A group of researchers from the University of Illinois has developed a new side-channel attack technique that manipulates the leakage of information through the ring bus (Ring Interconnect) of Intel processors. The attack allows you to allocate memory management information in another application and track information about the time of keystrokes. The researchers have published an accompanying measurement toolkit and several exploit prototypes.
Three exploits have been proposed that will allow:
- Restore individual bits of encryption keys when using RSA and EdDSA implementations that are vulnerable to side-channel attacks (if computation delays depend on the data being processed). For example, leakage of individual bits with information about the initialization vector (nonce) of EdDSA is sufficient to apply attacks to sequentially recover the entire private key. The attack is difficult to implement in practice and can be carried out with a large number of reservations. For example, successful operation is shown when SMT (HyperThreading) is disabled and the LLC cache is segmented between CPU cores.
- Define parameters about delays between keystrokes. The delays depend on the position of the keys and allow, through statistical analysis, to recreate the data entered from the keyboard with a certain probability (for example, most people usually type "s" after "a" much faster than "g" after "s").
- Organize a hidden communication channel for data transfer between processes at a speed of about 4 megabits per second, which does not use shared memory, processor cache and resources and processor structures specific to CPU cores. It is noted that the proposed method of creating a covert channel is very difficult to block by existing methods of protection against side-channel attacks.
Exploits do not require elevated privileges and can be used by ordinary, unprivileged users. It is noted that the attack can potentially be adapted to organize data leakage between virtual machines, but this issue was beyond the scope of the study and testing of virtualization systems was not carried out. The proposed code was tested on an Intel i7-9700 CPU in an Ubuntu 16.04 environment. In general, the attack method has been tested on desktop processors of the Intel Coffee Lake and Skylake families, and is also potentially applicable to Xeon server processors of the Broadwell family.
Ring Interconnect technology appeared in processors based on the Sandy Bridge microarchitecture and consists of several looped buses used to connect computing and graphics cores, a server bridge and a cache. The essence of the attack method is that, due to the bandwidth limitation of the ring bus, memory operations in one process delay access to the memory of another process. By determining the implementation details through reverse engineering, an attacker can generate a load that causes memory access delays in another process and use these delays as a side channel for obtaining information.
Attacks on internal CPU buses are hampered by the lack of information about the architecture and methods of bus operation, as well as high noise levels that make it difficult to extract useful data. It was possible to understand the principles of the bus operation through the reverse engineering of the protocols used when transmitting data through the bus. To separate useful information from noise, a data classification model based on machine learning methods was applied. The proposed model made it possible to organize monitoring of delays in calculations in a particular process, in conditions when several processes simultaneously access memory and a certain part of the data is returned from the processor caches.
Additionally, we can note the identification of traces of the use of an exploit for the first version of the Specter vulnerability (CVE-2017-5753) during attacks on Linux systems. A side-channel leak in the exploit is used to find a superblock in memory, determine the inode of the /etc/shadow file, and calculate the address of a memory page to retrieve the file from the disk cache.
Source: opennet.ru