Intel SGX defeated yet again—this time thanks to on-chip power meter

Enlarge

Researchers have devised a new way to remotely steal cryptographic keys from Intel CPUs, even when the CPUs run software guard extensions, the in-silicon protection that’s supposed to create a trusted enclave that’s impervious to such attacks.

PLATYPUS, as the researchers are calling the attack, uses a novel vector to open one of the most basic side channels, a form of exploit that uses physical characteristics to infer secrets stored inside a piece of hardware. Whereas most power side channels require physical access so attackers can measure the consumption of electricity, PLATYPUS can do so remotely by abusing the Running Average Power Limit. Abbreviated as RAPL, this Intel interface lets users monitor and control the energy flowing through CPUs and memory.

Leaking keys and a whole lot more

An international team of researchers on Tuesday is disclosing a way to use RAPL to observe enough clues about the instructions and data flowing through a CPU to infer values that it loads. Using PLATYPUS, the researchers can leak crypto keys from SGX enclaves and the operating system, break the exploit mitigation known as Address Space Layout Randomization, and establish a covert channel for secretly exfiltrating data. Chips starting with Intel’s Sandy Bridge architecture are vulnerable.

Read 14 remaining paragraphs | Comments