Intel SGX is vulnerable to an uncorrectable flaw that can steal encryption keys and more

In the past 26 months, Intel and other processor manufacturers have been attacked by Specter, Meltdown, and a constant stream of tracking vulnerabilities that allow attackers to recover passwords, encryption keys, and passwords. 39 other sensitive data in the computer memory. On Tuesday, the researchers revealed a new flaw that steals information from Intels SGX, short for Software Guard eXtensions, which acts as a digital vault to secure users' most sensitive secrets.

On the surface, Line Value Injection, as the researchers named their proof of concept attacks, works similarly to previous vulnerabilities and does the same thing. All these so-called transitional execution faults come from speculative execution, an optimization in which the CPUs try to guess future instructions before being called. Meltdown and Specter were the first transient executive exploits to be made public. Attacks named ZombieLoad, RIDL, Fallout and Foreshadow quickly followed. Foreshadow also worked against Intels SGX.

Break the vault

By forcing a vulnerable system to execute JavaScript stored on a malicious site or code buried in a malicious application, attackers can exploit a lateral canal which ultimately reveals the contents of the cache belonging to other applications and should normally be banned. This latest vulnerability, which, like other transient execution faults, cannot be mitigated and left uncorrected, leaves room for exploits that completely upset a basic privacy guarantee from SGX.

LVI, or Load Value Injection for short, is particularly important because the exploit allows for a foray into the secrets stored in the SGX enclave, the name often used for intel Software Guard eXtensions. Applications that work with encryption keys, passwords, digital rights management technology, and other secret data often use SGX to run in a fortified container called the runtime environment. of confidence. LVI can also steal secrets from other regions of a vulnerable processor.

Released in 2015, SGX also creates isolated environments inside the memory called enclaves. SGX uses strong encryption and hardware isolation to ensure the confidentiality of data and code and prevent alteration. Intel designed SGX to protect applications and code even when the operating system, hypervisor, or BIOS firmware is compromised.

In the video below, the researchers who discovered LVI show how an exploit can steal a secret encryption key protected by the SGX.

(integrated) https://www.youtube.com/watch?v=goy8XRXFlh4 (/ integrated)

Intel has a list of affected processors here. Chips that have hardware patches for Meltdown are not vulnerable. Operation can also be hampered by certain defensive measures built into the hardware or software that protect null pointer dereference bugs. Some Linux distributions, for example, do not allow the mapping of a virtual address zero in user space. Another example of mitigation: the recent architectural features SMAP and SMEP x86 further prohibit user space data and code pointer dereferences in kernel mode, respectively. The SMAP and SMEP have also proven to be valid in the transient microarchitectural field, according to the researchers.

Processor poisoning

As its name suggests, LVI works by injecting the attacker's data into a running program and stealing sensitive data and the keys it uses at the time of the attack. Attack. Malicious data travels through hidden processor buffers in the program and bypasses the execution flow of an application or process. With this, attackers' code can acquire sensitive information. It is not possible to fix or mitigate the vulnerability inside silicon, leaving the only mitigation option for external developers to recompile the code used by their applications. The research team that designed the LVI exploit said that attenuations of the compiler had a huge impact on system performance.

Above all, LVI is much more difficult to mitigate than previous attacks, as it can affect virtually any memory access, the researchers wrote in a overview of their research. Unlike all previous Meltdown attacks, LVI cannot be transparently mitigated in existing processors and requires expensive software fixes, which can slow the calculation of the Intel SGX 2 enclaves up to 19 times.

LVI reverses the operating process of Meltdown. While Meltdown relies on an attacker who probes memory shifts to infer the content of in-flight data, LVI reverses the flow by injecting data that poisons the hidden processor buffer (especially the line fill buffer) ) with attacker values. From there, the attacker can hijack a process and gain access to the data it is using.

LVI-based attacks are not likely to be used against mainstream machines, since attacks are extremely difficult to execute and there are generally much easier ways to obtain confidential information at home and in small businesses. The most likely attack scenario is a cloud computing environment that allocates two or more clients to the same processor. While hypervisors and other protections normally wrap data belonging to different clients, LVI could theoretically wrest all data or code stored in SGX environments, as well as other regions of a vulnerable CPU.

In a statement, Intel officials wrote:

Researchers have identified a new mechanism called charge value injection (LVI). Due to the many complex requirements that must be met to be successful, Intel does not believe that LVI is a practical method in real environments where the operating system and VMM are reliable. New mitigation tips and tools for LVI are available now and work in conjunction with previously released mitigations to significantly reduce the overall attack surface. We thank the researchers who have worked with us and our industry partners for their contributions to the coordinated disclosure of this problem.

To mitigate the potential exploits of Load Value Injection (LVI) on platforms and applications using Intel SGX, Intel is releasing updates to the SGX platform software and SDK from today. hui. The Intel SGX SDK includes tips on how to mitigate LVI for developers of Intel SGX applications. Intel has also worked with our industry partners to make available the application compiler options and will perform SGX TCB recovery.

The chip maker released this deep dive.

LVI works primarily against Intel processors, but it also affects other chips that are vulnerable to fusion. Non-Intel processors that have been shown to be vulnerable to Meltdown include those based on the ARM design. It is not currently known which specific MRA chips are affected.

The team that identified LVI vulnerabilities for the first time included researchers from imec-DistriNet, KU Leuven, Worcester Polytechnic Institute, Graz University of Technology, University of Michigan, University of Adelaide and Data61. Researchers at Romanian security firm Bitdefender discovered the vulnerability after the previous team previously reported it to Intel. The first team published information here. Bitdefender has details here, here, and here. The proof of concept code is here and here.

Some restrictions apply

The difficulty in carrying out LVI attacks is not the only limitation. The data that attacks can acquire is also limited to that stored at the time of execution of the malicious code. This makes exploits a game of luck or even adds to the stringent operating requirements. For these reasons, many researchers say that uncertain exploits will never be used in active malicious attacks.

Not all researchers share this assessment. Bogdan Botezatu, senior electronic threats analyst at Bitdefender, said the growing body of research showing how to exploit speculative execution could pave the way for real-world attackers, especially those in nation states targeting specific people. .

There are more people involved in this kind of research who are good guys, Botezatu told me. It is likely that the bad guys are also actively studying the processor problem. Which makes me think that at some point, with a sufficiently thorough examination, it will not be only an academic subject. It will become a viable tool to be exploited in nature.