<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Virtual Machine Used To Steal Crypto Keys From Other VM On Same Server

Ars Technica – (International) Virtual machine used to steal crypto keys from other VM on same server. Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware. The technique, unveiled in a research paper published by computer scientists from the University of North Carolina, the University of Wisconsin, and RSA Laboratories, took several hours to recover the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. The attack relied on "side-channel analysis," in which attackers crack a private key by studying the electromagnetic emanations, data caches, or other manifestations of the targeted cryptographic system.

Source: http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/

Topics: News security AppSec Spotlight