Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.
Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that’s considerably less demanding.
Targeting DVFS
The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature added to every modern CPU—allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what’s required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.
The researchers have dubbed their attack Hertzbleed because it uses the insights into DVFS to expose—or bleed out—data that’s expected to remain private. The vulnerability is tracked as CVE-2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs. The researchers have already shown how the exploit technique they developed can be used to extract an encryption key from a server running SIKE, a cryptographic algorithm used to establish a secret key between two parties over an otherwise insecure communications channel.
The researchers said they successfully reproduced their attack on Intel CPUs from the 8th to the 11th generation of the Core microarchitecture. They also claimed that the technique would work on Intel Xeon CPUs and verified that AMD Ryzen processors are vulnerable and enabled the same SIKE attack used against Intel chips. The researchers believe chips from other manufacturers may also be affected.
In a blog post explaining the finding, research team members wrote:
Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.
Hertzbleed takes advantage of our experiments showing that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed. This means that, on modern processors, the same program can run at a different CPU frequency (and therefore take a different wall time) when computing, for example,
2022 + 23823compared to2022 + 24436.Hertzbleed is a real, and practical, threat to the security of cryptographic software.
We have demonstrated how a clever attacker can use a novel chosen-ciphertext attack against SIKE to perform full key extraction via remote timing, despite SIKE being implemented as “constant time”.
Intel Senior Director of Security Communications and Incident Response Jerry Bryant, meanwhile, challenged the practicality of the technique. In a post, he wrote: “While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment. Also note that cryptographic implementations that are hardened against power side-channel attacks are not vulnerable to this issue.” Intel has also released guidance here for hardware and software makers.
Neither Intel nor AMD are issuing microcode updates to change the behavior of the chips. Instead, they’re endorsing changes Microsoft and Cloudflare made respectively to their PQCrypto-SIDH and CIRCL cryptographic code libraries. The researchers estimated that the mitigation adds a decapsulation performance overhead of 5 percent for CIRCL and 11 percent for PQCrypto-SIDH. The mitigations were proposed by a different team of researchers who independently discovered the same weakness.
AMD declined to comment ahead of the lifting of a coordinated disclosure embargo.
