[ad_1]
Security experts from Austria, Germany and Great Britain have discovered a new gateway for processor attacks, particularly from Intel: the “Running Average Power Limit” (RAPL) function, with which the power consumption of a CPU can be read and influenced during operation. With RAPL, secret keys for cryptographic algorithms such as AES can also be unmasked with some effort, even if they are in a supposedly secure execution environment (TEE), set by Intel Software Guard Extensions (SGX). The security hole was named Platypus (platypus), which stands for “Power Loss Attacks: Targeting Your Protected User Secrets”.
RAPL interface
The RAPL interface is actually intended for monitoring and controlling server processors, especially in data centers (cloud). Linux provides a “Power Capping Framework” for this. For example, if a part of the cooling system or power supply fails, the maximum power consumption of the servers can be limited to avoid overheating or crashes. However, RAPL also reveals, among other things, how much power the CPU is currently consuming.
Distribution of the energy requirement during the processing of the imul command with two operands, one with a value of 8 and one with the variation of the Hamming weight (from 0x00 to 0xFF).
(Image: TU Graz / CISPA / Uni Birmingham)
The power consumption of an arithmetic unit changes depending on the type of calculation it is currently performing. Side channel attacks that leverage this connection to draw conclusions about processed data have been known for decades. This is why the security chips have special functions for ATM cards, smart cards and pay TV key cards that protect against such attacks.
Power-Leakage-Attacke
Most “power loss” attacks require the attacker to have physical access to the target system in order to connect a power meter or oscilloscope, for example. The Platypus attack now also works remotely; the digital RAPL interface can also be queried by the operating system without administrator rights.
Until now, however, experts were of the opinion that RAPL data was not accurate enough to recognize a single RSA key, for example. According to the discoverers of Platypus, RAPL allows around 20,000 measurements per second, which is very little compared to the nearly 5 billion clock cycles that each of an Intel processor’s 28 cores passes per second. But if the RAPL measurement can last long enough, the secret values can be determined bit by bit through statistical analysis of the power measurements (differential power analysis / DPA and correlation power analysis / CPA).
Platypus Attack: Reading AES keys from an Intel SGX enclave via the Intel CPU RAPL interface.
Security researchers Moritz Lipp, Andreas Kogler, Catherine Easdon, Claudio Canella and Daniel Gruss of TU Graz, David Oswald of the University of Birmingham and Michael Schwarz of CISPA have used numerous tricks to refine the RAPL measured values so that they can access to data and instructions to be able to close. For example, they devised methods to be able to superimpose repeated measurements sufficiently precisely at time intervals.
They also eliminated inaccuracies, because Intel’s RAPL interface only provides data for all CPU cores together and not for each individual. They also included information on the respective core voltage.
Attacks on KASLR, TLS and SGX
To make malware attacks more difficult, the Linux kernel encodes RAM addresses; this is called Kernel Address Space Layout Randomization (KASLR). A Platypus attack should be able to distinguish between valid and invalid memory addresses within 20 seconds.
Unmasking an RSA key in the mbed TLS encryption library took much longer, 100 minutes. And to get a key processed with AES-NI commands from an SGX enclave, the attack had to run for at least 26 hours. However, if many I / O interrupted the RAPL signal, the attack lasted over 270 hours, or more than 10 days.
Platypus attack on the Kernel Address Space Layout Randomization (KASLR) of the Linux kernel.
This already indicates that Platypus will probably not be used for widespread attacks; it is especially important for cloud servers and less so for desktop and notebook PCs.
Intel is already making patches available in the form of microcode updates, which come to affected systems in the usual way via BIOS updates or via updates to operating systems. These are all with Intel Core i and Xeon series processors from the Sandy Bridge generation introduced in 2011, i.e. from Core i-2000, Pentium G, Celeron G, Xeon E5-2000 and E3-1200.
According to the researchers, other processors are also affected in principle; they were also able to perform similar measurements on various AMD Ryzen systems, but administrator rights were required for RAPL access.
Microcode updates announced
Intel explains the Platypus attack in Intel Security Advisory Intel-SA-00389. As a remedy against Platypus attacks, microcode updates ensure that measurements are less accurate when a CPU core processes SGX commands. Updates to the Linux kernel also prevent unprivileged users from accessing certain RAPL data. CVE numbers are CVE-2020-8694 and CVE-2020-8695.
Platypus co-discoverers Moritz Lipp, Daniel Gruss and Michael Schwarz were already involved in the discovery of the Specter and Meltdown CPU vulnerabilities. Daniel Gruss also worked to investigate Plundervolt’s security hole, which manipulates the CPU’s internal registers as a side channel to control the power supply.
(tail)
.
[ad_2]
Source link
