When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography

Download Now Date Added: Mar 2010
Format: PDF

Random Number Generators (RNGs) are consistently a weak link in the secure use of cryptography. Routine cryptographic operations such as encryption and signing can fail spectacularly given predictable or repeated randomness, even when using good long-lived key material. This has proved problematic in prior settings when RNG implementation bugs, poor design, or low-entropy sources have resulted in predictable randomness. The authors investigate a new way in which RNGs fail due to reuse of Virtual Machine (VM) snapshots. They exhibit such VM reset vulnerabilities in widely-used TLS clients and servers: the attacker takes advantage of (Or forces) snapshot replay to compromise sessions or even expose a server's DSA signing key.