Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack


Researchers have devised a new method that allows potential attackers to leak sensitive information such as encryption keys from the Linux kernel’s memory and Intel SGX enclaves. The attack, dubbed PLATYPUS, abuses a legitimate CPU interface for monitoring and controlling the power consumption.

“Using PLATYPUS, we demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values,” the team of researchers from the Graz University of Technology, the University of Birmingham in UK, and CISPA Helmholtz Center for Information Security said on a website dedicated to the attack. “PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel.”

Power consumption as side channel

Over the past several years researchers have identified several features in modern CPUs that can be used as a side channel to extract sensitive information from computers. Side-channel attacks involve analyzing differences in how computers systems and their components behave when performing various operations on different types of data. For example, differences in the timings between cryptographic operations can be used to reconstruct secret keys bit by bit. Similarly, keystrokes can be reconstructed by analyzing the sounds between key presses.

Side-channel attacks can be slow because they require many observations and their success depends on the amount of input/output noise in the measurements. One side-channel method is called differential power analysis and involves analyzing the variations in a system’s power consumption when performing operations. This type of attack usually requires physical access to the target system, but that’s not the case for PLATYPUS because it relies on Intel’s Running Average Power Limit (RAPL) interface, which is accessible through OS drivers.

RAPL is the equivalent of a built-in power meter and is present in Intel CPUs starting with Sandy Bridge (second generation) microarchitecture. It also exists in AMD CPUs since the Zen microarchitecture and CPUs from ARM and NVIDIA also have on-board energy meters. While PLATYPUS was developed for and confirmed on Intel CPUs, processors from other manufacturers might also be vulnerable to some variation of this attack method.

The attack was particularly bad on Linux systems, because the powercap framework of the Linux kernel allowed unprivileged access to the RAPL interface, which means any malicious application could potentially abuse it. In response to PLATYPUS, which is tracked as CVE-2020-8694 and CVE-2020-8695, the Linux kernel developers released a security update that revokes unprivileged access to energy consumption data.

Copyright © 2020 IDG Communications, Inc.

Source link