Proof of concept research on hypervisor allows for easy encryption key exfiltration

The Snowden revelations about the interception capabilities of NSA and partner agencies have prompted infrastructure owners and service providers, along with regular users, to make sure that data flows and is stored in an encrypted form. Every once in a while, researchers poke at a popular protocol or implementation of the protocol. Flaws are uncovered, then fixed sooner or later. This is the case of major vulnerabilities such as Heartbleed or Logjam, which prompted patch frenzies at a scale never seen before.

But are companies – and consequently their customers – really protected once these flaws are plugged? Are there any surreptitious methods that state agencies and high-profile organizations might employ to defeat the secrecy of TLS/SSL?

On May 26 2016, at HITB Conference in Amsterdam, Bitdefender security researcher Radu Caragea demonstrated in a proof of concept that encrypted communication can be decrypted in real time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors.

What this means to your security:

This attack makes it possible for a malicious cloud provider (or one pressured into giving access to three-letter-agencies) to recover the TLS keys used to encrypt every communication session between your virtualized server and your customers, even if you use Perfect Forward Secrecy. If you are a CIO and your company outsources the virtualization infrastructure to a third party vendor, assume that all the information flowing between you and your users could be decrypted and read without any visible sign of intrusion.

There is no telling whether your communication has been compromised and for how long it has been happening because this approach does not leave any anomalous forensic evidence behind. Banks, companies dealing with either intellectual property or personal information as well as government institutions are the sectors that could be highly affected by this flaw.

Some primers

This new technique, dubbed TeLeScope, is developed by Bitdefender for research purposes and empowers a third party to eavesdrop on communications encrypted with the TLS protocol between an end-user and a virtualized instance of a server. This technique is only effective against virtualized environments that run on top of a hypervisor. Such infrastructures are extremely popular nowadays and are provided by industry giants. Most of the tech industry agrees that virtualization is the future in terms of storing, moving and processing big data.

Rather than exploiting a flaw in the Transport Layer Security Protocol, this new attack technique relies on extracting the TLS Keys at the hypervisor level by clever memory probing.

While accessing the virtual machine’s virtual resources was something that we already knew (having access to the machine’s HDD, for instance), real-time decryption of the TLS traffic without pausing the VM at a blatantly visible timeframe had not been achieved before.

We discovered this attack vector while researching a way to monitor malicious outbound activity on our honeypot network without tampering with the machine and without tipping attackers off in any way that they are being watched. Upon discovering it, we decided to publicly disclose it in detail, as the social, economic and political stakes of passive traffic monitoring in virtualized environments are overwhelming. For instance, a disgruntled server administrator with access to the hosting server’s hypervisor could monitor, exfiltrate and monetize all information flowing to and from the customer: e-mail addresses, banking transactions, chats, personal photos and other private data.

How does it work?

Normally, recovering keys from a virtual machine’s memory would require pausing the appliance and dumping its memory contents on file. Both processes are intrusive and noticeable to the VM owner (not to mention they violate the SLA). The Bitdefender approach relies on the Live Migration mechanisms present in modern hypervisors, which allows us to narrow down the needed number of pages for the memory dump from the whole RAM to only the ones modified during the TLS handshake.

“Instead of pausing the machine (which would introduce noticeable latency) and doing a full memory dump, we develop a memory diffing technique using primitives already present in hypervisor technologies,” Caragea says. “Then, although this allows reducing the dump from gigabytes to megabytes, the time taken to write this quantity to a storage is still non-negligible (on the order of a few milliseconds) and thus we show how to further «disguise» the process in network latency, without having to pause the machine at all.”

Mitigation

The TeLeScope attack does not exploit a flaw in the implementation of the TLS protocol, nor does it attempt to circumvent the crypto level of the TLS implementation by downgrade attacks. Instead, it leverages a feature of the hypervisor to exfiltrate the very keys used by the protocol to encrypt the session. Our proof of concept uncovers a fundamental lapse that can’t be fixed or mitigated without rewriting the cryptographic libraries currently in use. The only fix to date is to prevent access to the hypervisor in the first place – running your own hardware inside your own infrastructure.

Key Takeaway

Once again, our research stresses the importance of choosing a reputable cloud service provider as infrastructure partner. Before deploying, it is your responsibility to ensure that your virtualization provider is trustworthy, compliant with the security requirements in the industry and politically independent.

For more information about the research, please refer to the whitepaper available for free download on the HITB conference website.