Five security researchers from the US Worcester Polytechnic Institute present a proof-of-concept for a full key recovery attack on a modern implementation of RSA in a commercial cloud and explore all steps necessary to perform such an attack.
Previous research has already provided concrete evidence of sensitive information leakage on a commercial cloud. These five researchers present a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a colocated instance. They target a recently patched Libgcrypt RSA implementation by mounting Cross-VM Prime and Probe cache attacks in combination with other tests to detect co-location in Amazon EC2. After co-location is detected and verified, they perform the Prime and Probe attack to recover noisy keys from a carefully monitored Amazon EC2 VM running the aforementioned vulnerable libgcrypt library. They subsequently process the noisy data and obtain the complete 2048-bit RSA key used during encryption.
The work presented by these researchers reaffirms the privacy concerns and underlines the need for deploying stronger isolation techniques in public clouds. They show that even with advanced isolation techniques, resource sharing still poses a security risk to public cloud customers that do not follow the best security practices.
The research paper is available here – https://eprint.iacr.org/2015/898.pdf