What is Virtual Machine Side Channel Analysis and Why Should You Care?

Here’s the quick version. Hackers operating in the same cloud server hardware as you can steal your encryption keys and run off with your data/bank codes/customers/company (strike out items that do not apply – if any). Yes, behind that mouthful of a title is a scary prospect indeed. Until recently, this kind of cloud-side hacking possibility had been discussed but not observed. Now a team of computer scientists have managed to recover a private key used by one virtual machine by spying on it using another virtual machine. Therefore a hacker could conceivably do the same to your VM from another VM running on the same server. How worried should you be?

It might help to know more about the way in which virtual machines can be attacked with ‘side-channel analysis’. VMs are often considered desirable because they allow several tasks to run on the same server and relatively safe because they are isolated from each other. However, VMs also use certain resources in common in the server. They leave traces in data caches or electromagnetic fingerprints that can be captured and analysed by their VM neighbours. The computer scientists that hacked their own setup used a procedure in which the attacking VM alternated execution with the victim VM and was able to piece together pieces of information left in the server processor cache.

It took several hours to reconstitute the victim VM’s private key (all 4096 bits of it), and more than a little ingenuity. But they managed it and history suggests that what the good guys can do, the bad guys can probably do as well. At this stage, such an attack is still difficult. In addition, a hacker who wanted to deliberately target an enterprise via its cloud computing would need to find out which cloud server was being used. But then hackers aren’t necessarily proud. Any low-hanging fruit will do, whether it comes off your company tree or somebody else’s. So make a note! Virtual machine side channel analysis attacks could start happening for real soon and organisations may need to take action to protect their assets.