News and Notes from the Makers of Nexus | Sonatype Blog

Virtual Machine Used To Steal Crypto Keys From Other VM On Same Server

Written by Ali Loney | November 06, 2012

Ars Technica – (International) Virtual machine used to steal crypto keys from other VM on same server. Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware. The technique, unveiled in a research paper published by computer scientists from the University of North Carolina, the University of Wisconsin, and RSA Laboratories, took several hours to recover the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. The attack relied on "side-channel analysis," in which attackers crack a private key by studying the electromagnetic emanations, data caches, or other manifestations of the targeted cryptographic system.

Source: http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/