Virtual Inception: Modifying Crypto Keys with "Flip Feng Shui: SoylentNews Submission

Virtual Inception: Modifying Crypto Keys with "Flip Feng Shui"

Accepted submission by at 2016-09-01 07:12:46

http://arstechnica.com/security/2016/08/new-attack-steals-private-crypto-keys-by-corrupting-data-in-computer-memory/ [arstechnica.com]

The research team, which also included a member from Belgium's Katholieke Universiteit Leuven, went on to show how an attacker VM can use Flip Feng Shui to compromise RSA cryptography keys stored on another VM hosted in the same cloud environment. In one experiment, the attacker VM compromised the key used to authenticate secure shell access, a feat that allowed the VM to gain unauthorized access to the target. In a separate experiment, the attacker VM compromised the GPG key used by developers of the Ubuntu operating system to verify the authenticity of updates. With the compromised GPG key, the attacker VM was able to force the target to download and install a malicious update.

"Virtual Inception" could be a good name for this specific use of "Flip Feng Shui" :).

I wonder how well ECC protects from such attacks: http://arstechnica.com/security/2016/03/once-thought-safe-ddr4-memory-shown-to-be-vulnerable-to-rowhammer/ [arstechnica.com]

Original Submission

SoylentNews

SoylentNews is people

Navigation

Sections

SoylentNews

Submission Preview

Virtual Inception: Modifying Crypto Keys with "Flip Feng Shui"