On Tuesday, researchers discovered new vulnerabilities in microprocessors from Intel, AMD and others that target power-conservation on nearly all modern CPUs, which could be exploited by remote attackers. The vulnerability steals encryption keys through a power side-channel attack.

A team of researchers from the University of Texas, the University of Illinois at Urbana-Champaign, and the University of Washington named the attack Hertzbleed, and its core lies in dynamic voltage and frequency scaling (DVFS), which is used to save energy and reduce the heat generated by the chip power and thermal management capabilities.

The researchers explain that, in some cases, periodic adjustments to the CPU frequency depend on the current CPU power consumption, and these adjustments translate directly into execution time differences (1 Hz = 1 cycle/second).

Hackers have been known to extract secret encrypted data from chips by measuring how much power the chip consumes while processing these values. In fact, hardware manufacturers have long known this.

Fortunately, hackers have limited means of exploiting power analysis attacks against microprocessors, because attackers have few viable ways to remotely measure power consumption when dealing with classified material. Now, researchers have figured out how to turn a power analysis attack into another, less demanding class of side-channel attacks.

Hertzbleed: Attack on DVFS

The research team found that Dynamic Voltage and Frequency Scaling (DVFS), a power and thermal management feature added to every modern CPU, allows attackers to infer power consumption by monitoring how long it takes a server to respond to a specific crafted query. Variety. This discovery greatly reduces the amount of work required. Once you understand how the DVFS feature works, power side-channel attacks are much simpler and can be timed remotely.

The attack, known as Hertzbleed, uses insights into DVFS to expose or leak data that is expected to remain private. The Intel chips are tracked as CVE-2022-24436 and the AMD CPUs are tracked as CVE-2022-23823. The researchers have shown how to exploit the exploit they developed to extract encryption keys from servers running SIKE (SIKE is an encryption algorithm used to establish keys between two parties over an insecure communication channel).

The researchers said they successfully replicated the attack on Intel CPUs from the 8th to 11th generation core microarchitectures. They also claim that the technology will run on Intel Xeon CPUs and have verified that AMD Ryzen processors are vulnerable, enabling the same SIKE attack against Intel chips. Chips from other manufacturers may also be affected, the researchers believe.

According to members of the research team, Hertzbleed is a new family of side-channel attacks: frequency side-channels. In the worst case, these attacks can allow attackers to extract encryption keys from remote servers that were previously considered safe.

Experiments have shown that dynamic frequency scaling on modern x86 processors depends on the data being processed in some cases. That is, on modern processors, the same program can run at different CPU frequencies while computing.

Therefore, Hertzbleed is a real threat to cryptographic software security.

Intel, AMD have not released microcode updates, but have suggested enhanced library/application development

Both Intel and AMD have issued independent advisory opinions on the findings of this vulnerability attack.

Among them, Jerry Bryant, senior director of secure communications and incident response at Intel, questioned the technical usefulness of this attack, writing in a post: "While this issue is interesting from a research perspective, we believe it This attack is not feasible outside of a lab environment. Also note that encryption implementations hardened against power side-channel attacks are not vulnerable to this problem.”

Of course, Intel has also stated that all Intel processors are affected by Hertzbleed, and has issued guidelines for hardware and software manufacturers.

While a patch has not yet been provided to address this vulnerability, Intel has advised cryptographic developers to follow its guidance and harden their libraries and applications to prevent frequency-limiting information from leaking.

AMD said: "Because the vulnerability affects encryption algorithms with side-channel leakage based on power analysis, developers can apply countermeasures to the software code of the algorithm. Masking, concealment, or key rotation can be used to mitigate attacks."

According to reports, neither Intel nor AMD have released microcode updates to change the performance of the chip at this time. Instead, they expressed support for Microsoft and Cloudflare to update the PQCrypto SIDH and CIRCL encryption codebases, respectively. The researchers estimate that this mitigation adds 11% and 5% de-encapsulation performance overhead for PQCrypto SIDH and CIRCL, respectively.

Reference link: https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/


MissD
955 声望40 粉丝