New research has provided yet another means of throwing away sensitive data by exploiting what is the first “on-chip, cross-core” side channel in Intel Coffee Lake and Skylake processors.
Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium in August.
While information leak attacks targeting processor microarchitecture have previously been shown to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs (e.g., Meltdown and Specter), the new The attack is based on a dispute over the interconnection of the ring.
The SoC Ring interconnect is an on-die bus arranged in a ring topology that allows intra-process communication between different components (aka agents), such as kernels, top-level cache (LLC), graphics drive, and agent. system that are hosted inside the processor. Each annular agent communicates with the ring through what is called an annular stop.
To achieve this, the researchers inversely designed the ring interconnection protocols to discover the conditions for two or more processes to cause a ring contention, using them in turn to build a hidden channel with a capacity of 4.18. Mbps, which researchers say is the highest so far for cross-core channels that do not rely on shared memory, as opposed to Flush + Flush or Flush + Reload.
“Importantly, unlike previous attacks, our attacks are not based on sharing memory, cache sets, private-core resources, or any specific non-core structures,” said Riccardo Paccagnella, one of the study’s authors. SAPS. “Consequently, they are difficult to mitigate using existing ‘domain isolation’ techniques.”
Noting that stopping the ring always prioritizes traffic that is already on the ring over new traffic coming in from its agents, the researchers said there is a dispute when existing traffic on the ring delays the injection of new ring traffic.
Armed with this information, an adversary can measure the delay in access to memory associated with a malicious process due to a saturation of the bandwidth capacity caused by the memory accesses of the victim’s process. However, this requires that the spying process be constantly missing in its private caches (L1-L2) and perform uploads from a target portion of the LLC.
By doing so, the repeated latency of memory loads from the LLC, due to ring challenge, can allow an attacker to use the measurements as a side channel to leak key bits from vulnerable EdDSA and RSA implementations, as well as rebuild passwords by extracting accurate timing. keystrokes typed by a victim user.
Specifically, “an attacker with knowledge of our reverse engineering efforts can be configured so that his loads can cope with the tasks of the first process, […] abuses mitigating preventive planning cache attacks to cause loss of cached victim tasks, monitors ring dispute while victim calculates, and uses a standard machine learning classifier to eliminate traces and leak bits.
The study also marks the first time a dispute-based microarchitectural channel has been exploited for keystroke synchronization attacks to deduce sensitive data typed by the victim.
In response to the revelations, Intel classified the attacks as a “traditional side channel”, which refers to a class of oracular attacks that usually take advantage of differences at the time of execution to deduce secrets.
The chip manufacturer’s guidelines for counteracting synchronization attacks against cryptographic implementations recommend compliance with the principles of constant programming by ensuring that –
- The runtime is independent of the secret values
- The order in which the instructions are executed (aka code access templates) are independent of the secret values, and
- The order in which memory operands (data access models) are loaded and stored are independent of secret values
Further guidance on safe development practices to mitigate traditional side-channel attacks can be found here. The source code for reproducing the detailed experimental configuration in the paper can be accessed here.