back to article Amazon blocks lab-only key-stealing neighbour attack

Amazon has patched a vulnerability that could have let users to steal the RSA keys of other co-located customers. The complex attack - getting to CPU code cache isn't trivial - would, if successful, give an attacker a whole 2048-bit key used in other Elastic Compute Cloud instances. Worcester Polytechnic Institute researchers …

  1. Your alien overlord - fear me

    All fine and dandy but why are cloud providers even allowing this low level access to customers?

    1. Anonymous Coward
      Anonymous Coward

      EC2 is IaaS so assembly language is an option and with that little bit, you can do side-channel attacks. The level of sophistication required has been increasing but so long as you have shared anything, which is what makes Public Cloud much cheaper (scale), side channel attacks are a continuing possibility. Note, even having shared power buses have proved sometimes adequate to attack cryptographic implementations. It's a cost of doing business and the reason you leave it up to engineers who really know this field to make the decisions. I'm only conversant on some of this 'cause I was doing the fixin'. I left it to the people that design this stuff to set out the procedures and validations.

      [Any energy leakage, now matter how small, can compromise a cryptographic implementation.]

    2. Ken Moorhouse Silver badge

      Why?

      The presence of the word cache suggests performance reasons.

      Caching can be a menace in traditional computing, particularly database design where one session making a change to a database needs to make sure it is committed before another session relies upon it.

      Similarly with multiple access points in the cloud my belief would be that caching wouldn't be feasible if you made a change to a cloud database accessing from say London and expect that change to be readable in New York. To me this is one of the problems with using the cloud for database work where transaction integrity is important. As I say, that is my belief: but please do correct me on this point if I am wrong.

      1. Doctor Syntax Silver badge

        Re: Why?

        This isn't caching at the S/W level, it's the CPU caching data between its registers and the memory. In other words, about as close to the metal as you can get without leaving stuff lying about in the actual registers.

        1. Ken Moorhouse Silver badge

          Re: This isn't caching at the S/W level

          Thank you for the explanation.

  2. Mage Silver badge
    Facepalm

    Co-location

    Forget the word Cloud, even Co-location.

    This is shared hosting. Real Co-location is your own physical server in a provider's data centre.

    Any shared hosting, no matter what you are allowed to run (even if only PHP + SQL) has security risks compared with real co-location of your own server.

  3. Mephistro
    Devil

    The cloud,...

    ... the gift that keeps on giving!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like