Can Data be Stolen from Neighbors in a Cloud?
3 min readOne of the basic plus points of cloud computing is that the users no longer have to spend great amount of finances on hardware or new software to store sensitive data. The competency of cloud computing is that it can store all data of users securely and they no longer has to worry about storing their data on their personal computer. But, a recent study by researchers demonstrates that cloud may not be as safe as users think.
The Experiment
The researchers performed a series of experiments in which, they first copied the same hardware cloud companies use and subsequently ran malicious software programs on that hardware. The result was a success in stealing encryption keys from the software of another user. The researchers deduced from this experiment that the cloud may not be as safe as it is perceived. And, it is possible for the “software hosted by a cloud-computing provider to steal secrets from software hosted on the same cloud.”
The point of this experiment was not to ring the alarm bells, rather it was only to answer the question, are attacks possible in cloud computing? According to Ari Juels, director of RSA’s research labs and the chief scientist, “The basic lesson is that if you’ve got a highly sensitive workload, you shouldn’t run it alongside some unknown and potentially untrustworthy neighbor,”
Economies of scale is one of the biggest reasons behind the success of cloud computing. As now, the data is stored in bigger hubs, the individuals need to maintain a specific level of hardware. This cuts the costs for those who shift to cloud computing to a great extent.
Virtual Machines-Data Separators
With cloud computing, we assume that the data of users is stored at separate places. And this separation is achieved by the use of virtualization technology-software that sort of creates a physical computer. We usually ignore the fact that all the data at the end of the day is on the same data hub. The experiment by Juels undermined this assumption that data is stored separately in the cloud.
Side Channel Attack
The attack by Juels confirmed the fact that even though data in the cloud is stored in different virtual machines it is still penetrable by other users of the cloud; since they all are using the same basic resources. The attacker can perform what is called a “side channel attack”. By being in control of one virtual machine, he can extract data from another virtual machine sharing the same processor.
In words of Juels, “Despite the fact that, in principle, it’s isolated from the victim, the attack virtual machine will catch glimpses of the behavior of the victim through a shared resource.”
Procedure of the Attack
Basically, the software gets priority access to the hardware processor to malfunction. This way the attacker can “probe” data from memory cache to get glimpses of the operations performed by the user. The attacker is not able to extract the as-it-is data from the cloud. As Juels explains, “The attack VM will catch glimpses of the behavior of the victim”. After obtaining a number of glimpses of the activity, the attacker can finally be able to form the full encryption key.
Michael Bailey, a researcher at University of Michigan, says, “The reason I’m excited is that someone’s finally given an example of a side-channel attack, It’s a proof of concept that raises the possibility that this can be done—it will motivate people to look for more serious versions.” Bailey goes on to add that “A particularly concerning demonstration would be to use the method to steal the encryption keys used to secure websites offering services such as e-mail, shopping, and banking.”
This experiment by no means proofs the failure of cloud computing system but it leaves a question mark on the assumption that cloud is absolutely safe.