Intel SGX defeated yet again—this time thanks to on-chip power meter

by
Dan Goodin
from Ars Technica - All content on (#5A6Z3)
intel-sandy-bridge-800x524.jpg

Enlarge

Researchers have devised a new way to remotely steal cryptographic keys from Intel CPUs, even when the CPUs run software guard extensions, the in-silicon protection that's supposed to create a trusted enclave that's impervious to such attacks.

PLATYPUS, as the researchers are calling the attack, uses a novel vector to open one of the most basic side channels, a form of exploit that uses physical characteristics to infer secrets stored inside a piece of hardware. Whereas most power side channels require physical access so attackers can measure the consumption of electricity, PLATYPUS can do so remotely by abusing the Running Average Power Limit. Abbreviated as RAPL, this Intel interface lets users monitor and control the energy flowing through CPUs and memory.

Leaking keys and a whole lot more

An international team of researchers on Tuesday is disclosing a way to use RAPL to observe enough clues about the instructions and data flowing through a CPU to infer values that it loads. Using PLATYPUS, the researchers can leak crypto keys from SGX enclaves and the operating system, break the exploit mitigation known as Address Space Layout Randomization, and establish a covert channel for secretly exfiltrating data. Chips starting with Intel's Sandy Bridge architecture are vulnerable.

Read 14 remaining paragraphs | Comments

index?i=SF9WA1KHih0:_gQKPUKKJOg:V_sGLiPB index?i=SF9WA1KHih0:_gQKPUKKJOg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments