When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography Thomas Ristenpart Scott Yilek Dept. of Computer Science and Engineering University of California, San Diego, USA {tristenp,syilek}@cs.ucsd.edu Abstract their relevance to RNG failures, the vulnerabilities are also interesting because they introduce a potentially-widespread Random number generators (RNGs) are consistently a class of practical problems due to virtualization technolo- weak link in the secure use of cryptography. Routine cryp- gies. Our second contribution is a general and backwards- tographic operations such as encryption and signing can compatible framework to hedge against the threat of ran- fail spectacularly given predictable or repeated random- domness failures in deployed cryptographic algorithms. We ness, even when using good long-lived key material. This discuss each contribution more in turn. has proved problematic in prior settings when RNG imple- VM reset vulnerabilities. Virtualization technologies en- mentation bugs, poor design, or low-entropy sources have able significant flexibility in handling the state of guest sys- resulted in predictable randomness. We investigate a new tems (an operating system, user applications, and data). In way in which RNGs fail due to reuse of virtual machine particular, virtual machine (VM) snapshots, i.e. copies of (VM) snapshots. We exhibit such VM reset vulnerabilities the state of the guest, can be used to replicate, backup, trans- in widely-used TLS clients and servers: the attacker takes fer (to another physical system), or reset (to a prior state) advantage of (or forces) snapshot replay to compromise the guest. Snapshots are one reason virtualization is trans- sessions or even expose a server’s DSA signing key. Our forming numerous areas of computing. However, Garfinkel next contribution is a backwards-compatible framework for and Rosenblum [31] suggest that, in theory, snapshots might hedging routine cryptographic operations against bad ran- lead to security problems due to reuse of security-critical domness, thereby mitigating the damage due to randomness state. Namely, reusing a VM snapshot might lead to (what failures. We apply our framework to the OpenSSL library we call) VM reset vulnerabilities. But no insecurities have and experimentally confirm that it has little overhead. been reported for real systems, leaving open the question of whether reset vulnerabilities are a practical problem. We answer this question by revealing exploitable VM 1. Introduction reset vulnerabilities within popular software. Our attacks are against TLS [8] implementations used for secure web The security of routine cryptographic operations such as browsing and work when a victim VM runs twice from the encryption, key exchange, and randomized signing rely on same snapshot. We investigate both TLS clients and servers, access to good (unpredictable, fresh) randomness. Unfortu- presenting session-compromise attacks against clients in the nately, the random number generators (RNGs) used in prac- Firefox and Chrome web browsers and secret-key recov- tice frequently fail. Examples stem from poorly designed ery attacks against the Apache HTTPS server. The latter is RNGs [28, 32, 35], implementation bugs [13, 51], untimely particularly damaging — an attacker can remotely extract exposure of randomness [17], and even the inability to find a server’s DSA secret key. With this key, the attacker can sufficient entropy in a system’s environment [36]. Since impersonate the server. We exhibit exploits when the victim deployed cryptographic routines provide no security given is run within either VMWare [12] or VirtualBox [10], two bad randomness (even when using good long-lived keys), popular VM managers. the attacks that result from RNG failure are spectacular The attacks work because the VM resets lead to crypto- [13, 16, 32, 35, 53]. graphic operations (here, key exchange and signing) using In this work, we first show a new way in which deployed the same randomness more than once. These cryptographic RNGs fail, due to virtual machine (VM) resets. Beyond operations, in turn, fail to provide any security given re- peat randomness. One conceptually simple solution, then, We apply our framework to the latest OpenSSL code is to ensure that applications sample sufficiently fresh ran- base, which doubles as a cryptographic library used by domness immediately before use. Unfortunately, there are many applications and as a widely used implementation of lurking complexities to overcome. Besides the difficulty of the TLS protocol. Benchmarking the hedged version of the ensuring every RNG-using application is updated, there is library indicates that overhead is very low. Because hedg- the more subtle problem of where to find good randomness ing does not impact functionality, our library interoperates after VM resets. For example, the state of traditional RNGs transparently with existing TLS implementations. We are (e.g., Linux’s /dev/random) is also reset with the rest of the currently in the process of preparing our implementation guest. We provide more discussion of systems solutions in for public release, which will allow immediate deployment the body, but leave the bulk of this task to future work. with the corresponding security benefits. Finally, we suspect that the VM reset vulnerabilities we show are indicative of further issues. An important open 2. Random Number Generation and Threat question is whether other practical insecurities arise due to VM resets. Models Hedging deployed cryptography. The attacks above are symptomatic of the widespread fragility of cryptographic There are many methods for generating cryptographi- operations to repeated or predictable randomness. Because cally strong random numbers. We do not go into significant many cryptographic operations fundamentally rely on good detail regarding particular implementations. See [36, 43] randomness to achieve the desired security level, repairing for details regarding some platform-specific random num- RNGs is the only full solution. However, the complexity of ber generators. Instead we give an abstract model of random RNG design, the frequency with which RNG failures occur, number generation which already suffices for discussing and the significant damage that results all suggest that cryp- threats and attacks. We will fill in further details when nec- tography should be designed so that bad randomness has as essary. little ill effect as possible. The task of a cryptographic random number generator One potential approach is to implement some form of (RNG) is to provide uniform, private bits to applications. hedged cryptography, considered in various ways in [19, 37, We find it convenient to view an RNG as a stack. The 46, 48]. The general idea is that routine cryptographic oper- first layer is the entropy layer where entropy is generated. ations should be designed so that, given good randomness, Here sources of (hopefully) unpredictable events occur in they provably meet traditional security goals and, given a manner that can be sampled. Examples include tempera- bad randomness, they nevertheless provably achieve some ture variations, clock drift, interrupt timings, mouse move- meaningful security level. While not everywhere eliminat- ments or keyboard clicks, and network packet arrivals. We ing the need for good randomness, hedging against bad ran- view the entropy layer not as an actual software or hardware domness can significantly mitigate the threat of RNG fail- system, but rather as an encapsulation of the physical pro- ure. Unfortunately, existing approaches only treat specific cesses from which entropy is harvested. The second layer primitives such as public-key encryption [19, 52] or sym- is the sampling layer which samples from the entropy layer metric encryption [37, 46, 48] and only treat specific, dis- to measure events and generate digital descriptions of them. parate kinds of RNG failures. In this work we seek an ap- This layer also attempts to extract uniform random bits from proach that is fast, conserves existing security when ran- the unpredictable data and maintains a pool of such bits. domness is good, works with arbitrary deployed algorithms, The uniform bits are then provided to applications requir- and can boost security in the face of arbitrary types of RNG ing randomness in the consuming layer. failures. We note that, crucially, the consuming layer may it- We give a framework for hedging cryptographic opera- self consist of further sequences of RNG-related systems. tions that achieves these goals. Our starting point is tech- For example, in typical operating systems the kernel imple- niques from [19, 52], which we show can be straightfor- ments the sampling layer, a cryptography library consumes wardly combined to be applicable to arbitrary cryptographic kernel-supplied randomness and also provides it to further primitives. Briefly, an operation is replaced by a hedged applications. Note that every layer above the first poten- version with equivalent functionality. The hedged ver- tially stores randomness internally in state. Looking ahead, sion preprocesses RNG-derived randomness together with this aspect of RNG stacks will be important in the context other inputs (messages, keys, etc.) with HMAC to provide of reset attacks, which abuse reused state. Security requires (pseudo)randomness for the cryptographic operation. The that each layer ensures distinct requests (even ones made in modifications are simple. Even so,
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages18 Page
-
File Size-