From the way that this target accessed its memory, the team could figure out when it was using an RSA key. Based on that timing, they could then determine the numerical value of the key itself.
The problem outlined by this work has already been solved by a patch from Libgcrypt, according to reporting from Phys.org. However, it remains to be seen how useful this solution will be, as the user has to install it rather than the service provider.
The paper published by Worcester Polytechnic Institute largely focuses on the challenges faced by cloud computing operations, with Amazon Web Services being one example of a potential target. The virtual machines used by these companies were once though to be impossible to attack, but more recent research has proven otherwise.
However, the report does praise Amazon for its efforts to make things more difficult for hackers. Thomas Eisenbarth, who led the research alongside Berk Sunar, notes that “crypto keys are safe if users follow security best practices and stick to well-maintained and fully patched crypto libraries.”
Organizations far more malicious than the Worcester Polytechnic Institute are almost certainly looking into these methods as well, so it’s encouraging to see work being done to cut them off at the pass. Cloud computing offers up some serious security challenges, so this sort of research is imperative to keeping them safe.
Editors' Recommendations
- Texas airport to get a 420-pound security robot
- Bing Chat just beat a security check to stop hackers and spammers
- Chrome is making a key change to protect you from phishing
- MacBooks could finally get Face ID to boost your security
- Chrome has a security problem — here’s how Google is fixing it
