Stories
Slash Boxes
Comments

SoylentNews is people

TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit

posted by martyb on Sunday June 24 2018, @12:35AM   Printer-friendly
from the at-least-I-am-safe-with-my-abacus dept.

takyon writes:

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications.

A team of researchers at the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, say they were able to leverage the security weakness to extract crypto keys from another running program in 99.8 [percent] of tests on an Intel Skylake Core i7-6700K desktop CPU; 98.2 percent of tests on an Intel Broadwell Xeon E5-2620 v4 server CPU; and 99.8 per cent of tests on a Coffeelake part.

Their code was able to lift a secret 256-bit key, used to cryptographically sign data, from another program while it performed a signing operation with libgcrypt's Curve 25519 EdDSA implementation. It took roughly 17 seconds to determine each of the keys using machine-learning software and some brute force, according to a paper detailing the attack, seen by The Register this week.

[...] The extraction technique is not reliant on speculative execution, and thus is unrelated to Spectre and Meltdown. Instead, it builds upon the exploitation of Intel's Hyper-Threading technology and the processor caches to leak data, which is a known security problem with its own mitigations.

[...] [Ben] Gras also believes AMD's hardware threading technology in its latest Zen processors – Ryzen, Threadripper, and Epyc – are at risk from TLBleed, as the CPU cores can also each run multiple threads simultaneously just like Intel parts. A spokesperson for AMD had no comment.

Original Submission

 
This discussion has been archived. No new comments can be posted.
TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Offtopic) by realDonaldTrump on Sunday June 24 2018, @01:13AM

    by realDonaldTrump (6614) on Sunday June 24 2018, @01:13AM (#697415) Homepage Journal

    Japan, they had a little island that was full of monkeys, very famous for its monkeys. And folks go there to learn about the monkey life. And they feed the monkeys. Well, they gave dirty potatoes to those monkeys. And a lot of the monkeys would wipe off the dirt and chow down. Gross, right? But one of them thought, "hey, much better to wash off that nasty dirt." And the other monkeys saw that, they saw that it was VERY SMART (for a monkey). And they all started doing it.

    Cyber hacking is like that. Because some of the cyber hackers are smart. And some, not so smart. But when someone shows you how to do something, you don't have to be as smart as them to do what they showed you. And a lot of times, a hacker can teach a robot how to do something. So even a robot can do it!!!

    Starting Score:    1  point
    Moderation   0  
       Offtopic=1, Insightful=1, Total=2
    Extra 'Offtopic' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2