New side channel attack 'SGAxe' 'CrossTalk' is reported to Intel CPU, secret data can be restored

Vulnerability '

MDS ' announced by Intel in 2019 is composed of related technologies such as 'Zombie Load' and 'Fallout', and it may cause attacks such as ' CacheOut ' and ' LVI ' leading to data leakage. It was ' SGAxe ' and ' CrossTalk ' were announced as new attacks on the MDS.



IPAS: Security Advisories for June [email protected]

MDS Attacks: Microarchitectural Data Sampling

Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again | Ars Technica

MDS is a vulnerability that can infer data from a buffer on a microarchitecture. For example, in a CacheOut attack, it is possible to infer the contents of the private key from the public key in the RSA public key/private key pair. Several patches have been provided by Intel to mitigate the vulnerability.

Vulnerability ``MDS'' affecting almost all Intel processors since 2011 revealed-GIGAZINE

One of the

side-channel attacks reported by researchers at the University of Michigan this time is 'SGAxe', which can improve the CacheOut method and extract the data in Intel SGX used for protecting confidential data .. By using SGAxe, it is possible to restore even data that is originally inaccessible and is protected by Intel SGX.

In addition, the authentication key used for remote authentication of Intel SGX has also been analyzed, and a Twitter account that opens a reply with a signature by the authentication key has also been opened.

Another vulnerability reported, 'CrossTalk,' was reported by security organization VUSec . In the past attacks using MDS, the attack target and the CPU core that executes the attack program had to be the same, but in CrossTalk, data is extracted from a buffer shared by all CPU cores called 'Staging Buffer'. Therefore, it is explained that an attack that spans multiple cores is possible.

In CrossTalk, an attack such as reading the value of a general-purpose register that stores the execution result of RDRAND , which is a random number generation instruction, from another core via 'Staging Buffer' is possible. RDRAND is also used during key generation, and if the random number used during key generation is known, it will be easy to analyze the generated key itself.

According to Intel, SGAxe relies on CacheOut, which has already been patched with microcode, so it is possible to mitigate the impact by applying a patch.

Regarding CrossTalk, VUSec tested Intel CPUs released from 2015 to 2019 and confirmed that CrossTalk is effective on almost all CPUs including Xeon E3. Intel has named CrossTalk 'Special Register Buffer Data Sampling' and has already distributed patches.

in Hardware,   Security, Posted by log1n_yi