Subscribe

Memory encryption without authentication is not a panacea

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 16 Feb 2018

Protecting user privacy in virtualised cloud environments is a growing concern for users and providers alike. The privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest virtual machines (VMs) cannot be guaranteed.

This will be demonstrated via a new instantiation of a blinded random block corruption attack (BRBC), says Rodrigo Branco, senior principal security researcher at Intel, who will be presenting on 'Blinded random block corruption attacks: the next level', at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.

According to Branco, a blinded random block corruption attack is essentially an attack against systems that use encrypted memory - without any form of integrity protection.

"Under the same scenario assumptions that the per-VM keying method addresses, the attack allows a cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM (besides the encrypted memory)."

This utterly compromises the user's data privacy, he says. "Furthermore, we will demonstrate that even non-Boolean values can be effectively targeted by attackers, forcing the elevation of privileges of a process running in a protected VM as demonstration."

ITWeb Security Summit 2018

Registration is already open for the ITWeb Security Summit 2018 in Johannesburg and Cape Town. We have secured cyber security guru Mikko Hypponen, plus at least three other international infosec players as your plenary speakers, including Intel's Rodrigo Branco. You can also get involved in #SS18HACK and choose from two half day workshops or a full day bootcamp, plus five training courses, and much more. For the agenda, click here.

To find out more and register for the ITWeb Security Summit 2018, go to: http://v2.itweb.co.za/event/itweb/security-summit-2018/?page=agendaday1

Branco says if the argument in favour of the encryption is that memory overwrites - and not only reads - are also protected, because the attacker does not have the encryption key, and is therefore blinded to the memory contents and any overwrite is random on the attacker's perspective, this type of attack applies.

Currently, very few systems offer memory encryption, so BRBC attacks should be kept in mind when making future considerations and business decisions, he says. "The main aim of this talk, is to make businesses aware that if they are planning (or in the process) of acquiring a system and believe encrypted memory is the key factor in their decision, they should be aware of what they can expect, and what the current limitations of this approach are.

"That memory encryption without authentication is not a panacea, and won't solve all problems, especially in a cloud environment."

Share