Cloud fingerprinting: using clock skews to determine co-location of virtual machines

Loading...
Thumbnail Image
Authors
Wasek, Christopher J.
Subjects
cloud
TCP timestamps
clock skews
side-channel attacks
virtual machines
VM co-location
finger-printing
Advisors
Xie, Geoffrey G.
Kolsch, Mathias
Date of Issue
2016-09
Date
Sep-16
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
Cloud computing has quickly revolutionized computing practices of organizations, to include the Department of Defense. However, security concerns over co-location attacks have arisen from the consolidation inherent in virtualization and from physical hardware hosting virtual machines for multiple businesses and organizations. Current cloud security methods, such as Amazon's Virtual Private Cloud, have evolved defenses against most of the well-known fingerprinting and mapping methods in order to prevent malicious users from determining virtual machine co-location on the same hardware. Our solution to co-locating virtual machines unhindered was to derive their clock skews, or the temporal deviation of the system clock over time. Capturing normal TCP traffic to analyze timestamps from a virtual machine in the cloud, our results were inconclusive in demonstrating that co-located virtual machines will have similar clock skews due to large, inconsistent packet delays. Our research demonstrates a potential vulnerability in cloud defenses so that cloud users and providers can take appropriate steps to prevent malicious co-location attacks.
Type
Thesis
Description
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections