ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Plundervolt yog txoj kev tawm tsam tshiab ntawm Intel processors uas cuam tshuam rau SGX thev naus laus zis

Plundervolt yog txoj kev tawm tsam tshiab ntawm Intel processors uas cuam tshuam rau SGX thev naus laus zis

Intel tso tawm microcode hloov tshiab uas kho yooj yim (CVE-2019-14607) tso cai los ntawm kev tswj hwm ntawm lub zog hluav taws xob thiab kev tswj hwm zaus hauv CPU, pib ua kev puas tsuaj rau cov ntsiab lus ntawm cov ntaub ntawv hlwb, suav nrog hauv thaj chaw siv rau kev suav hauv kev cais Intel SGX enclaves. Qhov kev tawm tsam yog hu ua Plundervolt, thiab muaj peev xwm tso cai rau ib tus neeg siv hauv zos kom nce lawv cov cai ntawm lub kaw lus, ua rau muaj kev tsis lees paub kev pabcuam thiab nkag mus rau cov ntaub ntawv rhiab heev.

Qhov kev tawm tsam yog txaus ntshai tsuas yog nyob rau hauv cov ntsiab lus ntawm manipulations nrog xam nyob rau hauv SGX enclaves, vim hais tias nws yuav tsum tau cov cai hauv paus hauv lub system los ua. Hauv qhov yooj yim tshaj plaws, tus neeg tawm tsam tuaj yeem cuam tshuam cov ntaub ntawv ua tiav hauv lub enclave, tab sis nyob rau hauv cov xwm txheej nyuaj, nws muaj peev xwm rov tsim kho cov yuam sij ntiag tug khaws cia rau hauv lub enclave siv rau kev encryption siv RSA-CRT thiab AES-NI algorithms. Cov txheej txheem kuj tseem tuaj yeem siv los tsim cov kev ua yuam kev hauv thawj qhov tseeb algorithms los ua rau muaj qhov tsis zoo thaum ua haujlwm nrog lub cim xeeb, piv txwv li, txhawm rau txhim kho kev nkag mus rau thaj chaw sab nraud ntawm thaj tsam ntawm kev faib tsis tau.
Prototype code rau kev tawm tsam luam tawm ntawm GitHub

Lub ntsiab lus ntawm txoj kev yog los tsim cov xwm txheej rau qhov tshwm sim ntawm kev npaj txhij txog cov ntaub ntawv kev noj nyiaj txiag thaum lub sij hawm xam hauv SGX, los ntawm kev siv encryption thiab nco authentication nyob rau hauv lub enclave tsis tiv thaiv. Txhawm rau ua kom muaj kev cuam tshuam, nws tau pom tias nws muaj peev xwm siv cov txheej txheem software cuam tshuam rau kev tswj cov zaus thiab qhov hluav taws xob, feem ntau yog siv los txo kev siv hluav taws xob thaum lub sij hawm tsis ua haujlwm thiab qhib qhov kev ua haujlwm siab tshaj plaws thaum ua haujlwm hnyav. Cov yam ntxwv zaus thiab qhov hluav taws xob hla tag nrho cov nti, suav nrog kev cuam tshuam ntawm kev suav hauv ib qho kev sib cais.

Los ntawm kev hloov qhov voltage, koj tuaj yeem tsim cov xwm txheej hauv qab uas tus nqi tsis txaus los tsim lub cim xeeb hauv CPU, thiab nws cov nqi hloov pauv. Qhov tseem ceeb sib txawv ntawm kev tawm tsam RowHammer yog RowHammer tso cai rau koj hloov cov ntsiab lus ntawm tus kheej cov khoom hauv DRAM nco los ntawm kev nyeem cov ntaub ntawv los ntawm cov neeg nyob sib ze, thaum Plundervolt tso cai rau koj hloov cov khoom hauv CPU thaum cov ntaub ntawv twb tau thauj khoom los ntawm lub cim xeeb rau kev suav. Cov yam ntxwv no tso cai rau koj los hla kev tswj hwm kev ncaj ncees thiab cov txheej txheem encryption siv hauv SGX rau cov ntaub ntawv hauv lub cim xeeb, vim tias qhov tseem ceeb hauv kev nco tseem raug, tab sis tuaj yeem cuam tshuam thaum ua haujlwm nrog lawv ua ntej cov txiaj ntsig tau sau rau hauv lub cim xeeb.

Yog tias tus nqi hloov pauv no tau siv rau hauv cov txheej txheem sib npaug ntawm cov txheej txheem encryption, cov zis tawm raug tsis lees paub nrog qhov tsis raug ciphertext. Muaj peev xwm tiv tauj tus neeg tuav ntaub ntawv hauv SGX los encrypt nws cov ntaub ntawv, tus neeg tawm tsam tuaj yeem ua rau tsis ua haujlwm, khaws cov txheeb cais txog kev hloov pauv ntawm cov ntawv tso zis ciphertext thiab, ob peb feeb, rov qab kho tus nqi ntawm tus yuam sij khaws cia hauv lub enclave. Tus thawj input ntawv nyeem thiab qhov tseeb tso zis ciphertext paub, tus yuam sij tsis hloov, thiab cov zis ntawm ib tug tsis yog ciphertext qhia tias ib co me ntsis tau distorted rau tus nqi opposite.

Tau txheeb xyuas cov khub ntawm qhov tseem ceeb ntawm qhov tseeb thiab tsis zoo ntawm cov ntawv ciphertexts tau sau tseg thaum muaj ntau yam ua tsis tiav, siv cov txheej txheem ntawm kev txheeb xyuas qhov tsis sib txawv (DFA, Differential Fault Analysis) Ua tau kwv yees Tej zaum cov yuam sij siv rau AES symmetric encryption, thiab tom qab ntawd, los ntawm kev txheeb xyuas cov kev sib tshuam ntawm cov yuam sij hauv ntau pawg, txiav txim siab tus yuam sij xav tau.

Ntau yam qauv ntawm Intel processors raug cuam tshuam los ntawm qhov teeb meem, suav nrog Intel Core CPUs nrog 6
10 tiam, nrog rau tiam thib tsib thiab thib rau ntawm Xeon E3, thawj thiab thib ob tiam ntawm Intel Xeon Scalable, Xeon D,
Xeon W and Xeon E.

Cia peb nco ntsoov koj tias SGX thev naus laus zis (Software Tus Saib Xyuas Txuas Ntxiv) tshwm sim nyob rau hauv lub thib rau tiam Intel Core processors (Skylake) thiab muaj ib tug series ntawm cov lus qhia uas tso cai rau cov neeg siv-theem daim ntawv thov los faib kaw qhov chaw nco - enclaves, cov ntsiab lus uas tsis tuaj yeem nyeem lossis hloov kho txawm tias cov ntsiav thiab cov lej khiav hauv ring0, SMM thiab VMM hom. Nws yog tsis yooj yim sua kom hloov kev tswj rau cov cai nyob rau hauv lub enclave siv tsoos dhia dej num thiab manipulations nrog rau cov npe thiab pawg; hloov mus rau kev tswj mus rau lub enclave, ib tug tshwj xeeb tsim tshiab qhia yog siv uas ua ib tug cai tswj. Nyob rau hauv cov ntaub ntawv no, cov cai muab tso rau hauv lub enclave yuav siv classical hu txoj kev mus rau lub zog nyob rau hauv lub enclave thiab cov lus qhia tshwj xeeb hu rau sab nraud functions. Enclave nco encryption yog siv los tiv thaiv kev tawm tsam kho vajtse xws li txuas rau DRAM module.

Tau qhov twg los: opennet.ru

Ntxiv ib saib