Repository logo

Browsing by Author "Fernandes, Diogo Alexandre Baptista"

Now showing 1 - 1 of 1
  • Auditing the quality of cryptographic material in virtual machines
    Publication . Fernandes, Diogo Alexandre Baptista; Inácio, Pedro Ricardo Morais
    Cloud computing is, nowadays, a mainstream technology spiraling across the industry. Its clear advantages propelled this model to grow at a fast pace, attracting attentions from both the enterprise and academic worlds along the way. This computing model offloads on-premises Information Technologies (IT) and data to outsourced servers housed on data centers and hosted by some cloud or service provider. Those sets of servers form the cloud, and deliver, through the Internet, a broad vertical set of capabilities for end users and enterprise customers in the form of networking, processing or storage. Ultimately, the purpose of cloud computing is to provide anything-as-a-service in an interoperable, elastic and scalable, and on-demand manner, as a completely autonomous and self-provisioned pay-as-you-go measured service. In essence, cloud computing lowers the overall costs and speeds up the deployment of services, allowing costumers to be abstracted from the underlying details, but granting them the ability to focus on increasing business productivity. Cloud providers offer a large variety of services based on three main service delivery models: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). These are the result of the combination of innovative software and virtualization technologies with the well-known client-server paradigm. IaaS hands out platforms to develop cloud applications, while SaaS provides costumers with pre-built software packages. IaaS offerings, on the other hand, range from simple virtual servers to complex distributed virtual data centers, capable of running complete operating systems (or guests) and virtual subnets on top of hypervisors. Hypervisors manage the Virtual Machines (VMs), monitoring and mediating their creation, edition, deletion, migration, snapshotting, and restoration. Hypervisors also provide overlying VMs with emulated and virtualized hardware, thanks to the Central Processing Units (CPUs) support for virtualization, making co-resident guests running as if installed on real hardware. However, this new computing technology poses several security issues, over which cloud computing is quite often discussed and questioned. VMs belonging to different customers may run side-by-side on the same physical server, and this setup may be exploited via cross-VM attacks like side-channels and covert-channels. Because the virtualized layer abstracts the underlying hardware, operating systems kernels of guests may not behave as they would normally do because of their development assumptions, which normally state that the system will be installed on real hardware. This is particularly important for the generation of random material in Linux operating systems. The Linux Random Number Generator (RNG) relies on noise sources to output quality random material through the /dev/random or the /dev/urandom devices. The latter maintains a Pseudo-Random Number Generator (PRNG) state, but the former relies completely on entropic inputs gathered from kernel events, which are triggered by noise sources like kernel interrupts, mouse movements, keystroke timings, disk head seeks, or disk reads and writes. As a consequence of the virtualization, those kernel events may not be as heterogeneous and frequent for guests as they would normally be for host operating systems. Guests may be deprived of an otherwise more diverse set of entropic inputs due to the lesser number of distinct and available events. the scarceness to the /dev/random device, that might output weaker random material on a slower basis. Additionally, because VMs can run concurrently while sharing the same underlying hardware, it is possible to consider the hypothesis of material generated independently on each VM to be correlated. There is also the possibility for this correlation to be seen on snapshotted and restored guests. This dissertation is focused on the Linux RNG, investigating the outputs of the /dev/random device while the operating system is running inside a VM. As mentioned above, those outputs can be fewer and of less quality on IaaS cloud environments then on normal host circumstances. To investigate this subject, the work presented in this dissertation was structured in two main parts. First, an in-depth study of the concepts related with cloud computing and its security is presented. Second, the discussion then moves into the topic of randomness, describing the approaches used for generating random numbers, so as to introduce the Linux RNG later on, and the problem virtualization poses to it. A particular method was adopted for testing the /dev/random device over several cloud computing testbeds. All tests that were performed followed this method to examine the throughput efficiency of the generator and the quality of its outputs in terms of randomness. It is empirically shown that the Linux RNG is reasonably slow in making entropy available for /dev/random on multiple cloud computing scenarios. On the other hand, no correlation is found between the timings of the generation of random numbers in guests and hosts, and between co-resident guests. To show the impact of the slowness of the generator, a case study of the GNU Privacy Guard (GPG) is presented, showing that it takes a perhaps great amount of time to generate cryptographic keys when using the /dev/random device on VMs. Nonetheless, the randomness characterizing the random numbers outputted by the device are of high quality and independently generated on each guest. This means that cryptographic material generated on operating systems encapsulated by VMs should be of high quality as well, though generated more slowly, when the inherent source for generating random numbers is the /dev/random device of the Linux RNG.
    2013Master thesis Open access Show more