x86 CPU, dangerous! A new security study shows that under an attack called Hertzbleed, hackers can steal encryption keys directly from remote servers . Neither Intel nor AMD CPUs are immune.
The scope of influence is probably like this.
Intel: All products
AMD
The research came from research institutions such as the University of Texas at Austin and the University of Illinois at Urbana-Champaign, and the relevant papers aroused heated discussions as soon as they were published.
Attacks on DVFS
In cryptography, power analysis is a well-established side-channel attack method . For example, by measuring the power that the chip consumes while processing the data, a hacker can extract the encrypted data.
Fortunately, power analysis cannot be implemented remotely, and the means of attack are limited. But in Hertzbleed, researchers found that using Dynamic Voltage Frequency Scaling (DVFS), a power side-channel attack can be turned into a long-range attack ! DVFS is an important function that major manufacturers currently use to reduce CPU power consumption.
Specifically, the researchers found in their experiments that, in some cases, the dynamic frequency scaling of x86 processors depends on the data being processed, with a granularity of milliseconds. That is to say, the CPU frequency change caused by DVFS can be directly linked to data processing power consumption.
Since the difference in CPU frequency can be translated into a difference in the actual occurrence time, by monitoring the response time of the server, an attacker can observe this change remotely.
In the paper, researchers at the institute tested Hertzbleed on servers running SIKE, an encryption algorithm.
The results showed that in the unoptimized version of the attack, they completely extracted all keys in Cloudflare's encryption library CIRCL and Microsoft's PQCrypto-SIDH within 36 hours and 89 hours, respectively.
Intel & AMD: No more patches
The researchers said they disclosed the study to Intel, Cloudflare and Microsoft in the third quarter of 2021 . In the first quarter of this year, they also communicated with AMD. However, neither Intel nor AMD plan to issue a patch for this .
Jerry Bryant, senior director of secure communications and incident response at Intel, said: "While this is an interesting problem from a research perspective, we don't think this attack is feasible outside of a lab environment. Intel rates the vulnerability as moderately critical.
0 Comments