Hexbyte – Tech News – Ars Technica | Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys

Hexbyte – Tech News – Ars Technica |

SMT IN THE CROSS HAIRS —

Side-channel leak in Skylake and Kaby Lake chips probably affects against AMD, too.


Hexbyte - Tech News - Ars Technica | Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys

Intel

Over the past 11 months, the processors running our computers, and in some cases phones, have succumbed to a host of attacks. Bearing names such as Meltdown and Spectre, BranchScope, TLBleed, and Foreshadow, the exploits threaten to siphon some of our most sensitive secrets—say passwords or cryptographic keys—out of the silicon microarchitecture in ways that can’t be detected or stopped by traditional security defenses. On Friday, researchers disclosed yet another leak that has already been shown to exist on a wide range of Intel chips and may also affect other makers, too.

PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. A proprietary implementation of simultaneous multithreading, hyperthreading reduces the amount of time needed to carry out parallel computing tasks, in which large numbers of calculations or executions are carried out simultaneously. The performance boost is the result of two logical processor cores sharing the hardware of a single physical processor. The added logical cores make it easier to divide large tasks into smaller ones that can be completed more quickly.

Hexbyte – Tech News – Ars Technica | Port contention as a side channel

In a paper scheduled for release soon, researchers document how they were able to exploit the newly discovered leak to recover an elliptic curve private key from a server running an OpenSSL-powered TLS server. The attack, which was carried out on servers running Intel Skylake and Kaby Lake chips and Ubuntu, worked by sending one logical core a steady stream of instructions and carefully measuring the time it took for them to get executed.

The specific timing allowed PortSmash to deduce the key being processed in another logical core of the same processor. The resource providing the leak is port contention, a phenomenon that happens when multiple instructions using the same physical processor resources get assigned to various ports to await completion.

“Our technique can choose among several configurations to target different configurations to target different ports in order to adapt to different scenarios, thus offering a very fine spatial granularity,” the researchers wrote in the paper. “Additionally, PortSmash is highly portable and its prerequisites for execution are minimal, i.e., does not require knowledge of memory cache-lines, eviction sets, machine learning techniques, nor reverse engineering techniques.”

In an email, Billy Bob Brumley, a professor at the Tampere University of Technology in Finland and one of the authors of the paper, said he expects that chips beyond the Skylake and Kaby Lake architectures are similarly vulnerable with slight modifications to the attack code. “We strongly suspect AMD Ryzen architectures which feature SMT are vulnerable, but we leave that for future work,” he wrote. “(The real reason is we don’t have the [hardware] to test it on at the moment, so we have to wait.)”

Brumley said the most likely real-world scenario for maliciously exploiting the vulnerability is in so-called infrastructure as a service environments, in which a cloud provider hosts all the trappings of an on-premises data center, including the servers, storage and networking hardware, and the virtualization or hypervisor layer.

“Personally speaking, I feel remote login scenarios are the biggest targeted threat,” Brumley wrote. “Here, a [malicious] user with credentials logs in (e.g. via SSH), compiles the exploit code

Read More