Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday June 12 2020, @08:52AM   Printer-friendly
from the slipping-in-through-the-side-door dept.

Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again:

On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel's Software Guard eXtension, by far the most sensitive region of the company's processors.

Abbreviated as SGX, the protection is designed to provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data even when the operating system or a virtual machine running on top is badly and maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

Key to the security and authenticity assurances of SGX is its creation of what are called enclaves, or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.

[...] The [SGAxe] attack can just as easily steal cryptographic keys that SGX uses for "attestation," or the process of proving to a remote server that the hardware is a genuine Intel processor and not a malicious simulation of one. A remote server can require connecting devices to provide these attestation keys before it will carry out financial transactions, play protected videos, or perform other restricted functions. In a paper titled SGAxe: How SGX Fails in Practice, researchers from the University of Michigan and the University of Adelaide in Australia wrote:

With the machine's production attestation keys compromised, any secrets provided by [the] server are immediately readable by the client's untrusted host application while all outputs allegedly produced by enclaves running on the client cannot be trusted for correctness. This effectively renders SGX-based DRM applications useless, as any provisioned secret can be trivially recovered. Finally, our ability to fully pass remote attestation also precludes the ability to trust any SGX-based secure remote computation protocols.

[...] The second SGX attack is notable because it's based on a previously unknown side channel created by an undocumented buffer that all Intel CPU cores use. This "staging buffer," as researchers from Vrije University in Amsterdam and ETH Zurich call it, retains the results of previously executed offcore instructions across all CPU cores.

The discovery is highly significant for a couple of reasons. First, the staging buffer retains output from RDRAND and RDSEED, which are among the most sensitive instructions an Intel CPU can carry out because they provide the random numbers needed when generating crypto keys.

[...] Equally important, the side channel provided by this newly discovered staging buffer allowed the attackers to create the world's first-known speculative execution attack that works across CPU cores. All previous attacks have worked only when an attacker and a target used the same core. Many defenders took that to mean that allocating trusted and untrusted code to different cores provided meaningful protection against speculative execution attacks, which are also known as transient execution attacks. CrossTalk, as the new exploit has been named, will force researchers and engineers to revisit that assumption.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by The Vocal Minority on Saturday June 13 2020, @03:48AM

    by The Vocal Minority (2765) on Saturday June 13 2020, @03:48AM (#1007283) Journal

    So sad

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2