When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography

Free registration required

Executive Summary

Random Number Generators (RNGs) are consistently a weak link in the secure use of cryptography. Routine cryptographic operations such as encryption and signing can fail spectacularly given predictable or repeated randomness, even when using good long-lived key material. This has proved problematic in prior settings when RNG implementation bugs, poor design, or low-entropy sources have resulted in predictable randomness. The authors investigate a new way in which RNGs fail due to reuse of Virtual Machine (VM) snapshots. They exhibit such VM reset vulnerabilities in widely-used TLS clients and servers: the attacker takes advantage of (Or forces) snapshot replay to compromise sessions or even expose a server's DSA signing key.

  • Format: PDF
  • Size: 295.88 KB