New research has provided yet another means of stealing sensitive data by exploiting the first “on-chip, inter-core” side channel in Intel Coffee Lake and Skylake processors.
Published by a group of academics at the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium in August.
While information leakage attacks targeting the CPU microarchitecture have previously been shown to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs (for example, Meltdown and Specter), the new attack takes advantage of a dispute over the ring’s interconnection.
The SoC ring interconnect is an integrated bus arranged in a ring topology that enables in-process communication between different components (also known as agents), such as the cores, the top-level cache (LLC), the graphics unit, and the system agents that are hosted inside the CPU. Each doorbell agent communicates with the doorbell through what is called a doorbell stop.
To achieve this, the researchers reverse engineered the ring interconnect protocols to discover the conditions for two or more processes to cause ring contention, using them in turn to build a cloaked channel with a capacity of 4.18 Mbps, which the Researchers say it is the largest to date for cross-core channels that do not rely on shared memory, unlike Flush + Flush or Flush + Reload.
“Importantly, unlike previous attacks, our attacks are not based on memory sharing, cache pools, private core resources, or any specific non-core structure,” Riccardo Paccagnella, one of the study’s authors, saying. “As a consequence, they are difficult to mitigate using existing ‘domain isolation’ techniques.”
Noting that a ring stop always prioritizes traffic already on the ring over new traffic coming in from its agents, the researchers said a dispute occurs when existing ring traffic delays the injection of new ring traffic. .
Armed with this information, an adversary can measure the memory access delay associated with a malicious process due to a saturation of bandwidth capacity caused by memory accesses by a victim process. However, this requires the snooping process to constantly miss its private caches (L1-L2) and load from a target LLC segment.
By doing so, repeated latency on LLC memory loads due to ring contention can allow an attacker to use the metrics as a side channel to filter out key bits from vulnerable EdDSA and RSA implementations, as well as rebuild passwords by extracting sync. precise. keystrokes typed by a victim user.
Specifically, “an attacker with knowledge of our reverse engineering efforts can be configured in such a way that their payloads are guaranteed to compete with those of the first process.” […] abuses mitigations of pre-emptive scheduling cache attacks to make victim payloads missing from cache, monitors ring contention while victim is computing, and employs standard machine learning classifier to remove noise and bits escape “.
The study also marks the first time that a contention-based microarchitecture channel for keystroke sync attacks has been exploited to infer sensitive data written by the victim.
In response to the disclosures, Intel classified the attacks as a “traditional side channel,” which refers to a class of Oracle attacks that typically take advantage of differences in execution time to infer secrets.
The chipmaker’s guidelines for countering time attacks against cryptographic implementations recommend adhering to constant time scheduling principles by ensuring that:
- Runtime is independent of secret values
- The order in which the instructions are executed (also known as code access patterns) is independent of the secret values, and
- The order in which the memory operands (data access patterns) are loaded and stored is independent of the secret values
You can find additional guidance on secure development practices to mitigate traditional side channel attacks here. The source code can be accessed here to reproduce the experimental setup detailed in the document.