Observing the frequencies of a processor makes it possible to exfiltrate secret keys

Researchers have found a new spy technique that affects all Intel processors, as well as AMD processors. However, no patch is planned to counter this attack.

In computers, data leakage sometimes takes very curious forms. University researchers have found a technique called “Hertzbleed” which makes it possible to extract information processed by a processor simply by observing its frequency variations. And they demonstrated this flaw by obtaining the secret key of a cryptographic calculation based on the SIKE algorithm, one of the candidates for future post-quantum asymmetric cryptography.

To fully understand what is happening, you must already know that the power consumption of a processor depends on the data it processes. Based on this observation, researchers succeeded, as early as 1998, in extracting cryptographic keys from an analysis of the electrical consumption of a computer.

Automatic frequency adjustment

The Hertzbleed attack is, in a way, a variant of this technique. Indeed, modern x86 processors all have a dynamic frequency adjustment function based on energy consumption. If the processor reaches a certain consumption threshold, it will automatically, after a certain time, lower its frequency so as not to risk a thermal accident (melting of the component for example). However, as the processed data can be linked to electrical consumption, by transitivity, it is therefore possible to also link them to frequencies. In other words, this adjustment function, if it is correctly exploited, makes it possible to extract information from the processing operations of the processor.

This is all the more interesting since it is much easier to observe the frequency of execution of a process than the energy it consumes. For consumption, one can use physical probes – which greatly limits the scope of the attack – or query system APIs – which requires specific access rights. Conversely, Hertzbleed does not require any special privileges on the targeted machine and can even be done remotely. “The reason is that differences in CPU frequencies translate directly into differences in execution times”explain the researchers in their scientific report.

Intel minimizes this discovery

Researchers have verified this leak of sensitive data on 8th to 11th generation Intel processors, as well as AMD Ryzen Zen 2 and Zen 3 processors. Intel has confirmed that this issue affects all of its processors . However, the firm minimizes the risk of the Hertzbleed attack. “It’s interesting from a research perspective, but we don’t believe this attack can be performed outside of a lab environment.”estimates Intel in a blog post. Moreover, no patch is planned to counter this attack. Intel has simply posted some best practices for developers who use cryptographic libraries in order to limit the level of vulnerability as much as possible.

Source :

Hertzbleed.com

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.